Skip to content

Edge proxy overview

The edge proxy is an optional Cloudflare Worker you deploy on your own zone. It complements the client-side CMP with three server-side capabilities, and closes gaps a purely client-side script fundamentally can’t.

Your Worker is a one-line re-export of the published package plus a wrangler.jsonc — all the logic lives in @lightning-cmp/edge-proxy:

export { default } from "@lightning-cmp/edge-proxy";
  1. First-party proxy — serves the SDK and consent beacons from yourdomain.com/__consent/*, so they aren’t CORS-blocked or ad-blocked. It rewrites the SDK’s baked apiBase to the first-party path automatically.
  2. Tracker auto-gating — an HTMLRewriter turns known tracker <script src> tags in your origin HTML into blocked placeholders, closing the pre-consent race even for hardcoded tags the client-side blocker can’t see in time.
  3. Cookie guard — strips non-consented Set-Cookie headers your origin server sets. This is the one enforcement a client-side CMP cannot do at all, because those cookies never pass through JavaScript.

Modes 2–3 require the Worker to front the whole zone (yourdomain.com/*); scoped to /__consent/* only the first-party proxy runs.

  • You want first-party SDK/beacon delivery to survive ad-blockers.
  • You have server-set tracking cookies that must honour consent.
  • You have hardcoded third-party tags and want them gated before the client script can act.

If none of those apply, the client-side snippet alone is a complete install.

  • Setup — deploy it on your zone.
  • Configuration — env vars, cookie map, central config.