Debugging Consent Management
Big Crunch's Consent Management Platform (CMP) implements the IAB Global Privacy Platform (GPP) standard. GPP is the modern replacement for the older CCPA-only usprivacy signal (sunset by IAB on September 30, 2023) and encodes consent for GDPR, all US state privacy laws, and Canada into a single string exposed via window.__gpp.
Use the commands below to inspect the live GPP state, decode the stored string, and verify per-section field values (e.g. SaleOptOut, Gpc).
How to Use These Commands
- Open the webpage you want to debug
- Open the browser's developer tools (F12 or right-click → Inspect)
- Click on the "Console" tab
- Copy a command and paste it into the console
- Press Enter to execute
Inspect the Full GPP State
window.__gpp('ping', (data) => console.log(data));
Returns an object with the current gppString, cmpStatus, signalStatus, applicableSections, cmpId, and cmpVersion. This is the fastest way to confirm the CMP is loaded and which US state section applies to the current visitor.
Get the Encoded GPP String
The encoded string is returned inside the ping response — there's no separate command for it.
window.__gpp('ping', (data) => console.log(data.gppString));
Prints just the encoded string (e.g. DBABBgA~BVoAAABY.QA). Paste this into the IAB GPP Decoder to see every field in every section rendered in a table — much faster than querying fields one at a time.
Decode a Specific Section
// US National (MSPA) — section 7. Applies to visitors from CA, CO, CT, UT, VA.
window.__gpp('getSection', (data) => console.log(data), 'usnat');
// EU TCF — section 2
window.__gpp('getSection', (data) => console.log(data), 'tcfeuv2');
// Non-MSPA US states keep their own sections, e.g. Florida
window.__gpp('getSection', (data) => console.log(data), 'usfl');
Returns the decoded field values for that section only.
Read an Individual Field
getField takes a single sectionName.fieldName parameter:
window.__gpp('getField', (v) => console.log('SaleOptOut:', v), 'usnat.SaleOptOut');
window.__gpp('getField', (v) => console.log('SharingOptOut:', v), 'usnat.SharingOptOut');
window.__gpp('getField', (v) => console.log('TargetedAdvertisingOptOut:', v), 'usnat.TargetedAdvertisingOptOut');
window.__gpp('getField', (v) => console.log('Gpc:', v), 'usnat.Gpc');
The most load-bearing fields for ad bidding are:
SaleOptOut— user opted out of sale of personal informationSharingOptOut— user opted out of sharing for cross-context behavioral advertisingTargetedAdvertisingOptOut— user opted out of targeted advertising (not present in every section)Gpc— Global Privacy Control signal was detected from the browser
Understanding the Values
GPP field values are numeric enums defined by the IAB GPP specification. The encoding is the same across every US state section, but which fields exist varies by state — California has SharingOptOut but no TargetedAdvertisingOptOut; Colorado and Virginia have TargetedAdvertisingOptOut but no SharingOptOut.
Opt-Out Fields
SaleOptOut, SharingOptOut, and TargetedAdvertisingOptOut all share this enum:
| Value | Meaning | When you'll see it |
|---|---|---|
0 | Not Applicable | User's state doesn't recognize this right, or the CMP hasn't initialized for this section yet |
1 | Opted Out — honor the opt-out | User clicked "Opt Out" in the modal, or a GPC signal was detected |
2 | Did Not Opt Out | User saw the modal and clicked "Continue" without opting out |
Treat any value of 1 as an instruction to suppress sale, sharing, or targeted advertising for this visitor.
Notice Fields
SaleOptOutNotice, SharingOptOutNotice, TargetedAdvertisingOptOutNotice, SensitiveDataProcessingOptOutNotice, and SensitiveDataLimitUseNotice indicate whether the required disclosure was presented to the user.
| Value | Meaning |
|---|---|
0 | Notice was not applicable for this visitor |
1 | Notice was provided |
2 | Notice was not provided (a compliance red flag — investigate if you see this in production) |
MSPA Fields (US National / Multi-State)
MSPA = Multi-State Privacy Agreement. These appear on usnat and some state sections.
