Skip to main content
Before you start
Language

Cloudflare Workers

Add cside fingerprinting through a customer-managed Cloudflare Worker that injects the browser script into HTML responses.

Use this guide when you want to deploy cside fingerprinting at the Cloudflare edge. This is a customer-managed Worker recipe. cside does not need to manage your Cloudflare account for this setup.

Before you start

You need:

  • A Cloudflare zone that routes traffic for the pages you want to fingerprint
  • Permission to create or edit Workers and Worker routes
  • The cside fingerprinting script URL for your domain
  • A backend endpoint that receives the token string extracted from the JSON response returned by /client
Check existing routes

Cloudflare allows only one Worker on a matching route. If another Worker already handles the same path, merge the logic or choose a narrower test route.

Start with a limited route, such as /login* or /checkout*, before routing the Worker across the full site. Keep the Worker fail-open so a cside or Worker issue does not block page delivery.

See Cloudflare’s Workers Routes guide for how to apply a Worker to a route.

Worker example

Store your cside script URL as CSIDE_FINGERPRINT_SCRIPT_URL in the Worker environment.

export default {
  async fetch(request, env) {
    const response = await fetch(request);
    const contentType = response.headers.get("content-type") || "";

    if (!contentType.includes("text/html")) {
      return response;
    }

    try {
      return new HTMLRewriter()
        .on("head", {
          element(element) {
            element.append(
              `<script src="${env.CSIDE_FINGERPRINT_SCRIPT_URL}" referrerpolicy="origin" data-src="6"></script>`,
              { html: true },
            );
          },
        })
        .transform(response);
    } catch {
      return response;
    }
  },
};

Token exchange

The Worker only injects the browser script. Your application still calls sendClientTelemetry(externalIds?), receives { token } from /client, and sends that session token to your backend.

Your backend exchanges the raw session token with cside:

curl https://api.cside.com/token/v1/client \
  --request POST \
  --header "Content-Type: text/plain" \
  --data "$CSIDE_FINGERPRINT_SESSION_TOKEN"

See Retrieving datapoints for retrieval options.

Operational notes

  • Use narrow routes for the first rollout
  • Keep the Worker fail-open
  • Do not inject the script into non-HTML responses
  • Confirm your CSP allows the cside script URL and token exchange endpoint
  • Move from test paths to full coverage after you see datapoints in cside
Was this page helpful?