Set up fingerprinting
Choose how to deploy cside fingerprinting on your website using Cloudflare Workers, Google Tag Manager, direct script injection, or an NPM package.
Set up cside fingerprinting by loading the browser script early, collecting telemetry with sendClientTelemetry, and sending the returned session token to your backend.
Choose an implementation option
| Method | Best for | Production guidance |
|---|---|---|
| Cloudflare Workers | Sites already routed through Cloudflare | Good for edge injection and limited-path rollout |
| Direct script injection | Most production websites | Recommended when you control the HTML or app shell |
| NPM package | Framework apps with supported packages | Recommended when the package places the script early |
| Google Tag Manager | Quick validation without code changes | Use for testing only when script order matters |
Customer domain recommendation
Use the DNS setup to use your own domain where possible. cside offers this to avoid privacy concerns around third-party domains, make the script look first-party to the browser, and prevent browser ad blockers or client-side blocking from interfering with the script or impacting detection accuracy.
If cside provides a dedicated script URL, use that exact URL in every setup method. The examples below use placeholders.
Serve the script from your own domain
This option lets you serve the fingerprinting script from a subdomain you control, such as fingerprint.example.com. It is intended for production accounts that want first-party script delivery and tighter CSP control.
Custom fingerprint domains require cside to provision a target hostname for your account. Contact cside before adding DNS records.
DNS setup
- Choose a subdomain, for example
fingerprint.example.com - Ask cside for your fingerprinting target hostname
- Add a
CNAMErecord from your subdomain to the cside target - Wait for DNS to propagate and for cside to validate the hostname
- Use your subdomain as the script source
Example DNS record:
| Type | Name | Value |
|---|---|---|
CNAME | fingerprint.example.com | <YOUR_TEAM>.csidefd.com |
After validation, use the customer-domain script URL:
<script
src="https://fingerprint.example.com/client.js"
referrerpolicy="origin"
data-src="6">
</script>Update your CSP to allow the customer subdomain for script-src and connect-src.
Direct script injection
Add the script in the page <head> before you call fingerprinting functions.
<script
src="https://<YOUR_SUBDOMAIN>.csidefd.com/client.js"
referrerpolicy="origin"
data-src="6">
</script>Then call sendClientTelemetry after the script loads. You can call it with no arguments or pass an optional externalIds object.
const response = await sendClientTelemetry({
accountId: "customer-123",
orderId: "order-456",
});
const { token: sessionToken } = await response.json();Send the session token to your backend and exchange it with the cside API. See the Events API for the full flow.
NPM package
For supported frameworks, use the cside package that adds the browser script to the app shell. This is useful when your framework controls document rendering.
The package should still load the same cside script before your app calls sendClientTelemetry.
Please contact the cside team for help if interested in using the NPM installation method.
Google Tag Manager
GTM is useful for fast testing, but it does not guarantee that cside loads before other scripts. Use a Custom HTML tag with an All Pages trigger when validating the flow.
For production enforcement or high-confidence data collection, use direct script injection, an NPM package, or Cloudflare Workers.
Cloudflare Workers
Use Cloudflare Workers when traffic already passes through Cloudflare and you want edge-controlled script injection. See the Cloudflare Workers guide.
Thanks for your feedback!