# Vendor cookies dropped before end-user consent

If your organization identifies vendors dropping cookies on end-user devices before the end-user provides their consent selections it can be due to a few reasons. In this article, we provide an overview for why a vendor may be dropping certain cookies before end-user consent:

* IAB vendor using legitimate interest
* Vendor misconfiguration

***

### IAB vendor using legitimate interest

Legitimate interest is a legal basis under the General Data Protection Regulation (GDPR) that permits the processing of personal data without consent where a controller or third party has a genuine interest in doing so, the processing is necessary to achieve that interest, and that interest is not overridden by the rights and freedoms of the data subject.

IAB vendors automatically receive the TC String and drop their cookies according to the end-user's consent status. IAB vendors who utilize legitimate interest as a legal basis for certain purposes (declared when they register for the IAB TCF Global Vendor List) can drop cookies on an end-user's device prior to the end-user providing consent.&#x20;

{% hint style="info" %}
Despite the IAB vendor's purpose declarations, your organization can override these settings directly from the consent notice configuration.&#x20;
{% endhint %}

Your organization can inspect whether an IAB vendor is relying on legitimate interest as a legal basis for one or more purposes via the Data Manager.

Click **Data Manager** in the left-hand panel and select the **Vendors** tab on the subsequent page.&#x20;

<figure><img src="/files/6QE5kYJyyRCJ2hrYBOl2" alt="" width="563"><figcaption></figcaption></figure>

Use the provided filter and search bar to find the IAB vendor.

<figure><img src="/files/LxetY8v2BCRdQ4BOEO8f" alt="" width="563"><figcaption></figcaption></figure>

Purposes that utilize legitimate interest as a legal basis for the IAB vendor will populate in the **Opt-out purposes (based on legitimate interest)** column for the vendor.&#x20;

<figure><img src="/files/rHn6aFnrA0AruHJtWLJO" alt="" width="563"><figcaption></figcaption></figure>

### Vendor misconfiguration

Vendors who are not registered with the IAB TCF do not receive the end-user's consent status automatically. Since non-IAB vendors do not receive the end-user's consent automatically, their technology (tags) on your website need to be conditioned so that they only trigger when the appropriate end-user consent is provided.

If a non-IAB vendor's technology is not properly conditioned, the vendor may drop its cookies prior to the end-user providing consent. Ensure these vendor tags are conditioned properly using one of the following methods:

* [Tag Management Solution (TMS)](https://developers.didomi.io/cmp/web-sdk/third-parties/tags-management/tag-managers)
* [Custom Didomi script tags](https://developers.didomi.io/cmp/web-sdk/third-parties/no-tag-manager)
* [Programmatic API](https://developers.didomi.io/cmp/web-sdk/third-parties/programmatic-api)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.didomi.io/consent-management-platform-cmp/introduction/vendor-cookies-dropped-before-end-user-consent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.