Cookiebot and the IAB Consent Framework

To support publishers, technology vendors and advertisers in meeting the transparency and user consent requirements of the GDPR and ePrivacy Directive, IAB Europe (Interactive Advertising Bureau) has created the GDPR Transparency and Consent Framework.

As the framework is widely supported by the online advertising industry and an integration between Cookiebot and the IAB framework was requested by several Cookiebot users and resellers, Cookiebot is registered with IAB as a consent management provider (CMP) and has adopted the framework as an optional supplement to the core consent framework already included in the Cookiebot solution.


IAB’s consent model is fundamentally different from Cookiebot’s core consent model. In general, IAB’s model puts control in the hands of advertisers and vendors by signaling the user’s consent to advertising vendors, whereas Cookiebot can block non-consented vendors and thereby gives control to the publisher, who is liable for all tracking performed by third parties on the publisher’s website. Nevertheless, the two consent models can co-exist on a single website.

When using the Cookiebot integration with IAB, an extra panel with the title “Ad Settings” will be available to the end user on the cookie banner’s details-layer:

From this panel, the user can choose between IAB purporses and vendors before submitting a consent. The resulting IAB ‘Consent String’ is stored in the existing “CookieConsent” cookie on the user’s device. The same consent string is included when you download the consent log from the Cookiebot manager.   The pre-ticked state of all purposes and vendors on the Ad Settings panel follows the pre-ticked state of the overall “Marketing”-category, as configured in Cookiebot. If the user clicks the overall “Marketing” checkbox in the banner, all purporses and vendors will change state to match the overall “Marketing”-choice. The user may change selection for any specific IAB purpose and vendor at any time.   Please note that the consent settings on the panel only applies to IAB-registered vendors. If you are using other vendors on your website, e.g. for ads, widgets, videos, analytics and the like, you need to implement prior consent on these tags as described in our implementation guide.  

To ensure that vendors honor the user’s consent, Cookiebot’s scanner monitors all cookies and similar trackers used on the website. If an IAB-vendor does not honor the user’s consent, cookies set by the vendor will be marked up in the scan report with “Prior consent enabled: No”.


Enabling the IAB framework with Cookiebot is straight forward: Just add the attribute “data-framework” to your existing Cookiebot tag with the value “IAB”, e.g.:

<script id="CookieConsent" src="" data-cbid="00000000-0000-0000-0000-000000000000" data-framework="IAB" type="text/javascript" async></script>

f you are using Cookiebot with a tag manager, e.g. Google Tag Manager (GTM), which automatically strips all attributes but “src” from the script tag, you can enable the IAB framework by including the URL query “framework=IAB” in the tag src-attribute, e.g. “”

From there Cookiebot will automatically signal consent to any vendor using the IAB framework on your website.

IAB suggest that you replace the default cookie-banner introduction with the following:

We use cookies and process personal data, such as your IP address and pseudonymous identifiers, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners (see vendor list under “Details” > “Ad Settings”) who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies and processing of personal data if you continue to use our website.”  

The IAB Framework currently supports 24 languages: BG, CS, DA, DE, EL, ES, ET, FI, FR, GA, HR, HU, IT, LT, LV, MT, NL, PL, PT, RO, SK, SL and SV

Please note that Cookiebot as an IAB registered CMP is under the obligation to work only with publishers that are in full compliance with the IAB Framework policies. By activating the IAB framework in Cookiebot as described above, you confirm to comply with these policies.

For IAB Vendors

To read the individual user’s current consent state on a website, ping the following command every 500ms until result.cmpLoaded equals true (when consent has been loaded or submitted) in the callback:

window.__cmp('ping', null, function(result) { console.log(result) });

To retrieve the BASE64-encoded consent string after that, execute the following command and read the value of result.consentData in the callback:

window.__cmp('getConsentData', null, function(result) { console.log(result) });
Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?