Verifying your install
Two console tools confirm your install — one for what the CMP intends, one for what actually happened.
debug() — what the CMP intends
Section titled “debug() — what the CMP intends”LightningCMP.debug();Prints a structured snapshot of the CMP’s own decision-making: the resolved regulation, current consent, Google Consent Mode signals, and a table of gated scripts (blocked vs. activated, and why). Use it to answer “why is this script blocked, and what am I sending to Google?”
It also raises hints — e.g. a consentmode-order warning if a site-hosted
Google tag beat the CMP’s consent default, or a nudge to bridge a hard-blocked
Google tag. Enable verbose logging with ?lightning-debug in the URL, or
localStorage['lightning-debug'] = '1'.
audit() — what actually happened
Section titled “audit() — what actually happened”await LightningCMP.audit();A behavioural self-audit: it observes the cookies actually set and requests
actually fired on the page and infers whether any of it violated the visitor’s
consent (a leak). Unlike debug(), it trusts nothing about config — it watches
real activity. The toolkit is lazy-loaded (audit.js) on first call.
A finding is a leak when a cookie or non-cookieless request fires under a denied category, and ok when activity happens under a granted category (which proves the CMP gates rather than merely blocks) or is a designed cookieless Consent Mode ping.