A Consent Management Platform is the standardized way modern websites handle cookie consent. Big-name CMPs include OneTrust, CookieBot, Didomi, CookieYes, Quantcast, TrustArc, Osano, and Iubenda.
The CMP does three jobs:
- Display the banner -- the popup users see asking for cookie consent on first visit.
- Record consent -- store the user's choice (accept / reject / per-category) in a cookie or local storage so it persists.
- Broadcast consent state -- expose an API (typically
__tcfapi(...)for IAB TCF, or vendor-specific) that other scripts on the page can query to decide whether to fire tracking.
Why CMPs matter for performance and UX:
- The CMP itself is a render-blocking script (or at least a render-blocking decision point for everything downstream).
- When CMP and the site disagree about which cookies are essential, you get the worst-of-both UX: users see the banner AND get tracked anyway.
- Two CMPs loaded simultaneously (a real and surprisingly common bug, usually during vendor migrations) produce unpredictable consent state -- last-loader-wins overwrites first-loader's cookie.
- A CMP without a privacy-policy link visible from the page is the consent-UX equivalent of having a click-through agreement that never shows the agreement.
Modern alternatives: native browser controls (Privacy Sandbox, Storage Access API), but adoption is gated on regulator approval. CMPs are the operational reality for the next several years.