Server side prefixing

Server-side prefixing

Our c/side script ensures that every injected script is proxied through our server. However, for optimal performance & protection, you must also prefix any URLs used in <script> tags within the HTML sent to the browser. This process varies by framework, so you’ll need to check what options your framework provides.

Reasons behind server-side prefixing

Firefox does not allow scripts included in HTML to modify their sources dynamically, preventing us from adjusting them on the fly. Additionally, other browsers may begin downloading the original scripts before our proxy takes effect, leading to duplicate downloads.

<!-- Scripts sent to the browser this way will start downloading -->
<!-- immediately in Chrome, Edge or Safari. In Firefox, script   -->
<!-- will be "locked", so we won't be able to intercept them:    -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
 
<!-- That's why we need to prefix them with the proxy URL        -->
<!-- before sending them to the browser.                         -->
<script src="https://proxy.csidetm.com/https://code.jquery.com/jquery-3.6.0.min.js" referrerpolicy="origin"></script>

Referrer policy

In the snippet above, you 'll see we added a referrerpolicy attribute. We do this to make sure the origin is sent to the proxy server, which we will need on the proxy end to check your licence.

Solution for SSG

We offer a simple solution for Static site generators (SSG). By just using our CLI tool, you can automatically prefix all script URLs in your HTML files with ease.

Bypassed domains

Some scripts should not be manually prefixed, such as those from stripe.com or paypal.com. These scripts won't work if proxied through us, as they disallow being sent from a different domain. A complete list of domains we bypass can be found here.

Previous

Adding our script

Next

How does the script work?

On this page

Server-side prefixingReasons behind server-side prefixingReferrer policySolution for SSGBypassed domains