Skip to content
Back to Docs

Edge Integrations

Proxy Setup

Route fingerprint traffic through your own domain to defeat ad blockers and improve collection reliability.

Why use a proxy?

Ad-blocker bypass

Requests to api.lrdefender.lightningresearch.ai are blocked by EasyList and uBlock. A first-party subdomain appears same-origin.

First-party cookies

Set _lr_visitor on your domain with 1-year Max-Age. Survives ITP and third-party cookie deprecation.

Lower latency

Edge proxies route to the nearest LRDefender region. Sub-50ms overhead vs cross-origin round trips.

Platform options

Platform
Latency
Cookie
Cloudflare Worker
Edge (<50ms)
Yes
AWS Lambda@Edge
CloudFront edge
Yes
Vercel Middleware
Vercel edge
Yes
Azure Front Door
Azure edge
Yes
Fastly Compute
Fastly edge
Yes
Next.js Middleware
App edge
Yes
Google Tag Manager
Tag load
Via proxy

Supported proxy paths

  • /lr-agent.js
  • /lr-id
  • /lr-result
  • /api/device-id
  • /api/fingerprint
  • /api/device-recall
  • /api/health
  • /api/challenge/verify

Cloudflare Worker

  1. 1.Copy integrations/cloudflare-worker/ into your Workers project.
  2. 2.Set LR_API_KEY as a secret: wrangler secret put LR_API_KEY
  3. 3.Deploy: wrangler deploy
  4. 4.Route fp.yourdomain.com to the worker.
  5. 5.Point SDK endpoint at https://fp.yourdomain.com
cloudflare-config
# wrangler.toml
name = "lr-defender-proxy"
main = "index.js"

[vars]
LR_REGION = "us-east-1"
LR_CDN_URL = "https://cdn.lrdefender.lightningresearch.ai"

# wrangler secret put LR_API_KEY

AWS Lambda@Edge

  1. 1.Copy integrations/aws-lambda-edge/index.js into your deployment package.
  2. 2.Create Lambda in us-east-1 (required for Lambda@Edge).
  3. 3.Set LR_DEFENDER_HOST and LR_DEFENDER_API_KEY environment variables.
  4. 4.Associate with CloudFront viewer-request for fingerprint paths.
  5. 5.Map fp.yourdomain.com to the CloudFront distribution.
aws-config
# Lambda environment
LR_DEFENDER_HOST=api.lrdefender.lightningresearch.ai
LR_DEFENDER_API_KEY=lr_live_xxxxxxxx

# CloudFront: associate Lambda@Edge on viewer-request

Vercel Middleware

  1. 1.Copy integrations/vercel-middleware/ into your Vercel project.
  2. 2.Set LR_DEFENDER_ENDPOINT and LR_DEFENDER_API_KEY in project env.
  3. 3.Deploy — matcher limits middleware to fingerprint API paths.
  4. 4.Configure SDK endpoint to your Vercel app origin.
vercel-config
// middleware.ts
export { default, config } from './integrations/vercel-middleware/middleware';

// Vercel env:
// LR_DEFENDER_ENDPOINT=https://api.lrdefender.lightningresearch.ai
// LR_DEFENDER_API_KEY=lr_live_xxxxxxxx

Azure Front Door

  1. 1.Deploy integrations/azure-frontdoor/ as an Azure Functions v4 app.
  2. 2.Configure LR_API_KEY in Application Settings.
  3. 3.Attach the function to your Front Door origin group.
  4. 4.Route fp.yourdomain.com through Front Door to the function.
azure-config
# Azure Application Settings
LR_API_KEY=lr_live_xxxxxxxx
LR_REGION=us-east-1
LR_CDN_URL=https://cdn.lrdefender.lightningresearch.ai

Fastly Compute

  1. 1.Build and deploy integrations/fastly-compute/ to your Fastly service.
  2. 2.Set LR_API_KEY via Fastly config store or env.
  3. 3.Map fingerprint routes to the compute backend.
  4. 4.Update SDK endpoint to your Fastly-hosted subdomain.
fastly-config
# fastly.toml — set secrets via:
# fastly secret-store create lr-secrets
# fastly secret create --name LR_API_KEY --store-id <id>

Next.js Middleware

  1. 1.Install @lightningresearch/nextjs or copy integrations/nextjs/.
  2. 2.Add middleware.ts with the provided matcher config.
  3. 3.Set LR_API_KEY in .env.local (server-only).
  4. 4.SDK endpoint becomes your app origin — same domain as your site.
nextjs-config
// middleware.ts
import {
  createLRDefenderMiddleware,
  createMiddlewareConfig,
} from '@lightningresearch/nextjs';

export const middleware = createLRDefenderMiddleware({
  apiKey: process.env.LR_API_KEY!,
  region: 'us-east-1',
});

export const config = createMiddlewareConfig();

Google Tag Manager

  1. 1.Import integrations/gtm/template.json as a custom GTM tag template.
  2. 2.Configure LR_API_KEY and proxy subdomain in tag variables.
  3. 3.Fire the tag on All Pages or your consent-gated trigger.
  4. 4.Ensure your first-party proxy is deployed — GTM loads the agent from your domain.
gtm-config
// GTM tag variables:
// lr_proxy_host = fp.yourdomain.com
// lr_api_key = (server-side only — use GTM server container or proxy auth)
// lr_region = auto

Cookie configuration

Proxies set _lr_visitor on successful identification. Configure your SDK to use the proxy origin as endpoint.

sdk-config.ts
// Successful identification sets _lr_visitor:
// HttpOnly, Secure, SameSite=Lax, Max-Age=31536000 (1 year)

// SDK configuration after proxy deploy:
const lr = new LightningResearch({
  apiKey: 'pk_live_xxx',
  endpoint: 'https://fp.yourdomain.com',  // your first-party proxy
});

HMAC verification setup

Optionally set LR_HMAC_SECRET on your edge integration to require signed requests from trusted clients. Unsigned or invalid signatures return HTTP 401.

hmac-verification.md
// Optional: enable request signing between browser and proxy
// Set LR_HMAC_SECRET on the edge integration

// Client sends X-LR-Signature: HMAC-SHA256(secret, body)
// Proxy returns 401 if signature invalid

// integrations/shared/src/crypto.ts exports hmacSha256Hex()
// Use timing-safe comparison when verifying

Common environment variables

LR_API_KEY — required, tenant API key

LR_REGION — optional, default us-east-1

LR_CDN_URL — optional, SDK CDN host

LR_HMAC_SECRET — optional, request signing

Related:Proxy Integrations (detailed)Quick StartReact guide