İçeriğe atla
Start free
Transparency Report

SDK Performance Transparency

Customers should know everything: SDK size, load time, page speed impact, API latency. No hidden figures.

Last updated: 31 Mayıs 2026  ·  Next review: 31 Ağustos 2026

Industry transparency note: Most of our competitors (domestic and international consent and a11y SDK providers) don't publicly disclose these metrics; behind the figures they keep hidden there are usually either bloated bundles or untested claims. We chose a different path: we share the real numbers we have, and what we can't measure we clearly mark as "measurement pending" .
SDK file sizes

1. SDK File Sizes

SDK size refers to the extra bytes your visitors' browser will download. Less is better; however "the compressed brotli figure used to look smaller" with "the real minified gross size" differ. Below we provide all three measurements at once.

SDK Gross (min) Gzip Brotli
Cookie SDK
consent.js		 Measurement pending Measurement pending Measurement pending
Accessibility SDK
accessibility.js		 Measurement pending Measurement pending Measurement pending
Loader
/sdk/consent.js, versionless redirect		 < 1 KB < 0,5 KB < 0,4 KB
Why "pending"? Our production build pipeline (minify + tree-shake + brotli precompress) is being reassembled after the Phase 12-15 integration. We will publish the first official measurements in Q3 2026. We prefer to leave it blank rather than share an estimate.
Loading strategy

2. Loading Strategy

No matter how small an SDK is, if it loads incorrectly it will still hurt page speed. cerez.io SDK was designed to be non-render-blocking using the following techniques.

Async loading

Our embed code uses <script async> . While the SDK is being downloaded the browser keeps rendering the page, there is no render-blocking.

Versionless loader

Sites are given /sdk/consent.js ; on the server it is redirected to the current version with a 302. On a version update the site owner does not need to change any code.

Server-side cache

Banner settings are cached in Redis for 5 minutes. Thousands of visitors within the same minute trigger a single DB query.

sessionStorage cache

The banner decision is stored in the browser for 1 hour. When the same user opens a new tab, the SDK doesn't call the API at all.

Shadow DOM isolation

The banner and a11y widget are rendered inside the Shadow DOM. The browser's style recompute cost stays minimal and the host site's CSS is not affected.

Lazy a11y panel

The accessibility widget loads its full payload of 40+ features only when the trigger button is pressed. On page arrival, only the button itself is in the DOM.

Core Web Vitals impact

3. Page Speed Impact, Core Web Vitals

Our official Lighthouse measurement is not available at this time. Many competitors share figures like "&lt;5ms impact" without saying in which test environment, with which network profile, or on which page type it was measured. Rather than speaking hastily, in Q3 2026 we will commission an independent third-party measurement and publish the report here together with the HAR file and screenshots.

The metrics below reflect our representative expectations stemming from the technical architecture; they are not measurement results. The real values will be updated on this page after an independent audit.

<50ms
LCP impact, async loading, no render-blocking
0
CLS (Layout Shift), Shadow DOM triggers no reflow
<10ms
TBT, main thread free, worker-friendly
defer
Bundle strategy, execution after DOMContentLoaded

Representative / sample metrics. Measurement pending. Unlike competitors' "0ms impact" claims, we speak on a mid-range mobile + 4G network baseline.

Domestic hosting · secure infrastructure

4. Hosting &amp; CDN

Where the SDK files are physically served from is critical for public institutions and customers focused on KVKK compliance.

  • Local hosting in Turkey All application servers, the banner config DB, the consent log DB and the API endpoints are kept in data centers within Turkey's borders. This is clean with respect to KVKK Article 9 (restriction on cross-border transfer).
  • Static asset cache headers The SDK files are given Cache-Control: public, max-age=300 + ETag + Last-Modified headers. On repeat visits the browser receives a 304 Not Modified and downloads zero bytes.
  • CDN integration under consideration A Cloudflare integration is planned; estimated Q3-Q4 2026. Local edge nodes (Istanbul, Ankara, Izmir) will deliver single-digit ms latency. For now, static files are served directly from the server.
  • HTTP/2 + TLS 1.3 + brotli All SDK traffic is served with TLS 1.3, HTTP/2 and brotli compression.
API SLA targets

5. API Performance, Target SLA

While the SDK runs it makes three types of backend calls: fetching the banner config, saving consent, and heartbeat. The figures below are the SLA values we target; they are continuously monitored in production and trigger an alarm on a breach.

Endpoint P50 (median) P95 Rate Limit
GET /banner/{api_key}
Banner config (5 min cache)		 < 100ms < 300ms 500/dk
POST /consent/log
Consent save (async write)		 < 80ms < 200ms 500/dk
POST /heartbeat
Pageview counter		 < 50ms < 150ms 500/dk
Status page is coming. In Q3 2026 status.cerez.io we will publish a real-time uptime + latency dashboard on the subdomain. Any SLA breach will be listed there automatically.
Commitment

6. Process Transparency

Performance is not a one-time measurement but an ongoing commitment.

Version log

Every SDK release is published in the GitHub release notes and on the /docs/changelog page. The public changelog opens in Q3 2026.

Breaking change announcement

A backward-incompatible change to the SDK API is announced at least 90 days in advance via email + admin panel banner + changelog.

Deprecation policy

Before an API endpoint or SDK parameter is removed, a minimum 6-month deprecation period is granted. During this period the old version keeps working.

Quarterly performance report

We plan to publish an aggregate performance report each quarter: average LCP impact, P99 latency, uptime percentage, number of bugs fixed.

FAQ

7. Open Questions

When will the real Lighthouse measurements arrive?
We're aiming for Q3 2026. We will engage an independent third-party audit firm; the report will be published together with HAR files + screenshots + raw data. Rather than sharing an estimate, we prefer an approach that waits for the measured real value.
SDK size is critical for me, can I get an exact figure?
We will publish the exact figure on this page after the production build. Until then, for enterprise customers, if you request it via the contact page , we will privately share the current measurement taken from the existing build.
Does my data leave Turkey?
No. SDK traffic, banner config, consent logs and API endpoints are processed and stored on servers within Turkey's borders. After the CDN integration, only the static SDK JS file may be served from edge nodes; these files contain no personal data.
Competitors say "0ms impact", why are yours different?
Every async-loaded third-party script has a non-zero cost; that's a law of physics. Those who say "0ms" either don't share their measurement methodology or measure under ideal conditions on a powerful machine. We speak on a mid-range mobile device and 4G network baseline, and we're transparent about it.
Is the status page live?
Not yet. status.cerez.io It will launch in Q3 2026. Until then, for unplanned outages we send notifications via destek@cerez.io .

No hidden figures. No false claims.

cerez.io , when you work with us you know every technical detail. Open your account today and test the SDK on your own site.

Create a free account Contact

⚡ YASAL ZORUNLULUK 2025/10 Cumhurbaşkanlığı Genelgesi: Kamu, belediye, banka, üniversite, hastane, okullar için 21 Haziran 2026'ya WCAG 2.2 A zorunlu · Ceza: 5.000–25.000 TL/tespit
Detay →