VAST ToolsHeader BiddingAds.txtPrivacy / TCFGuidesReferenceClassic Tools
Runs locally in your browser; pasted data and files are not uploaded.
Tool

US Privacy String Decoder

Decode IAB US Privacy strings into readable notice, opt-out, and LSPA flags for CCPA and US state privacy debugging.

Decode a US Privacy string into readable notice and opt-out flags in one pass.

Quick guideFAQ

What you can do here

  • Decode a privacy cookie from a support ticket.
  • Review opt-out behavior during partner QA.
  • Sanity-check a CCPA implementation before launch.

Before you start

  • Paste a four-character US Privacy string.
Data handling: This tool runs locally in your browser. Data you paste or files you upload stay on your device and are not uploaded.
More Info

About US Privacy String Decoder

The US Privacy String Decoder turns compact CCPA-style privacy strings into human-readable notice, opt-out, and LSPA signals for QA and troubleshooting.

Use it when support tickets, CMP logs, or privacy cookies only give you a four-character US Privacy string.

Best uses for US Privacy String Decoder

  • Decode a privacy cookie from a support ticket.
  • Review opt-out behavior during partner QA.
  • Sanity-check a CCPA implementation before launch.

How to use US Privacy String Decoder

  1. Paste a US Privacy string.
  2. Review the decoded notice, opt-out, and LSPA flags.
  3. Use the warnings to spot malformed values quickly.

What to paste in

  • Paste a four-character US Privacy string.

What you should see

  • Readable notice, opt-out, and LSPA interpretations.

Example checks

These are simple checks you can run when you want a real sample and a clear result to compare against.

Paste a four-character US Privacy string.

Why run it: Decode a privacy cookie from a support ticket.

What to look for: Readable notice, opt-out, and LSPA interpretations.

Reading US Privacy Strings Without Guesswork

Why short privacy strings still need decoding

A US Privacy string is compact by design, which makes it efficient for systems and annoying for humans. Support tickets, cookie audits, and partner QA often surface only the four-character value, leaving teams to remember what each flag means under pressure.

A decoder is useful because the operational job is simple: turn the short string into readable notice, opt-out, and LSPA meanings quickly. That is enough to frame the next privacy question without overcomplicating the workflow.

This is also a realistic long-tail target. Teams searching for help with a US Privacy string usually have a live debugging task, not a theoretical compliance question.

How the decoder fits into privacy workflows

The decoder works best as one layer in a larger privacy flow. First confirm which cookie or signal is present. Then decode the short value into readable flags. After that, compare the result with the CMP state, region test, or partner behavior under review.

That sequence matters because a valid-looking string can still represent the wrong state for the test case. The decoder does not decide whether the site is compliant. It helps the team understand what the signal is saying before deeper review begins.

This is particularly useful during support and QA, where speed matters more than exhaustive legal interpretation.

Why this helps cluster quality

Privacy sections get weaker when every workflow is forced through TCF alone. US Privacy signals deserve a dedicated entry point because they represent a different debugging job and a different set of tickets.

Adding that tool makes the privacy cluster feel more complete and more aligned with real consent debugging work across regions.

That makes the site stronger for both users and search. It is a clearer answer to a narrower problem than a generic privacy article could provide.

Troubleshooting

What to look for

  • Readable notice, opt-out, and LSPA interpretations.

Common issues

  • This tool does not decode full GPP containers.
  • A valid string still needs to be compared with actual user state and CMP behavior.

Best practices

  • Paste raw input so the tool can apply formatting consistently.
  • If output looks wrong, validate the input for missing commas or tags.
  • Use the example buttons above to sanity-check formatting and behavior.

Related tools

More tools in the privacy / tcf category.

  • TCF String Decoder - Decode IAB TCF v2 consent strings into human-readable metadata, purposes, and vendor consent arrays. Paste a TC string from a CMP or euconsent-v2 cookie, and instantly see what it contains for QA, troubleshooting, and compliance checks. Everything runs client-side for privacy.
  • Cookie Inspector - Parse and analyze Set-Cookie headers or page cookie dumps to surface security, scope, and privacy issues with remediation guidance. Useful for privacy, security, and ad ops teams to quickly understand cookie risks and fixes.
  • Cookie Sync Visualizer - Fetch a page and list likely cookie-sync or ID-match partners based on sync-like endpoints found in HTML resources. This is a useful first pass for privacy, identity, and header bidding investigations when you need to see which third-party domains look involved in sync behavior.
  • Consent Cookie Inspector - Parse cookie strings for common consent and privacy signals such as euconsent-v2, addtl_consent, US Privacy, and GPP cookies so teams can see which consent artifacts are actually present.

Related reading

More specific pages for the exact jobs this tool supports.

Browse the library

Decode US Privacy Strings During CCPA QA

A concise privacy workflow for reading CCPA-style consent flags quickly.

Decode a US Privacy String From a CCPA Ticket

A ticket-driven workflow for CCPA string decoding.

Check US Privacy Flags Before a State Privacy Rollout

A rollout workflow for US Privacy string validation.

Review Opt-out Flags During Partner QA

A partner-QA workflow for US Privacy opt-out interpretation.

Sanity Check US Privacy Cookies After a CMP Change

A post-CMP workflow for reading US Privacy strings quickly.

Decode US Privacy Values Before a Legal Review

A legal-review workflow for CCPA-style string interpretation.

Inspect Consent Cookies Before Partner Debugging

A privacy-signal workflow for auditing cookie presence before deeper QA begins.

Check Consent Cookies After a CMP Rollout

A rollout workflow for checking privacy cookie presence.

Frequently asked questions

Is it free to use?

Yes. Core tools are free and accessible without signup.

Does it upload my data?

This tool runs locally in your browser. Data you paste or files you upload stay on your device and are not uploaded.

What if I spot a bug?

Please reach out via the Contact page with a reproduction example.

Which format does it support?

It supports the common four-character IAB US Privacy string format used in CCPA-style workflows.

Can it validate malformed strings?

Yes. It flags unexpected length and flag values.

Is this the same as GPP?

No. This tool is focused on the standalone US Privacy string rather than a full GPP container.

Helpful links

Tool guide/privacy consent debugging guidePrivacy / TCFAll guidesReference libraryUse casesFAQGlossaryUpdatesAboutPrivacyTermsContact

Standards & references

Official specs that inform how this tool interprets data.

IAB US Privacy String Technical Specification