Runtime Verification
Last updated: July 2, 2026
Use this guide to confirm that a CYBEXO Runtime Suite installation is live and producing customer-safe evidence.
Verification Targets
Section titled “Verification Targets”| Check | Passing evidence |
|---|---|
| Runtime loader | https://cmp.cybexo.com/loader.js is present on the page |
| Script identity | script id is cybexo-cmp for direct web and supported CMS surfaces |
| Settings ID | the loader has the customer Settings ID |
| Install surface | Pulse detects direct, google_tag_manager, wordpress, android, or ios where observable |
| Runtime contract | Pulse report shows CYBEXO Runtime Verified or Runtime contract: pass |
| Version traceability | report includes loader version/build/channel/commit when the loader can be inspected |
| Google Consent Mode | default consent is initialized before marketing or analytics tags run |
| Report trace | Command Center links to the Pulse report |
Browser Checks
Section titled “Browser Checks”Run these checks in the browser console on the customer site.
Loader
Section titled “Loader”document.getElementById("cybexo-cmp")performance .getEntriesByType("resource") .filter((entry) => entry.name.includes("cmp.cybexo.com/loader.js"))Google Consent Mode
Section titled “Google Consent Mode”(window.dataLayer || []).filter( (entry) => Array.isArray(entry) && entry[0] === "consent" && (entry[1] === "default" || entry[1] === "update"))Expected result:
- a
defaultconsent command appears before tags that require consent - an
updateconsent command appears after the visitor makes a choice
Public API
Section titled “Public API”typeof window.initCybexoCMPtypeof window.cybexoReportConversionThese APIs may be unavailable on pages that use a managed integration which initializes CYBEXO internally.
Pulse Verification
Section titled “Pulse Verification”Open CYBEXO Pulse at https://pulse.cybexo.com/ and scan the customer domain.
The public scanner uses the same-origin API path:
https://pulse.cybexo.com/v2/public-scanThe compatibility API path https://api.cybexo.io/v2/public-scan remains available for API clients, but browser-based public scans should prefer the Pulse same-origin path.
Passing report evidence should include:
- CYBEXO Runtime Verified
- pages tested
- pages with runtime contract
- detected surface
- loader URL
- loader version/build/channel/commit when available
- evidence timestamp
- public Pulse report link
- downloadable evidence JSON
- findings, if any
Use Download evidence JSON from the Pulse report when a customer-safe implementation proof packet is needed for a launch record, support ticket, or audit handoff.
Command Center Verification
Section titled “Command Center Verification”In CYBEXO Command Center, the connected property should show:
- property connected
- runtime verifier pass
- Pulse runtime pass
- verified domain
- install surface
- loader version/build
- Pulse report link
- evidence timestamp or latest proof refresh
Troubleshooting
Section titled “Troubleshooting”| Symptom | Likely cause | Next check |
|---|---|---|
| No loader detected | loader is not installed, blocked by CSP, or injected too late | Check page source and network tab |
| Duplicate banner | multiple install surfaces are active | Confirm direct script and GTM are not both loading CYBEXO |
| Consent Mode missing | tag order is wrong or consent bootstrap is disabled | Use Tag Assistant and the dataLayer check |
| Pulse report has no version/build | loader could not be fetched or inspected | Check network access to cmp.cybexo.com/loader.js |
| Command Center not verified | Pulse has not recorded runtime evidence yet | Run a Pulse scan and refresh Command Center |