> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fingerprint.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Fingerprint JavaScript agent v4.0.0 or later is required.

Fingerprint Cloudflare Proxy Integration proxies JavaScript agent download and identification requests between your website and Fingerprint through Cloudflare. Your website does not strictly need to be behind Cloudflare to use this proxy integration, although that is optimal for ease of setup and maximum accuracy benefits.

<Info>
  This guide assumes you are using [JavaScript agent v4](/reference/js-agent). If you are still
  using JavaScript agent v3, see [Cloudflare Proxy Integration
  (v3)](/docs/v3/cloudflare-integration) or migrate to [JavaScript agent
  v4](/reference/migrating-from-v3-to-v4).
</Info>

<img src="https://mintcdn.com/fingerprint/JTUbc3rQcwtp3hbV/images/1a44a4c-Clouflare_integration.png?fit=max&auto=format&n=JTUbc3rQcwtp3hbV&q=85&s=6d9d9eb0615d969ed92d439045bfe6d3" alt="Cloudflare Proxy Integration" width="3840" height="1692" data-path="images/1a44a4c-Clouflare_integration.png" />

The integration consists of three components:

* Fingerprint infrastructure
* Cloudflare worker, created and managed by Fingerprint but running in your Cloudflare account
* Fingerprint JavaScript agent installed on your website

Fingerprint creates a [Cloudflare Worker](https://workers.cloudflare.com/) on a specific path on your site. The rest of your site is not affected.

Cloudflare worker code is open-source and available [on GitHub](https://github.com/fingerprintjs/cloudflare-worker-proxy). Once the Fingerprint JavaScript agent is configured correctly, the worker delivers the latest client-side logic and proxies identification requests and responses between your site and Fingerprint APIs.

## The benefits of using Cloudflare Proxy Integration

* Significant increase in accuracy in browsers with strict privacy features such as Safari or Firefox
* Cookies are recognized as first-party, so they can live longer in the browser and extend the lifetime of visitor IDs
* Ad blockers do not block the Fingerprint JavaScript agent from loading
* Ad blockers do not block identification requests because they are sent to a path or subdomain that belongs to your site
* Insight and control over identification requests that you can combine with other Cloudflare features such as WAF or Analytics
* The ability to manage unlimited subdomains and paths and provide Fingerprint services to all your customers at any scale while benefiting from first-party integration improvements
* Cookie security: the Cloudflare integration drops all cookies sent from the origin website. The worker code is open-source, so you can verify and audit this behavior
* Easier compliance and auditing

## Setup

The Cloudflare configuration guide in the Fingerprint [dashboard](https://dashboard.fingerprint.com/) will help you set everything up step by step. Start the guide from **SDKs & integrations**.

<Warning>
  **Prerequisites**

  * Only users with the **Admin** or **Owner** roles can launch the Cloudflare configuration guide in the dashboard.
  * Cloudflare Proxy Integration uses the Cloudflare Workers [Custom Routes](https://developers.cloudflare.com/workers/platform/triggers/routes/) feature. Your site must be [added to Cloudflare](https://developers.cloudflare.com/fundamentals/get-started/setup/add-site/) and [proxied](https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, not DNS-only. If you can only add your domain to Cloudflare without proxying, see [Alternative worker subdomain setup (for DNS-only domains)](#alternative-worker-subdomain-setup-for-dns-only-domains).
</Warning>

### Step 1: Follow the Cloudflare configuration wizard

1. Go to **SDKs & integrations**, then select **Cloudflare**.

<img src="https://mintcdn.com/fingerprint/JTUbc3rQcwtp3hbV/images/2405f7a18b78dfc5956ae51c1e55b8a6a158ebded8bc225b8131b2de0775b3f8-CleanShot_2024-11-07_at_12.28.302x.png?fit=max&auto=format&n=JTUbc3rQcwtp3hbV&q=85&s=6d30127d9b78936021811e225c031e34" alt="SDKs & integrations page - Cloudflare Integration" width="3166" height="1650" data-path="images/2405f7a18b78dfc5956ae51c1e55b8a6a158ebded8bc225b8131b2de0775b3f8-CleanShot_2024-11-07_at_12.28.302x.png" />

