Consent Manager (IAB TCF 2.2)

Consent Manager (IAB TCF 2.2) 2026-03-24

No permission to download
Overview Updates (7) Reviews (1) History Discussion
Thank you for your quick reply and detailed explanation. Unfortunately, I can't confirm this yet.

Steps to reproduce:
  • Browser Edge, Windows 11
  • Settings, Clear browsing data, Time range: All time, Clear now.
  • Close and restart the browser.
  • Visit the URL; the cookie banner appears at the bottom of the website.
  • Select Customize.
  • Option Store and/or access information on a device so it is activated (required/default).
  • Set Select basic ads to on.
  • Save selection; the cookie banner closes.
  • Click on What's new or click on some threads.
  • Scroll down to Cookie Settings, Change Cookie Settings, Privacy Dialog -> Select basic ads is not active.
I experience the same behavior when using Microsoft Edge's Incognito mode.

XF Version 2.3.10, DEB Consent Manager 1.0.2 Patch 4.

Is it possible that there might be a problem with Cloudflare? I've also disabled all other XenForo add-ons. Cloudflare is the only thing I can think of in this context.

Thank you.
 
Thanks for the detailed steps to reproduce! I was able to track down the issue. The problem was that when reopening the consent dialog via "Change Cookie Settings", the toggles always started in the OFF position - even though your selection (e.g. Purpose 1 + 2) was correctly saved in the cookie. The toggles simply didn't read back the saved state.

I've fixed this in Patch 5. Please download the latest version and install it with "Overwrite all files" enabled. After that, clear your cache once.

Regarding Cloudflare: that shouldn't be causing the issue, but if you have HTML or JS caching enabled there, I'd recommend purging the Cloudflare cache after updating to make sure the new JavaScript file gets served.
 
The steps mentioned (clearing the browser cache, clearing the Cloudflare cache, reinstalling Patch Level 5 including overwriting the files) unfortunately did not change the behavior. This also applies in incognito mode.
 
DEBTech updated Consent Manager (IAB TCF 2.2) with a new update entry:

1.0.2 Patch 6

Bug Fixes:
- Fixed consent toggle states not restored when reopening the consent dialog (e.g. "Select basic ads"
showing OFF even though it was saved as ON)
- Fixed public JavaScript file (js/addons/) not being updated during build - only the source copy
(src/addons/) was updated, causing the live server to serve the old version

Deleted cookie → Banner appears ✅
Clicked "Customize" → Layer 2 opens ✅
Enabled Purpose 2 "Select basic ads" → Toggle ON ✅
Clicked "Save Selection" → Banner...
Click to expand...

Read the rest of this update entry...
 
Information taken from vendor list seems missing

Code: 
"755": {"id": 755, "name": "Google Advertising Products", "purposes": [1, 3, 4], "legIntPurposes": [2, 7, 9, 10], "flexiblePurposes": [2, 7, 9, 10], "specialPurposes": [1, 2, 3], "features": [1, 2], "specialFeatures": [], "cookieMaxAgeSeconds": 34190000, "usesCookies": true, "cookieRefresh": false, "urls": [{"langId": "en", "privacy": "https://business.safety.google/privacy/", "legIntClaim": "https://policies.google.com/privacy#europeanrequirements"}, {"langId": "bg", "privacy": "https://business.safety.google/intl/bg/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=bg#europeanrequirements"}, {"langId": "cs", "privacy": "https://business.safety.google/intl/cs/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=cs#europeanrequirements"}, {"langId": "da", "privacy": "https://business.safety.google/intl/da/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=da#europeanrequirements"}, {"langId": "de", "privacy": "https://business.safety.google/intl/de/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=de#europeanrequirements"}, {"langId": "el", "privacy": "https://business.safety.google/intl/el/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=el#europeanrequirements"}, {"langId": "es", "privacy": "https://business.safety.google/intl/es/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=es#europeanrequirements"}, {"langId": "et", "privacy": "https://business.safety.google/intl/et/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=et#europeanrequirements"}, {"langId": "fi", "privacy": "https://business.safety.google/intl/fi/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=fi#europeanrequirements"}, {"langId": "fr", "privacy": "https://business.safety.google/intl/fr/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=fr#europeanrequirements"}, {"langId": "hr", "privacy": "https://business.safety.google/intl/hr/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=hr#europeanrequirements"}, {"langId": "hu", "privacy": "https://business.safety.google/intl/hu/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=hu#europeanrequirements"}, {"langId": "it", "privacy": "https://business.safety.google/intl/it/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=it#europeanrequirements"}, {"langId": "lt", "privacy": "https://business.safety.google/intl/lt/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=lt#europeanrequirements"}, {"langId": "lv", "privacy": "https://business.safety.google/intl/lv/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=lv#europeanrequirements"}, {"langId": "nl", "privacy": "https://business.safety.google/intl/nl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=nl#europeanrequirements"}, {"langId": "no", "privacy": "https://business.safety.google/intl/no/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=no#europeanrequirements"}, {"langId": "pl", "privacy": "https://business.safety.google/intl/pl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=pl#europeanrequirements"}, {"langId": "pt", "privacy": "https://business.safety.google/intl/pt-PT/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=pt-PT#europeanrequirements"}, {"langId": "ro", "privacy": "https://business.safety.google/intl/ro/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=ro#europeanrequirements"}, {"langId": "sk", "privacy": "https://business.safety.google/intl/sk/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sk#europeanrequirements"}, {"langId": "sl", "privacy": "https://business.safety.google/intl/sl/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sl#europeanrequirements"}, {"langId": "sv", "privacy": "https://business.safety.google/intl/sv/privacy/", "legIntClaim": "https://policies.google.com/privacy?hl=sv#europeanrequirements"}], "usesNonCookieAccess": true, "dataRetention": {"stdRetention": 548, "purposes": {"3": 180, "4": 180}, "specialPurposes": {"1": 1096}}, "dataDeclaration": [1, 2, 3, 5, 6, 7, 8, 10, 11], "deviceStorageDisclosureUrl": "https://www.gstatic.com/iabtcf/deviceStorageDisclosure.json"},

