1. Web-and-CMS-Integrations
NexaGuard
  • Getting-Started
    • NexaGuard Developer Documentation
    • Quickstart (5 to 10 Minutes)
    • Documentation Overview
    • Concepts and Glossary
  • Compliance-and-Standards
    • Compliance Overview
    • IAB TCF v2.3 Support
    • Google Consent Mode v2 Validation
    • TCF API Validation
    • Audit Checklist (Pre-Launch)
  • Web-and-CMS-Integrations
    • NexaGuard CMP SDK – Web & GTM Setup
    • Integrate NexaGuard CMP with Webflow and Wix
    • Integrate NexaGuard CMP with WordPress
    • Integrate NexaGuard CMP with Drupal
    • Integrate NexaGuard CMP with Shopify
    • Google Tag Manager (GTM) Template Guide
  • Mobile-SDKs
    • NexaGuard CMP SDK - iOS Setup
    • iOS SDK API Reference
    • NexaGuard CMP SDK - Android Setup
    • Android SDK API Reference
    • App Attribution Partner (AAP) Integrations
  • Developer-Reference
    • Web JS API Reference
    • Consent Event Schema
    • Deployment and Environments
    • NexaGuard Debug Tool
    • Troubleshooting Playbook
    • Performance and Best Practices
    • Accessibility and UX Guidelines
    • Localization Workflow
    • Migration Guide
  • Security-and-Privacy
    • Security Overview
    • Privacy Architecture
    • Data and Logging Transparency
    • Subprocessors
    • CSP and Network Allowlist
  • Enterprise-and-Legal
    • DPA and Legal Pack
    • RFP Feature Matrix
    • Status and Reliability
    • Support and Escalation
    • NexaGuard CMP SDK – Commercial Licence
  • Operations
    • Changelog and Version Policy
  1. Web-and-CMS-Integrations

NexaGuard CMP SDK – Web & GTM Setup

Last updated: March 30, 2026
Package<script id="nexaguard-cmp" …>
MinimumEvergreen browsers · ES6
Footprint≈ 12 kB gzipped loader

1 Option A: Direct Script Embed#

Place the loader <script> as high as possible in your <head>:
Note: this HTML snippet belongs in your site template/page source (for example inside <head>), not in the browser console.
Required attribute
AttributeValueDescription
data-settings-ide.g. NXG-Zmk9Zy0c1XIdentifies your site’s branding & vendor list.
Optional attributes
AttributeDefaultUse-case
data-assets-urlAsset path inferred from srcPoint loader at a staging asset endpoint.
data-cdn-urlhttps://cdn.nexaguard.comOverride config/GVL CDN base for staging or isolated environments.
data-developer-iddZTNmYWReserved for NexaGuard internal QA; keep default for production/partner-audit deployments.
data-consent-modeonSet to "off" to skip loader-level Consent Mode default bootstrap on load.

2 Option B: Google Tag Manager (recommended)#

NexaGuard CMP is available in the GTM Community Template Gallery.
Use the dedicated guide for full setup, audit expectations, and troubleshooting:
Google Tag Manager (GTM) Template Guide
Minimum required GTM setup:
1.
Add NexaGuard CMP template from Gallery.
2.
Create a NexaGuard CMP tag.
3.
Set your Settings ID.
4.
Trigger on Consent Initialization - All Pages.
5.
Publish and validate in Tag Assistant.
Quick check command:

3 Trigger the banner manually (optional)#

The banner auto-shows on first visit.
Run this in the browser console (JavaScript):
To open the second layer (Manage Settings) directly, run:
If you are wiring your own button in site code, call the same JS methods from your click handler.
Safe runtime fallback:
Standard TCF alternative:

4 Public Runtime Surface (Web)#

CallPurpose
window.showCMPBanner(force?)Reopen CMP UI (true forces reopen).
window.openCMPSettings()Open the second-layer Manage Settings modal directly (when CMP UI runtime is ready).
window.__tcfapi(...)Standard TCF API endpoint (ping, getTCData, addEventListener, displayConsentUi, etc.).
window.__gpp(...)Standard GPP API endpoint (ping, addEventListener, getGPPData, etc.).
window.nxgDebugConsent(showUI?)Runs consent diagnostics; optional UI overlay when true.
Note: consent action methods are handled internally by CMP UI flows and not part of the public web API.