2. In the Cloudflare configuration guide, click **Connect**.

<img src="https://mintcdn.com/fingerprint/JTUbc3rQcwtp3hbV/images/22b50512977759a0e0e6b6539040c677fcf3c0a8827a1563aff8aa49d8a3d44c-image.png?fit=max&auto=format&n=JTUbc3rQcwtp3hbV&q=85&s=fce50dc0969e34d61eaabdc680397389" alt="Cloudflare configuration wizard - Connect" width="2482" height="1246" data-path="images/22b50512977759a0e0e6b6539040c677fcf3c0a8827a1563aff8aa49d8a3d44c-image.png" />

3. Optionally, [scope the integration to a specific environment](/docs/multiple-environments#proxy-integrations-and-proxy-secrets).
   * By default, the integration works for all environments in your workspace.
   * If you scope the integration to a specific environment, it will only proxy identification requests made with public API keys from that environment.

4. Add information about your Cloudflare account.

<img src="https://mintcdn.com/fingerprint/TYcq-XM0A17l1fxD/images/6a1d5c502f9e9e95fdf38d3f6c3addba197d6e359440a6a16a31630b800632ea-image.png?fit=max&auto=format&n=TYcq-XM0A17l1fxD&q=85&s=5f2eed247a7c20079bc80a3b5dbd2f6c" alt="Cloudflare configuration wizard - Add information" width="946" height="705" data-path="images/6a1d5c502f9e9e95fdf38d3f6c3addba197d6e359440a6a16a31630b800632ea-image.png" />

<br />

| Name                  | Example                                  | Short description                                                                                          |
| :-------------------- | :--------------------------------------- | :--------------------------------------------------------------------------------------------------------- |
| Cloudflare Account ID | 88e2a7348d589a61edd0918e57fb136f         | The Account ID from the [Cloudflare Dashboard](https://dash.cloudflare.com/).                              |
| Cloudflare API Token  | YQSnnxWAQiiEh9qM58wZNnyQS7FUdoqGIUAbrh7T | API token generated on Cloudflare's [**API Tokens** page](https://dash.cloudflare.com/profile/api-tokens). |

#### Cloudflare Account ID

The account ID is required to deploy workers. Go to [Cloudflare Workers](https://dash.cloudflare.com/?to=/:account/workers) and copy the account ID.

#### Cloudflare API token

The API token is required to deploy workers. Go to the [**API Tokens** page](https://dash.cloudflare.com/profile/api-tokens), select [**Create Custom Token**](https://dash.cloudflare.com/profile/api-tokens?permissionGroupKeys=%5B%7B"key"%3A"workers_routes"%2C"type"%3A"edit"%7D%2C%7B"key"%3A"workers_scripts"%2C"type"%3A"edit"%7D%5D\&name=fingerprint.com), and follow these steps:

* Type `fingerprint.com` in the name field
* Add the **Workers Scripts** > **Edit** account permission
* Add the **Workers Routes** > **Edit** zone permission
* Select the account in **Account Resources**
* Select the website in **Zone Resources**
* Add IP filtering for `3.23.16.20`
* Do not set a TTL

<img src="https://mintcdn.com/fingerprint/TYcq-XM0A17l1fxD/images/b9e906d-api_token.png?fit=max&auto=format&n=TYcq-XM0A17l1fxD&q=85&s=7e595dede496e2f76af872fd30f35f2b" alt="API Token Creation Form" width="899" height="802" data-path="images/b9e906d-api_token.png" />

In the next step, review the summary and click **Create Token**.

