VAST macros / Identity and privacy

[GDPRCONSENT] VAST macro

Short answer: The IAB TCF consent string (base64url) for the request. Introduced in VAST 4.1.

What it means

Carries the IAB Transparency and Consent Framework consent string. Receivers decode it to determine which vendors and purposes the user has consented to.

Example value

After the player substitutes the macro, [GDPRCONSENT] becomes something like:

CPcqX...base64url...AAAA

CPcqX...base64url...AAAA

Where it is valid

Impression, tracking, click, and verification URLs.

Macros are case-sensitive and substituted only inside URL fields. A macro written in the wrong case, or placed where it has no defined value, is sent to the server as literal text instead of a value.

Using it in a tag

<Impression><![CDATA[https://t.example.com/i?val=[GDPRCONSENT]&cb=[CACHEBUSTING]]]></Impression>

<Impression><![CDATA[https://t.example.com/i?val=[GDPRCONSENT]&cb=[CACHEBUSTING]]]></Impression>

VAST XML fragment only. This excerpt belongs inside a complete VAST document, so standalone validation will fail until it is wrapped in a full <VAST>response.

Related vastlint rules

VAST-2.0-macro-unknown: URL contains a [MACRO] that is not a recognised IAB VAST macro
VAST-2.0-macro-lowercase: Recognised macro is not uppercase — players match macro names case-sensitively

Related macros

Validate your macros

vastlint flags unknown, mis-cased, deprecated, out-of-context, and unencoded macros in any tracking, click, error, impression, or media URL:

# CLI: exits non-zero on errors, ideal for pipelines
vastlint check creative.xml

# CLI: exits non-zero on errors, ideal for pipelines
vastlint check creative.xml

Use the right tool for this failure

If you already have the resolved XML, run a pure spec check. If you only have a live tag URL, test that endpoint first. If the failure happens in the wrapper chain, inspect each hop.

Validate this XML →Test this live URL →Inspect this wrapper chain →