1. Compliance-and-Standards
  • Getting-Started
    • CYBEXO Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • CYBEXO CMP SDK – Web & GTM Setup
    • Integrate CYBEXO CMP with Webflow and Wix
    • Integrate CYBEXO CMP with WordPress
    • Integrate CYBEXO CMP with Drupal
    • Integrate CYBEXO CMP with Shopify
  • Mobile-SDKs
    • CYBEXO CMP SDK - iOS Setup
    • iOS SDK API Reference
    • CYBEXO CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • CYBEXO Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • CYBEXO CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Compliance-and-Standards

IAB TCF v2.3 Support

Last updated: February 18, 2026
CYBEXO CMP supports IAB Transparency and Consent Framework (TCF) v2.3, including handling for the Disclosed Vendors segment.

1. Scope#

This page documents implementation behavior and verification checkpoints for TCF v2.3 integrations.

2. Explicit Support Statement#

CYBEXO CMP supports:
IAB TCF v2.3
Disclosed Vendors segment handling
Special Purpose 3 handling in accordance with TCF v2.3 requirements.
Consent-first baseline for Purposes 3 to 6

3. TC String Lifecycle#

1.
CMP initializes policy and vendor metadata.
2.
User receives default and then interactive consent UI.
3.
User choice updates the TC string.
4.
TC string is retrievable through TCF API integration points.
5.
Subsequent consent changes generate updated strings.

4. Verification Commands#

Run in browser console:
Expected result: function.
Expected result: function.
Expected result: ok: true with CMP status fields.
Expected result: ok: true. tcString should be present once CMP is initialized and may update after user interaction.
Optional (listen for changes):

5. Common Audit Failures#

__tcfapi unavailable due to script ordering or blocked loader.
TC string missing because consent flow did not complete.
Duplicate CMP scripts causing state conflicts.
CSP blocking required loader/API domains.

6. Troubleshooting#

1.
Confirm CMP script appears exactly once in document head.
2.
Confirm __tcfapiLocator frame exists (commonly used by TCF integrations).
3.
Validate consent UI renders and stores a decision.
4.
Re-run TCF checks using private browser session.
5.
Capture debug output before opening support tickets.
See TCF API Validation and Troubleshooting Playbook.
Previous
Compliance Overview
Next
Google Consent Mode v2 Validation