Swift sits at the edge, between your users and your origin. The banner is in the HTML before the browser even starts parsing. Zero client-side injection cost.
A Cloudflare Worker sits between your users and your origin. On each HTML request it reads the visitor's geo from CF headers, checks the swift_consent cookie, and — if consent is needed — injects the banner markup and CSS inline before </body>. No client JS is required to display the banner.
A tiny vanilla-JS runtime loads with defer — after the page has already painted. It attaches click handlers to the pre-rendered banner, writes consent decisions to a cookie, fires Google Consent Mode v2 signals (consent/default → consent/update), and calls your CMP's audit API. No framework. No polyfills. No layout shift.
Consent decisions are relayed back to your existing CMP's audit log via their API. Cookiebot (logconsent.ashx), OneTrust (CPM API), Iubenda, Didomi supported. Compliance stays with them. Legal exposure stays with them. Swift just renders faster.
swift_consent cookie
~20msWorker fetches from your origin, streams response
~20msWorker injects banner HTML + CSS inline before </body> (if needed)
LCP paintBanner is already in the DOM. Zero client JS required to display it.
+defer1.8KB SDK loads, attaches click handlers, fires Consent Mode v2 default
on clickUser accepts/rejects → SDK fires consent/update → releases gated tags → POSTs to CMP audit API