ID 430
IAB Vendor ID 755
Name Google Advertising Products
Consent purposes -
Code: 
Vendor Name
Google Advertising Products

IAB Vendor ID
755
The vendor ID from the IAB Global Vendor List. Set to 0 for custom vendors.

Vendor URL
en
The vendor website URL.

Privacy Policy URL
https://business.safety.google/privacy/
Link to the vendor privacy policy.

Consent Purposes
Purposes for which this vendor requires consent.

Legitimate Interest Purposes
Purposes for which this vendor claims legitimate interest.

Special Features
Special features used by this vendor.
 
The selection now appears to be saved correctly. Unfortunately I don't have time for further testing today, but I will definitely continue to pursue this topic. Thank you!
 
You're right, thanks for catching that! The GVL import had a bug where the vendor URL was incorrectly parsed (it stored the language ID "en" instead of the actual URL). The consent purposes, legitimate interest purposes and special features are all stored in the database but the vendor URL wasn't extracted correctly.

I've fixed the URL extraction in Patch 6. To get the correct data for your existing vendors, please re-import the GVL after updating:

1. Install Patch 6 with "Overwrite all files"
2 Go to Consent Manager > Vendors > Import GVL
3 Run the import again - it will update all existing vendors with the correct URLs

The legitimate interest purposes and special features fields are visible when you edit an individual vendor.
 
One more (final?:)) question for today: Does the DEB Consent Manager also work purely for obtaining consent for Google Analytics (GA4)? If so, is it sufficient to include GA4 code snippets before the final </HEAD> tag in the PAGE_CONTAINER template? What specific consent(s) does the user then have to give?
 
Yes, the Consent Manager works perfectly fine just for GA4 - you don't need AdSense or any ads for it.

Just place your GA4 code in the PAGE_CONTAINER before </head> as you normally would. The Consent Manager handles the rest automatically: it sets Google Consent Mode v2 to "denied" on page load and switches to "granted" as soon as the visitor accepts. GA4 picks up these signals on its own.

For pure GA4, Purpose 1 (Store/access information) and Purpose 8 (Measure content performance) are the relevant ones. Purpose 1 is always active by default, so the visitor basically just needs to accept.

Quick tip: If you're only using GA4 without any ads, you can disable the ad-related purposes (2, 3, 4) in the settings. That way visitors only see what's actually relevant to them.
 
DEBTech said:
You're right, thanks for catching that! The GVL import had a bug where the vendor URL was incorrectly parsed (it stored the language ID "en" instead of the actual URL). The consent purposes, legitimate interest purposes and special features are all stored in the database but the vendor URL wasn't extracted correctly.

I've fixed the URL extraction in Patch 6. To get the correct data for your existing vendors, please re-import the GVL after updating:

1. Install Patch 6 with "Overwrite all files"
2 Go to Consent Manager > Vendors > Import GVL
3 Run the import again - it will update all existing vendors with the correct URLs

The legitimate interest purposes and special features fields are visible when you edit an individual vendor.
Click to expand...
That worked.

For Google not all purposes are added?
Google Advertising Products (IAB #755)1 , 3 , 4

The privacy url is filled in for both the Vendor URL and Privacy Policy URL, with all vendors. Maybe preferred?


When i edit a vendor these are not filled in
  • Consent Purposes
  • Legitimate Interest Purposes
  • Special Features
 
You must log in or register to reply here.
Back
Top Bottom