Compliance Audit Cookies & Consent Ad Tech Signals (TCF/GPP) Kids & Age Policies Policy Templates

Resources Services

Book a Call

Compliance Audit Cookies & Consent Ad Tech Signals (TCF/GPP) Kids & Age Policies Policy Templates Resources Services Book a Call

Home / Ad-Tech Signals / Consent Signal Checklist

Consent Signal Checklist

A step-by-step implementation checklist for consent signal propagation.

Ad-Tech Signals

IAB TCF Overview IAB GPP Overview Consent Signal Checklist

Need guidance?

Talk to a compliance specialist about your specific setup.

Step 1 — Identify Your Ad Tech Partners

List every ad tech vendor in your stack: ad server, SSP, DSP, measurement, data platform
For each vendor, confirm: which consent signals do they require? (TCF, GPP, or proprietary)
Check if vendors are on the IAB GVL (Global Vendor List) — required for TCF integration
Identify which markets you serve and which privacy laws apply

Step 2 — Select and Implement a CMP

Choose a CMP registered on the IAB's CMP list (required for TCF compliance)
Confirm the CMP supports GPP if you serve multi-market audiences
Configure consent categories to match your tag inventory
Configure vendor list to include all ad tech partners that require TCF purposes
Review and finalise consent banner copy and UX (see consent UX patterns)
Set default state: non-essential vendors blocked before consent

Step 3 — Block Tags Until Consent

Configure tag manager (GTM or equivalent) to block non-essential tags before CMP fires
Verify no personalised ad requests fire before a TCF/GPP signal is available
Test in browser with network tab: confirm blocked tags are not loading on first page visit
Test with consent declined: confirm ad requests include rejection signals

Step 4 — Pass Consent Strings Downstream

Web ad requests: confirm TCF string is passed via gdpr_consent parameter (or GPP equivalent)
Server-side auction: confirm consent string is included in bid requests to SSPs
CTV ad requests: confirm GPP string (or TCF string if applicable) is passed in VAST URL parameters
Confirm each SSP confirms receipt and respects the signals (request documentation from partners)

Step 5 — Test Across Environments

Web (desktop Chrome, Safari)
Web (mobile Chrome, Safari on iOS)
CTV (if applicable) — test consent signal presence in ad request URLs
Test: consent accepted → personalised ads deliver
Test: consent declined → only contextual ads deliver (or no ads if no contextual fill)
Test: consent withdrawn → subsequent ad requests reflect withdrawal

Step 6 — Monitor and Maintain

Set up monitoring for consent acceptance rate by market (declining rates may indicate UX issues)
Review GVL updates: vendors are added and updated; your CMP config needs periodic review
Subscribe to IAB Europe and IAB Tech Lab update channels for framework changes
Review when new US state privacy laws come into force — update GPP sections accordingly
Annual review of your full tag inventory to catch new tags added without consent configuration

This checklist is a practical framework, not legal advice. Consent signal requirements depend on your specific ad tech stack, markets, and legal basis claims.

Need to audit your existing consent signal implementation?

Book a call and we will review your CMP setup, tag blocking, and signal propagation end-to-end.

Book a consent signals review

IAB GPP Overview

Practical OTT compliance: cookie consent, GDPR, ad-tech signals, kids policy, and audit checklists.

Operated by Video Streaming LTD. Informational, not legal advice.

Topics

Compliance Audit
Cookies & Consent
Ad Tech Signals
Kids & Age Policies
Policy Templates

Resources

Resources
Research
Services
About
Book a Call

Legal

Privacy Policy
Cookie Policy
Terms
Disclaimer

© 2026 OTTCompliance. Operated by Video Streaming LTD.

This site provides informational content only. It is not legal advice.

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. Cookie policy