Not showing Consent Management Platform on Lighthouse

[lucop1]

Summary
I have a question regarding Lighthouse, CMPs (Consent Management Platforms) and Cloaking.
Basically I found out that some CMPs like CookieBot or Click.io are not showing when a website is scanned by Lighthouse or PageSpeed.
So the scores shown in the Lighthouse are not affected by CMP, example:
website url: https://reportergourmet.com/
pagespeed url: https://lighthouse-dot-webdotdevsite.appspot.com//lh/html?url=https%3A%2F%2Freportergourmet.com%2F

At the following url, Cookiebot says that they are not showing their cmp on some google tools:
https://support.cookiebot.com/hc/en-us/articles/360020501579-Google-Core-Web-Vitals-and-Cookiebot-Consent-Management-Platform-CMP-

Is this practice allowed by Google Lighthouse? It is not cloaking?

[adamraine]

Note: In order for you to test the performance of your site, we don’t display the consent banner on all Google tools. Otherwise, during a test, the banner would show on every page of your site, (as the tools cannot provide consent) rather than just once - as in a real-life scenario. This would not give an accurate representation of performance. To allow for testing of your pages with our consent banner, we have enabled a query parameter that you attach to the end of your site URL that will automatically display the banner for any of your pages. The query parameter is called g_disable_bot_detection and you assign that a value of 1.

They do give the option to disable bot detection. Not sure if this meets the definition of cloaking since a page load without the banner is a valid user experience.

[connorjclark]

Is this practice allowed by Google Lighthouse? It is not cloaking?

You're probably using the term cloaking in the SEO sense–which Search forbids. This concept has no relevance to lab performance tools, and we aren't a gatekeeper for anything so there's nothing to "allow".

Sites can "hide" stuff from Lighthouse, but most likely you're only pulling the wool over your own eyes and missing valuable insights. For what it's worth, many of these tricks are trivial for us to detect, and we are considering doing so inside PageSpeed Insights.

From looking at just Cookiebot:

Note: In order for you to test the performance of your site, we don’t display the consent banner on all Google tools. Otherwise, during a test, the banner would show on every page of your site, (as the tools cannot provide consent) rather than just once - as in a real-life scenario. This would not give an accurate representation of performance. To allow for testing of your pages with our consent banner, we have enabled a query parameter that you attach to the end of your site URL that will automatically display the banner for any of your pages. The query parameter is called g_disable_bot_detection and you assign that a value of 1.

I'd say they handle this in an appropriate manner: the fact that their banner would only show once and then never again for a user is a convincing reason to not show the banner in a lab test (if they blocked the script from loading somehow, that'd be a different story). And since they provide a way to disable this prevention it all seems like a reasonable and responsible tool wrt performance testing.

Although, as a developer using this tool I'd be concerned there was a layout shift due to a misconfiguration of the banner code, and first user impressions are much more important to measure, so I'd personally always want it enabled in my lab tests.

[jorgellose]

First impression is important, but also is important to measure something +- real, you are testing the worst possible scenario, and it is important to remember it to dont follow bad paths

We have 99% users with 4G (or more), the test is with 3G
Test is with motorola 3G, even my grandma has a better phone
We have practically all cached and shared between other pages (core resources) , test dont apear to use it (showing you thinks like 0.45s to download 69KB JS with 1 year cache)

Lab data is helpful, but it can lead you to do unnecessary things that don't give you any value: (origin mobile/desktop)

For example i lost my time trying to improve my LAB LCP on mobile but origin data is telling me a different story, we load 311KB between all resources, avif images optimized for mobile, 700 nodes, etc... how can that be a problem in 2021 with 4G-5G, tried everything and nothing worked

(lab mobile/desktop)

The same can be applied for cookie banners, i rewrited 347KB of OneTrust Cookie consent in 1KB just to be aproved by a PageSpeed bot, my field data improved 1-1.5 points , lab data like 15 points, again, it just test the worst scenario possible, nothing near the reality