<img src="https://mintcdn.com/fingerprint/JTUbc3rQcwtp3hbV/images/0098c26-api_token_summary.png?fit=max&auto=format&n=JTUbc3rQcwtp3hbV&q=85&s=b65813777d8dfae0cd0d9e0728f464c9" alt="API Token Summary" width="717" height="434" data-path="images/0098c26-api_token_summary.png" />

<Note>
  **API token safety**

  When creating an API token, grant as few privileges as possible. In the example above, the token can only manage workers in your account. Fingerprint uses your API token only for managing the Fingerprint Cloudflare worker.

  Fingerprint encrypts customer data, including API tokens and configuration items. Client IP address filtering adds another layer of security. Allowing the Fingerprint Cloudflare service IP ensures the API token can only be used by Fingerprint services.
</Note>

5. After entering the account ID and API token, continue to the next step.

<img src="https://mintcdn.com/fingerprint/q7SuknsArT5Y4WhX/images/d683ae2d67d615b5fee125bf91a9dfdfb437d27ef8c3613a68a97be9140b51b1-image.png?fit=max&auto=format&n=q7SuknsArT5Y4WhX&q=85&s=d13b19ca37ebaf58c2c6b140f6a9c24c" alt="Cloudflare configuration wizard - Select domain" width="1962" height="1422" data-path="images/d683ae2d67d615b5fee125bf91a9dfdfb437d27ef8c3613a68a97be9140b51b1-image.png" />

6. Select the same domain you used when creating the API token. If you do not see the domain you want to use, contact [support](https://fingerprint.com/support).

<img src="https://mintcdn.com/fingerprint/TYcq-XM0A17l1fxD/images/989cdf8d6c282100fef0d8ddd6767b747a990c1ca8082568280d87a6ec5a2b01-image.png?fit=max&auto=format&n=TYcq-XM0A17l1fxD&q=85&s=6d3c40e03ac1f34436f199ca94d294b0" alt="Cloudflare configuration wizard - Select domain" width="1982" height="1458" data-path="images/989cdf8d6c282100fef0d8ddd6767b747a990c1ca8082568280d87a6ec5a2b01-image.png" />

7. Confirm the deployment. This process can take several minutes.

Once deployment completes, Fingerprint creates a worker named like `fingerprint-pro-cloudflare-worker-random-id`. You can see it in the [Cloudflare Workers Dashboard](https://dash.cloudflare.com/?to=/:account/workers/overview).

<Warning>
  **Do not disrupt worker authentication or updates**

  The integration wizard creates a proxy secret in your Fingerprint dashboard and passes it to your Cloudflare worker through environment variables.

  Do not delete the proxy secret in either place. Proxied identification requests without a valid proxy secret fail with an authentication error.

  Fingerprint updates your Cloudflare worker to keep visitor identification working correctly as browsers change. Outdated worker configuration can lower accuracy or break visitor identification completely. Do not make changes that would prevent Fingerprint from updating your worker:

  * Do not reduce the API token permissions or revoke it
  * Do not change the worker name
  * Do not change the original worker route or configuration
</Warning>

### Step 2: Configure your JavaScript agent

Once the worker is deployed, configure your client-side application to use it. You can always return to **SDKs & integrations** to get code snippets for different frameworks that match your Cloudflare setup.

<img src="https://mintcdn.com/fingerprint/q7SuknsArT5Y4WhX/images/e963aabe55173aaa9f907734290a9e1756604ad5de66073fd9696df042fe3558-image.png?fit=max&auto=format&n=q7SuknsArT5Y4WhX&q=85&s=8a94bb36f21827f0fa833021b5691e15" alt="Cloudflare configuration wizard - Configure your JavaScript agent" width="1972" height="1618" data-path="images/e963aabe55173aaa9f907734290a9e1756604ad5de66073fd9696df042fe3558-image.png" />

