Consent Management

Big Crunch ships a built-in Consent Management Platform (CMP) that implements the IAB Global Privacy Platform (GPP) and Transparency & Consent Framework (TCF) in one bundle. It detects the visitor's jurisdiction, surfaces the right consent UI, persists their choices, and exposes the encoded consent string via window.__tcfapi and window.__gpp.

This page is a guide to the Consent Management section of the Big Crunch dashboard — each subsection below corresponds to a tab. For runtime debugging, see Debugging Consent Management.

Overview tab

The Overview tab controls the high-level runtime gates that decide which regional flows activate on the publisher's site. The CMP bundle is delivered the same to every visitor; these settings tell it which regulatory framework to apply based on the visitor's location.

Enable Big Crunch CMP

United States — Activates US GPP sections, the state-by-state opt-out UI, and the "Do Not Sell or Share My Personal Information" trigger link. CCPA / CPRA / VCDPA / CPA / UCPA / CTDPA / FDBR and other state privacy laws are covered through the IAB MSPA (Multi-State Privacy Agreement) usnat section plus per-non-MSPA-state sections.
Transparency & Consent Framework — Activates the EU and Canada TCF 2.3 API, the consent banner ("A note on your privacy"), Google Consent Mode integration (consent signals pushed to gtag('consent', 'update')), and the EU privacy trigger link.

Both toggles can be on independently. Visitors only see the UI for the framework that applies to their location — a German visitor sees the TCF banner, a Texas visitor sees the US opt-out controls, an Australian visitor sees nothing and the CMP self-marks "not applicable" so downstream bidders don't suppress ad serving.

Jurisdiction

The Publisher country dropdown drives the TCF publisher-country fields encoded in the EU TC string. Selecting Switzerland enables the nFADP carve-out: the CMP auto-sets the TCF PurposeOneTreatment flag and adjusts which legal bases the banner exposes.

Set this to wherever your publishing entity is legally established — not where your visitors come from.

US Settings tab

Per-state behavior for the US opt-out flow. Big Crunch's CMP covers every state with a passed privacy law:

MSPA states — California, Colorado, Connecticut, Utah, Virginia. These share the IAB usnat section.
Non-MSPA states with their own GPP sections — Florida (usfl), Texas (ustx), Iowa (usia), Oregon (usor), Montana (usmt), Delaware (usde), New Hampshire (usnh), New Jersey (usnj), Tennessee (ustn), Nebraska (usne).

Configure the default opt-out values, MSPA service-provider mode, sensitive-data treatment, and any per-section banner copy overrides here. The CMP automatically honors the visitor's browser Global Privacy Control signal — when navigator.globalPrivacyControl === true, sale / sharing / targeted-advertising opt-outs are set to 1 before the modal even renders.

TCF Settings tab

EU and Canada TCF-specific configuration. Big Crunch's CMP is IAB Europe registered (CMP ID 501) and supports TCF 2.3.

Common settings here:

Vendor list — which IAB Global Vendor List vendors the publisher works with. The CMP fetches the canonical GVL and renders the configured subset in the "Manage preferences" view.
Non-TCF partners — partners outside the IAB GVL (e.g., Google's Additional Consent string). The CMP encodes their consent into the AC string alongside the TC string.
Banner copy + legal text — publisher-customized consent notice text.

Editor tab

A live visual editor for the consent banner and "Manage preferences" modal — colors, fonts, button styling, banner position, optional publisher logo. The Inspector pane on the right shows every CSS variable the publisher can override; the Preview pane renders the banner exactly as visitors will see it.

Changes here are persisted to the property config and rolled out through the standard CDN — no publisher snippet change required.

Performance opt-ins (HTML tags)

A few publisher-side opt-ins live as <meta> tags in the page <head> rather than dashboard controls, because they describe properties of the publisher's own HTML / build rather than the CMP's behavior.

Eager hydration mount

By default the CMP waits for window.load before mounting the banner / modal / privacy trigger link, so DOM mutations don't race client-side framework hydration. On image-heavy pages that wait can be multiple seconds — a visible blank-page period for EU first-visit visitors.

Static publishers (plain HTML, PHP, traditional CMS) can opt into mounting after DOMContentLoaded instead, by adding this tag in <head> before the Big Crunch script tags:

<head>
  <meta name="bc-cmp-hydration" content="eager">
  <script async src="https://dist.bigcrunch.com/cmp/cmp.js" data-property-id="..."></script>
  <script async src="https://dist.bigcrunch.com/lighthouse/main.js" id="bigcrunchtag" data-property-id="..."></script>
</head>

The meta tag must be parsed before cmp.js evaluates; placing it later in the document won't take effect this pageview.

Don't use this on a framework site (React, Next, Remix, Nuxt, SvelteKit, TanStack Start, Astro islands, Qwik). Those run a client-side hydration pass after initial paint — keep the default.

This opt-in only affects when the banner / modal / trigger link mount. __tcfapi / __gpp, BcCmpSignalReady timing, and returning-visitor flows are unchanged.

Debugging Consent Management — inspect the live GPP string, decode sections, read individual fields from the console.
Installation — the publisher snippet that loads cmp.js alongside Lighthouse.

Support

Questions on what to enable, or what a specific GPP value means in production? support@bigcrunch.com.

Search Documentation