Most CMPs are a tax — they block rendering, shift your layout and gut your Core Web Vitals. Lightning does the opposite: 100/100 Lighthouse with the banner running, WCAG 2.1 AAA, and one license that covers every client site.
You did the right thing and added a consent banner. Then your Lighthouse score fell off a cliff, your devs couldn't tell why a tag wasn't firing, and your marketing team watched conversions "disappear." Lightning was built to fix all three.
Render-blocking scripts, layout shift when the banner pops, megabytes of vendor JS and web fonts. Core Web Vitals go red — and so does your SEO.
contain:layout, zero CLS. The page still scores 100."Why isn't GA firing?" Most CMPs are a black box. Debugging blocked scripts means guesswork and trawling the network tab.
LightningCMP.debug() prints consent state, live Consent Mode signals and every gated script with its reason.Do consent properly and a chunk of users opt out — so your numbers drop versus the cowboys who just don't bother. That hurts.
Framework-agnostic. Drop it in the <head> or ship it through Google Tag Manager. Already on Cookiebot? Keep your data-cookieconsent markup — migration is a copy-paste.
<!-- 1. Consent Mode defaults + async queue (in <head>) --> <script> window.dataLayer = window.dataLayer || []; function gtag(){ dataLayer.push(arguments); } gtag('consent','default',{ad_storage:'denied',analytics_storage:'denied', ad_user_data:'denied',ad_personalization:'denied',wait_for_update:500}); !function(c){c.lightning=c.lightning||function(){(c.lightning.q=c.lightning.q||[]).push(arguments)}}(window); </script> <!-- 2. The SDK, gated to your licensed domain at the edge --> <script async src="https://cmp.lightning-consent.io/v1/cmp.js?k=YOUR_KEY"></script> <script>lightning('init', { theme: 'light' });</script>
Your visitor's region (GDPR / CCPA / none) is resolved at the edge and baked into the script — the right banner shows with zero extra round-trips.
Measured on the live deployed demo — Lighthouse, mobile, 4× CPU throttle, slow 4G. The banner renders and the page still scores 100.
| Metric | Result |
|---|---|
| Performance score | 100 / 100 |
| Largest Contentful Paint | 0.8 s |
| Cumulative Layout Shift | 0 |
| Total Blocking Time | 0 ms |
| First Contentful Paint | 0.8 s |
position:fixed, contain:layout style. It never pushes your content.preconnect hint and ~1 ms license checks.Built by engineers who got sick of consent black boxes. Observable, typed end-to-end, fail-soft, and honest about what it's blocking.
// "Why is this cookie blocked?" > LightningCMP.debug() consent: { necessary:true, statistics:false, marketing:false } signals: { analytics_storage:'denied', ad_storage:'denied' } scripts: _ga blocked needs: statistics gtag/js blocked needs: marketing hotjar activated granted: statistics ⚠ hint: google tag hard-blocked — prefer Consent Mode modelling over removing the tag.
init().debug:true, ?lightning-debug, or a localStorage flag. No redeploy on a live site.init, getConsent, onConsentChange, openPreferences, acceptAll, rejectAll, reset, debug.pnpm reference, per-package READMEs.The big CMPs charge per domain and bolt the banner on top of your page. We built ours into the edge.
| Lightning | Cookiebot | Usercentrics | |
|---|---|---|---|
| Script size, gzipped | ~12 KB whole SDK | ~37 KB loader only | ~16 KB+ loader only |
| 100/100 Lighthouse with banner | Yes | No | No |
| Zero layout shift (CLS 0) | Yes | Rarely | Rarely |
| First-party — no third-party CDN | Yes | Loads from cookiebot.com | Loads from usercentrics.eu |
| Self-hosted on your own account | Yes | No | No |
| WCAG 2.1 AAA banner | Yes | AA-ish | AA-ish |
| Built-in "why is this blocked?" debug | Yes | No | No |
| Attribution-recovery hints | Yes | No | No |
| AI cookie auto-categorisation | Yes | Manual | Partial |
| Pricing model | Flat, multi-site | Per domain | Per domain |
| Agency / white-label dashboard | Yes | Limited | Add-on |
| Google Consent Mode v2 | Yes | Yes | Yes |
Sizes measured live from each vendor's loader (gzip, Jun 2026). Competitor "loader only" figures understate the real download — both fetch additional UI, config and translation bundles at runtime; our ~12 KB is the entire SDK. Comparison reflects typical out-of-the-box behaviour; competitor results vary by configuration.
No "enterprise tier" asterisks. Every Lightning license ships the whole platform — compliance, performance, accessibility, AI, analytics and the agency tooling.
contain:layout stylepreconnectinit()data-cookieconsent markuptype="text/plain")debug() — consent, live signals, gated-script table?lightning-debug / localStoragearia-live announcementsOrigininit()Per-domain CMP pricing punishes agencies for having lots of clients. Lightning is self-hosted on Cloudflare, so each new sub-site costs you almost nothing — and you manage them all from one place.
Edge-served from Cloudflare Workers. Add a client site without adding a license bill.
Analytics, cookie review/override and per-site config across every site you run — one login.
Theme tokens and per-site config let the banner wear your client's brand, not ours.
Claude auto-categorises the cookies your scanner finds — no more manual labelling per site.
The script only runs on paying, authorised domains — validated at the edge and enforced server-side via the unspoofable Origin header.
Kantara-style consent receipts + an append-only log = real proof-of-consent for your enterprise clients.
Lightning CMP comes out of Contra — a London web design & development agency, 26 years in, running a lot of client sub-sites. We were paying per-domain for Cookiebot and the maths stopped working. So we built the consent platform we actually wanted: fast, observable, accessible, and priced for portfolios.
"Creative thinking. Technical mastery." — same crew, now applied to consent. We're on your side, we keep it simple, we get it done.
Get a license, drop in two script tags, and ship a faster, more accessible, fully compliant banner across every site you run.