NexaGuard
  1. Compliance-and-Standards
NexaGuard
  • Getting-Started
    • NexaGuard Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • NexaGuard CMP SDK – Web & GTM Setup
    • Integrate NexaGuard CMP with Webflow and Wix
    • Integrate NexaGuard CMP with WordPress
    • Integrate NexaGuard CMP with Drupal
    • Integrate NexaGuard CMP with Shopify
  • Mobile-SDKs
    • NexaGuard CMP SDK - iOS Setup
    • iOS SDK API Reference
    • NexaGuard CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • NexaGuard Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • NexaGuard CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Compliance-and-Standards

IAB TCF v2.3 Support

Last updated: February 21, 2026
NexaGuard CMP supports IAB Transparency and Consent Framework (TCF) v2.3, including handling for the Disclosed Vendors segment.

1. Scope#

This page documents implementation behavior and verification checkpoints for TCF v2.3 integrations.

2. Explicit Support Statement#

NexaGuard CMP supports:
IAB TCF v2.3
Disclosed Vendors segment handling (segment type 1)
Allowed Vendors segment handling (segment type 2)
Special Purpose 3 handling in accordance with TCF v2.3 requirements.
Consent-first baseline for Purposes 3 to 6

3. TC String Lifecycle#

1.
CMP initializes policy and vendor metadata.
2.
User receives default and then interactive consent UI.
3.
User choice updates the TC string.
4.
TC string is retrievable through TCF API integration points.
5.
Subsequent consent changes generate updated strings.

4. Verification Commands#

Run in browser console:
Expected result: function.
Expected result: function.
Expected result: ok: true with CMP status fields.
Expected result: ok: true. tcString should be present once CMP is initialized and may update after user interaction.
Optional (listen for changes):

5. Mobile SDK Verification (iOS / Android)#

Decode generated TC strings and verify:
VendorsDisclosedSegmentType = 1
VendorsAllowedSegmentType = 2
Accept All: VendorsDisclosed and VendorsAllowed contain configured vendor IDs
Reject All: consent vectors are empty/false, but disclosed/allowed segments remain present per configuration

6. Common Audit Failures#

__tcfapi unavailable due to script ordering or blocked loader.
TC string missing because consent flow did not complete.
Duplicate CMP scripts causing state conflicts.
CSP blocking required loader/API domains.

7. Troubleshooting#

1.
Confirm CMP script appears exactly once in document head.
2.
Confirm __tcfapiLocator frame exists (commonly used by TCF integrations).
3.
Validate consent UI renders and stores a decision.
4.
Re-run TCF checks using private browser session.
5.
Capture debug output before opening support tickets.
See TCF API Validation and Troubleshooting Playbook.
Previous
Compliance Overview
Next
Google Consent Mode v2 Validation