#### JavaScript agent configuration example

<CodeGroup>
  ```javascript NPM package theme={"theme":"github-dark-dimmed"}
  // The same pattern applies to React SDK, Vue SDK, and other frontend SDKs.
  import * as Fingerprint from '@fingerprint/agent';

  const fp = Fingerprint.start({
    apiKey: 'PUBLIC_API_KEY',
    region: 'us',
    endpoints: 'https://yourwebsite.com/WORKER_PATH/?region=us',
  });
  ```

  ```javascript CDN installation theme={"theme":"github-dark-dimmed"}
  const fpPromise = import('https://yourwebsite.com/WORKER_PATH/web/v4/PUBLIC_API_KEY').then(
    (Fingerprint) =>
      Fingerprint.start({
        region: 'us',
        endpoints: 'https://yourwebsite.com/WORKER_PATH/?region=us',
      }),
  );
  ```
</CodeGroup>

* Include the region in the `endpoints` URL query string using the format `?region=REGION`. Replace `REGION` with the [region](/docs/regions) of your application.

<Note>
  **Migrating from JavaScript agent v3**

  Cloudflare Proxy Integration remains compatible with JavaScript agent v3, so you can upgrade when it works for your rollout plan.

  When you migrate to JavaScript agent v4:

  * Remove `scriptUrlPattern` and `endpoint`
  * Replace them with a single `endpoints` option that points to the worker route, for example `https://yourwebsite.com/WORKER_PATH/?region=us`
  * See [Migrating JavaScript agent from v3 to v4](/reference/migrating-from-v3-to-v4#use-endpoints-instead-of-scripturlpattern) for more details
</Note>

### Using multiple worker routes

Cloudflare Proxy Integration uses Cloudflare Workers, which supports [multiple routes](https://developers.cloudflare.com/workers/platform/triggers/routes/). You can add more routes if you need to, but do not change the original worker route or configuration created by Fingerprint.

## Monitoring and troubleshooting the integration

Go to **Dashboard** > [**SDKs & integrations**](https://dashboard.fingerprint.com/integrations) > **Cloudflare** to see the integration status, usage statistics, and configuration. You can monitor:

* Whether the integration is up to date
* How many identification requests go through the integration, and how many do not
* The error rate of proxied identification requests, usually caused by a missing or incorrect proxy secret

The information on the status page is cached, so allow a few minutes for the latest data points to appear.

<img src="https://mintcdn.com/fingerprint/q7SuknsArT5Y4WhX/images/da812b35a7227e3875aa3d5288f2eb378ef84c5f8a466958c9fe1811d1db4708-image.png?fit=max&auto=format&n=q7SuknsArT5Y4WhX&q=85&s=c1e1da2ea341c3206cef8a33f499d90a" alt="Cloudflare integration status" width="1281" height="863" data-path="images/da812b35a7227e3875aa3d5288f2eb378ef84c5f8a466958c9fe1811d1db4708-image.png" />

The Cloudflare integration has limited visibility into your Cloudflare environment. If you run into issues, verify that firewall rules, rate limiting rules, or other Cloudflare restrictions are not disrupting the Fingerprint worker and its path. Contact [support](https://fingerprint.com/support/) if needed.

### Updating the Cloudflare token

If you accidentally delete the Cloudflare API token you provided to Fingerprint, you can update it in the Fingerprint dashboard.

* Go to [**SDKs & integrations**](https://dashboard.fingerprint.com/integrations) > **Cloudflare** and click **Edit API token**

<img src="https://mintcdn.com/fingerprint/TYcq-XM0A17l1fxD/images/6f3fe22e9c06eaea8ab38722781a0d094247ec206e3b996e093ee9c74527bdc9-CleanShot_2024-11-07_at_12.33.402x.png?fit=max&auto=format&n=TYcq-XM0A17l1fxD&q=85&s=d5f7cb3e8d23bf252af09feb7d3ea6b4" alt="Cloudflare configuration wizard - Updating the Cloudflare token" width="2548" height="904" data-path="images/6f3fe22e9c06eaea8ab38722781a0d094247ec206e3b996e093ee9c74527bdc9-CleanShot_2024-11-07_at_12.33.402x.png" />

### Deleting the integration

If something goes irreversibly wrong with your integration or Cloudflare worker configuration, you can delete everything and create a new integration from scratch.

