GPP String Decoder

Decode an IAB GPP consent string in your browser — header, gpp_sid, and every embedded section, expanded into readable fields. The string stays on your device.

The GPP String Decoder runs entirely in your browser. The consent string you paste — and everything it decodes to — stays on your device and is never sent to a CMP, ad server, or ArrayKit.

Open the TCF Consent String Decoder

About GPP String Decoder

The GPP String Decoder unpacks an IAB Global Privacy Platform consent string into something you can actually read. Paste the encoded value from a CMP, an OpenRTB bid request's regs.gpp field, or a stored cookie, and the tool decodes the header — the GPP version and the gpp_sid list — plus every embedded section, from TCF Europe v2 to US Privacy (uspv1) and US state signals such as usnat and usca. Each section is expanded into named fields like CmpId, purpose consents, sale opt-outs, and MSPA flags. It is built for ad-ops engineers, privacy teams, and QA who debug consent plumbing across programmatic supply. The whole decode runs on your device — the GPP string you paste is never sent to a CMP, ad server, or any endpoint.

Features

How to use the GPP String Decoder

  1. Copy a GPP string from your CMP, an OpenRTB regs.gpp field, or a stored __gpp value
  2. Paste it into the input box, or click Sample to load an example string
  3. Read the decoded header and each section's fields, or switch to the JSON view
  4. Copy the full decode or one section to attach to a bug report or ticket

Example

Input

DBABTC~1YNN

Output

header: { version: 1, gpp_sid: [6] }
uspv1:  { Version: 1, Notice: "Y", OptOutSale: "N", LspaCovered: "N" }

A US Privacy (uspv1) string: notice given, no sale opt-out, not LSPA-covered.

Common errors & troubleshooting

Frequently asked questions

What is an IAB GPP string?
The Global Privacy Platform (GPP) string is a single encoded value that packs multiple privacy signals — TCF Europe, US Privacy, and US state sections — behind one header. The header's gpp_sid list names which sections are inside.
What is gpp_sid in a GPP string?
gpp_sid is the array of section ids in the GPP header. Each id maps to a section — 2 is TCF EU v2, 6 is US Privacy, 7 is usnat, 8 is usca — telling a decoder which blocks follow the header.
Which GPP sections can this decoder read?
It decodes the header plus TCF Europe v2, TCF Canada v1, US Privacy (uspv1), the US national section (usnat), and the US state sections such as usca, usva, usco and the rest, expanding each into named fields.
Can I paste a bare TCF or legacy US Privacy string here?
This tool expects a full GPP string with a header. A standalone TCF string that starts with 'C', or a legacy US Privacy value, should go to the dedicated TCF or US Privacy decoders instead.
Does decoding a GPP string tell me whether a vendor is allowed?
No. The decoder shows what the string encodes — opt-outs, purpose consents, MSPA flags — but it does not judge whether a specific vendor may process data; that depends on your policy and each section's rules.
Where do I find a GPP string to decode?
Look in a CMP's stored value, the regs.gpp field of an OpenRTB bid request, the __gpp cookie or localStorage entry, or the gppString returned by the CMP API's getGPPData call.

Related tools

All ArrayKit tools