NexaGuard
  1. Web-and-CMS-Integrations
NexaGuard
  • Getting-Started
    • NexaGuard Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • NexaGuard CMP SDK – Web & GTM Setup
    • Integrate NexaGuard CMP with Webflow and Wix
    • Integrate NexaGuard CMP with WordPress
    • Integrate NexaGuard CMP with Drupal
    • Integrate NexaGuard CMP with Shopify
  • Mobile-SDKs
    • NexaGuard CMP SDK - iOS Setup
    • iOS SDK API Reference
    • NexaGuard CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • NexaGuard Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • NexaGuard CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Web-and-CMS-Integrations

NexaGuard CMP SDK – Web & GTM Setup

Last updated: February 21, 2026
Package<script id="nexaguard-cmp" …>
MinimumEvergreen browsers · ES6
Footprint≈ 12 kB gzipped loader

1 Option A: Direct Script Embed#

Place the loader <script> as high as possible in your <head>:
Required attribute
AttributeValueDescription
data-settings-ide.g. NXG-Zmk9Zy0c1XIdentifies your site’s branding & vendor list.
Optional attributes
AttributeDefaultUse-case
data-assets-urlAsset path inferred from srcPoint loader at a staging asset endpoint.
data-cdn-urlhttps://cdn.nexaguard.comOverride config/GVL CDN base for staging or isolated environments.
data-developer-iddZTNmYWOverride Google developer ID signal for approved deployments.
data-consent-modeonSet to "off" to skip loader-level Consent Mode default bootstrap on load.

2 Option B: Google Tag Manager (recommended)#

NexaGuard CMP is also available as a GTM Custom Tag Template.
This ensures Consent Mode defaults fire at Consent Initialization – All Pages, before any Google tags.

Step-by-step setup#

1.
Import the template
Download the NexaGuard CMP .tpl file from your dashboard.
In GTM → Templates → Tag Templates → New → Import, select the .tpl.
Save as NexaGuard CMP.
Screenshot: Import template
2.
Create a new tag
GTM → Tags → New → Tag Configuration.
Choose NexaGuard CMP.
Fill in the fields:
Settings ID → your NexaGuard CMP ID (from dashboard).
Other fields (developerId, region defaults, loader URLs) can remain at defaults.
Screenshot: Create tag
3.
Add a trigger
Under Triggering, select Consent Initialization – All Pages.
This ensures consent defaults load before gtag.js or any Google Ads/Analytics tags.
Screenshot: Add trigger
4.
Publish the container
Click Submit → Publish and Create Version.
Name the version (e.g. NexaGuard CMP v1.0) and click Publish.
Screenshot: Publish
5.
Verify in Tag Assistant
Open Tag Assistant → Preview on your site.
On page load you should see:
consent default fired at Consent Initialization.
all four required Consent Mode keys present in the default call.
After “Accept All” you should see:
consent update with all four signals = granted.

3 Trigger the banner manually (optional)#

The banner auto-shows on first visit. To open it on demand:
Standard TCF alternative:

4 Public Runtime Surface (Web)#

CallPurpose
window.showCMPBanner(force?)Reopen CMP UI (true forces reopen).
window.__tcfapi(...)Standard TCF API endpoint (ping, getTCData, addEventListener, displayConsentUi, etc.).
window.__gpp(...)Standard GPP API endpoint (ping, addEventListener, getGPPData, etc.).
window.nxgDebugConsent(showUI?)Runs consent diagnostics; optional UI overlay when true.
Note: consent action methods are handled internally by CMP UI flows and not part of the public web API.

5 Consent Mode Behavior#

NexaGuard CMP supports Google Consent Mode signals for:
ad_storage
analytics_storage
ad_user_data
ad_personalization
On load, when consent mode is enabled, the loader sets:
After user interaction, CMP emits consent update with current values.
If you set data-consent-mode="off", loader-level default bootstrap is skipped.

5.1 Creating a Google-Ready Banner (Consent Mode v2 Template)#

NexaGuard CMP includes a pre-built banner template that already meets Google’s banner requirements:
Fully configurable from the Dashboard (text, logo, colors, buttons).
Pre-filled message:
“We use cookies to personalize ads and measure performance. Learn more at Google’s Privacy & Terms.”
Includes clear Accept All and Reject All actions for affirmative consent.
Supports both TCF and non-TCF implementations.

Steps#

1.
Go to Dashboard → Banner Templates → Google Consent Mode v2.
2.
Click Create Banner.
3.
Customize your design (logo, colors, text).
4.
In Consent Mode Settings, ensure the four v2 consent types are mapped:
ad_storage
analytics_storage
ad_user_data
ad_personalization
5.
Save and Publish.
6.
Verify implementation using:
Tag Assistant or
https://cmp.nexaguard.com/?nxg_debug_ui=1 (interactive audit overlay).
This configuration automatically fulfills Google’s banner requirements (section v).

6 Debug Mode (developer helper)#

To help validate Consent Mode ordering and TCF status, NexaGuard CMP includes an interactive debug tool.

🧭 Open from URL#

Append one of these parameters to any page URL where NexaGuard CMP is installed:
ParameterBehavior
?nxg_debug=1Runs a background audit and logs a JSON report to the browser console.
?nxg_debug_ui=1Opens a floating NexaGuard Consent Audit overlay on screen with live updates.
Example:
https://example.com/?nxg_debug_ui=1

🧰 Run from the browser console#

You can also open or refresh the audit manually:
When active, the overlay shows:
Developer ID and consent signal values (ad_storage, analytics_storage, ad_user_data, ad_personalization).
TCF API presence and locator iframe detection.
Index order of consent default, gtag('js'), and gtag('config').
Live updates when consent or TCF events change.
Buttons to Refresh, Copy report, or Close.
Tip: Use this mode during audits or integration tests to confirm your gtag() and Consent Mode defaults fire in the correct order.

7 TCF v2.3 Support Statement#

NexaGuard CMP web implementation supports IAB TCF v2.3, including handling for the disclosed vendors segment.
See IAB TCF v2.3 Support and TCF API Validation for verification steps.

8 Production Readiness Checklist#

Before go-live:
1.
Confirm CMP script is loaded once only.
2.
Confirm consent default is emitted before Google tags.
3.
Confirm consent update is emitted after user action.
4.
Confirm all four Consent Mode v2 keys are present.
5.
Confirm window.__tcfapi is available for TCF deployments.
6.
Confirm banner can be reopened via window.showCMPBanner(true) or __tcfapi('displayConsentUi', 2, ...).
7.
Capture Tag Assistant and debug evidence for release records.

9 Rollback and Uninstall#

Direct script embed:
1.
Remove the NexaGuard loader script from site templates.
2.
Clear template and site cache layers.
3.
Verify no #nexaguard-cmp element remains.
GTM deployment:
1.
Pause or remove NexaGuard CMP tag in GTM.
2.
Publish a new container version.
3.
Verify consent commands are no longer emitted.
Full docs ➜ https://developer.nexaguard.com
© 2026 NexaGuard Inc. All rights reserved.
Previous
Audit Checklist (Pre-Launch)
Next
Integrate NexaGuard CMP with Webflow and Wix