| Field | Values |
|---|---|
MspaCoveredTransaction | 1 = Yes (transaction is MSPA-covered), 2 = No |
MspaOptOutOptionMode | 1 = Yes (MSPA opt-out option is offered), 2 = No |
MspaServiceProviderMode | 1 = Yes (operating as an MSPA service provider), 2 = No |
GPC
Gpc is a plain boolean:
| Value | Meaning |
|---|---|
true | The visitor's browser sent a Global Privacy Control signal (navigator.globalPrivacyControl === true). The CMP auto-sets all opt-out fields to 1 in this case. |
false | No GPC signal detected. |
Sensitive Data Arrays
SensitiveDataProcessing is an array of 12+ 2-bit indicators (the length varies by section), one per category (racial or ethnic origin, precise geolocation, health data, etc.). Each element follows the same 0/1/2 enum as the opt-out fields.
KnownChildSensitiveDataConsents is a 2-element array covering consent for users under 13 and 13–16.
For day-to-day debugging you rarely need to read these individually — the IAB decoder at iabgpp.com labels each slot for you.
Top-Level ping Fields
These come from window.__gpp('ping', …), not getField:
| Field | Values |
|---|---|
cmpStatus | "stub" (API stub only), "loading", "loaded" (CMP ready), "error" |
signalStatus | "not ready" (awaiting user interaction or consent load), "ready" (safe for ad bidding code to read the GPP string) |
applicableSections | Array of section IDs that apply to this visitor — e.g. [7] for US National/MSPA states (usnat), [13] for Florida (usfl), [2] for EU TCF. Big Crunch's CMP emits usnat for all MSPA-covered states (CA, CO, CT, UT, VA) and state-specific sections for non-MSPA states. |
cmpId / cmpVersion | IAB-registered CMP ID and version; useful when reporting a bug to an adapter vendor |
Quick Scenario Reference
Recognizing common states at a glance:
| Scenario | SaleOptOut | Gpc | signalStatus |
|---|---|---|---|
| Fresh visitor, modal not yet shown | 0 or null | false | "not ready" |
| Visitor saw modal, clicked Continue | 2 | false | "ready" |
| Visitor clicked Opt Out | 1 | false | "ready" |
| Visitor has GPC enabled (auto opt-out) | 1 | true | "ready" |
| Non-US visitor (e.g., EU) | null — field doesn't exist | false | check tcfeuv2 section instead |
Inspect Stored Consent
The encoded GPP string is persisted across sessions so the user only sees the modal once. Storage uses localStorage when available and falls back to a cookie.
- localStorage key:
__bc_cmp_cmp_gpp_string - Cookie name (fallback):
__bc_cmp_cmp_gpp_string(root domain, 30-day expiry) - Companion metadata:
__bc_cmp_consent_metadata(CMP version, timestamp, GVL version) - Detected location:
__bc_lh_consent_country_code,__bc_lh_consent_region_code
Inspect them in DevTools → Application → Local Storage (or Cookies if localStorage is disabled).
// Quick peek from the console
localStorage.getItem('__bc_cmp_cmp_gpp_string');
localStorage.getItem('__bc_cmp_consent_metadata');
Clear Stored Consent
To force the modal to re-appear on the next page load (for testing), remove the stored entries:
Object.keys(localStorage)
.filter((k) => k.startsWith('__bc_cmp_') || k.startsWith('__bc_lh_'))
.forEach((k) => localStorage.removeItem(k));
location.reload();
Verify Global Privacy Control Handling
GPC is a browser-level signal (sent via navigator.globalPrivacyControl === true) that the CMP automatically honors for US visitors — setting Gpc: true, SaleOptOut: 1, SharingOptOut: 1, and TargetedAdvertisingOptOut: 1 before the modal even renders.
// Is GPC active in this browser?
console.log('GPC:', navigator.globalPrivacyControl);
If true, the CMP will show a green acknowledgment line in the modal ("We've detected a Global Privacy Control signal…") and the GPP string will already reflect the opt-out before the user interacts.
Browser Extension
For an always-on panel showing the live GPP state as you click through the modal, install the IAB GPP Tool Chrome extension. It's the fastest way to watch fields change in real time during QA.