1. Make sure your Fingerprint JavaScript agent is not using the integration URLs you are about to delete.
2. Go to [**SDKs & integrations**](https://dashboard.fingerprint.com/integrations) > **Cloudflare** and click **Delete integration** at the bottom of the page.

This deletes the Cloudflare worker and all associated records.

## Alternative worker subdomain setup (for DNS-only domains)

The Cloudflare configuration guide above assumes your website is added to Cloudflare and [proxied through Cloudflare](https://developers.cloudflare.com/dns/manage-dns-records/reference/proxied-dns-records/) instead of DNS-only. If your website uses DNS-only mode, the worker is not accessible on the generated path and the provided code snippets do not work.

<img src="https://mintcdn.com/fingerprint/JTUbc3rQcwtp3hbV/images/1b59897-image.png?fit=max&auto=format&n=JTUbc3rQcwtp3hbV&q=85&s=b15841a55b42e3abfb87aa416c02da03" alt="Cloudflare integration status" width="2254" height="262" data-path="images/1b59897-image.png" />

If you cannot proxy your primary domain through Cloudflare, you can host the Fingerprint worker on a subdomain instead. This still requires that your website is [added to Cloudflare](https://developers.cloudflare.com/fundamentals/setup/manage-domains/add-site/) without proxying.

1. Follow the installation steps above to deploy the proxy integration worker in your Cloudflare account.
2. Go to your [Cloudflare dashboard](https://dash.cloudflare.com/).
3. In the left-hand navigation, click **Workers & Pages**.
4. Click your Fingerprint Cloudflare worker. It will be named like **fingerprint-pro-cloudflare-worker-yourwebsite-com**.
5. At the top, click **Settings**, then find **Domains & Routes**.
6. Click **+ Add** and select **Custom domain**.
7. Enter a subdomain like `metrics.yourwebsite.com` and click **Add domain**. Avoid terms commonly blocked by ad blockers like `fingerprint`, `fpjs`, or `track`.

<img src="https://mintcdn.com/fingerprint/TYcq-XM0A17l1fxD/images/9ad83f6136af6a03867949e3f6d706cac7526dac8ad7ebe62d4d17ae3aefd7f4-cloudflare_add_custom_domain.png?fit=max&auto=format&n=TYcq-XM0A17l1fxD&q=85&s=c4f29869b8299893c871ecdd2acf48d9" alt="Cloudflare add custom domain" width="1084" height="383" data-path="images/9ad83f6136af6a03867949e3f6d706cac7526dac8ad7ebe62d4d17ae3aefd7f4-cloudflare_add_custom_domain.png" />

Your new subdomain will be proxied through Cloudflare, even though your primary domain is not:

<img src="https://mintcdn.com/fingerprint/q7SuknsArT5Y4WhX/images/d3feb8c-cloudflare-alternative-setup-dns.png?fit=max&auto=format&n=q7SuknsArT5Y4WhX&q=85&s=3031b793b363b66f5361f48e3e1fbfa1" alt="Cloudflare alternative setup DNS" width="2616" height="772" data-path="images/d3feb8c-cloudflare-alternative-setup-dns.png" />

Your Fingerprint worker is now accessible on the chosen subdomain. Update the code snippets shown on [**SDKs & integrations**](https://dashboard.fingerprint.com/integrations) accordingly. For example, `endpoints: https://yourwebsite.com/VWmFUKL1dfIjc8gg/?region=us` becomes `endpoints: https://metrics.yourwebsite.com/VWmFUKL1dfIjc8gg/?region=us`.
