Skip to content
Features Pricing Free Cookie Scanner Consent Mode Checker Script Audit TCF String Decoder Cookie Database GDPR Scanner Compliance Blog
Start Free → Login
Necessary

"tt_csrf_token" Cookie

TikTok

Description

TikTok CSRF protection token.

Details

Cookie Name
tt_csrf_token
Category
Necessary
Service
TikTok
Duration
session
Data Source
Manual

Consent Requirement

This cookie is classified as necessary and typically does not require consent. It is essential for basic website functionality.

Consent Requirements by Regulation

GDPR & ePrivacy (EU)

Exempt from prior consent under the strictly necessary exemption (ePrivacy Directive Article 5(3)), provided tt_csrf_token is genuinely required for the service the visitor requested. It must still be listed in your cookie policy.

UK GDPR & PECR

Exempt from consent under PECR Regulation 6(4) when strictly necessary. Disclosure in your cookie policy is still required.

CCPA/CPRA (California)

No opt-out is required for strictly necessary cookies, but tt_csrf_token must be disclosed in your privacy policy.

Managing tt_csrf_token with a Consent Banner

A consent management platform lists tt_csrf_token in the banner's cookie table under the necessary category. Because it is strictly necessary, it stays active without an opt-in, but disclosing it keeps your cookie policy accurate. Kukie.io's scanner detects it automatically and keeps the disclosure up to date as your site changes.

Frequently Asked Questions

Does the tt_csrf_token cookie require consent?
No. tt_csrf_token is classified as strictly necessary, so it can be set without prior consent under GDPR and PECR. It must still be listed in your cookie policy.
How long does the tt_csrf_token cookie last?
tt_csrf_token typically persists for session. The exact lifetime can vary with the site's configuration and the version of the script that sets it.
Who sets the tt_csrf_token cookie?
tt_csrf_token is set by TikTok. It is categorised as necessary.
How do I block or delete the tt_csrf_token cookie?
Visitors can delete tt_csrf_token at any time through their browser's cookie settings. Site owners can keep it blocked until consent with a consent management platform: Kukie.io's auto-blocking holds necessary cookies back until the visitor opts in.

Need help?

Discover all cookies on your site automatically and create a compliant consent banner.

Scan Your Website

Automatically manage consent for this cookie

Kukie.io handles cookie detection, categorisation, and consent collection - all in one platform.

Get Started Free

Listed On