5 Consent Mode Behavior#

NexaGuard CMP supports Google Consent Mode signals for:
ad_storage
analytics_storage
ad_user_data
ad_personalization
On load, when consent mode is enabled, the loader sets:
After user interaction, CMP emits consent update with current values.
If you set data-consent-mode="off", loader-level default bootstrap is skipped.

5.1 Creating a Google-Ready Banner (Consent Mode v2 Template)#

NexaGuard CMP includes a pre-built banner template that already meets Google’s banner requirements:
Fully configurable from the Dashboard (text, logo, colors, buttons).
Pre-filled message:
“We use cookies to personalize ads and measure performance. Learn more at Google’s Privacy & Terms.”
Includes clear Accept All and Reject All actions for affirmative consent.
Supports both TCF and non-TCF implementations.

Steps#

1.
Go to Dashboard → Banner Templates → Google Consent Mode v2.
2.
Click Create Banner.
3.
Customize your design (logo, colors, text).
4.
In Consent Mode Settings, ensure the four v2 consent types are mapped:
ad_storage
analytics_storage
ad_user_data
ad_personalization
5.
Save and Publish.
6.
Verify implementation using:
Tag Assistant or
https://cmp.nexaguard.com/?nxg_debug_ui=1 (interactive audit overlay).
This configuration automatically fulfills Google’s banner requirements (section v).

6 Debug Mode (developer helper)#

To help validate Consent Mode ordering and TCF status, NexaGuard CMP includes an interactive debug tool.

🧭 Open from URL#

Append one of these parameters to any page URL where NexaGuard CMP is installed:
ParameterBehavior
?nxg_debug=1Runs a background audit and logs a JSON report to the browser console.
?nxg_debug_ui=1Opens a floating NexaGuard Consent Audit overlay on screen with live updates.
Example:
https://example.com/?nxg_debug_ui=1

🧰 Run from the browser console#

You can also open or refresh the audit manually:
When active, the overlay shows:
Developer ID and consent signal values (ad_storage, analytics_storage, ad_user_data, ad_personalization).
TCF API presence and locator iframe detection.
Index order of consent default, gtag('js'), and gtag('config').
Live updates when consent or TCF events change.
Buttons to Refresh, Copy report, or Close.
Tip: Use this mode during audits or integration tests to confirm your gtag() and Consent Mode defaults fire in the correct order.

7 TCF v2.3 Support Statement#

NexaGuard CMP web implementation supports IAB TCF v2.3, including handling for the disclosed vendors segment.
See IAB TCF v2.3 Support and TCF API Validation for verification steps.

8 Production Readiness Checklist#

Before go-live:
1.
Confirm CMP script is loaded once only.
2.
Confirm consent default is emitted before Google tags.
3.
Confirm consent update is emitted after user action.
4.
Confirm all four Consent Mode v2 keys are present.
5.
Confirm window.__tcfapi is available for TCF deployments.
6.
Confirm CMP can be reopened via window.showCMPBanner(true) and second layer via window.openCMPSettings().
7.
Capture Tag Assistant and debug evidence for release records.

9 Rollback and Uninstall#

Direct script embed:
1.
Remove the NexaGuard loader script from site templates.
2.
Clear template and site cache layers.
3.
Verify no #nexaguard-cmp element remains.
GTM deployment:
1.
Pause or remove NexaGuard CMP tag in GTM.
2.
Publish a new container version.
3.
Verify consent commands are no longer emitted.
Full docs ➜ https://developer.nexaguard.com
© 2026 NexaGuard Inc. All rights reserved.
Previous
Audit Checklist (Pre-Launch)
Next
Integrate NexaGuard CMP with Webflow and Wix