SourceTag
← All docs

Configuration

Cloudflare Worker for Cookie Persistence

Safari, Brave, and all iOS browsers limit JavaScript cookies to 7 days. If your sales cycle is longer than a week, you lose attribution data before the lead converts.

The WordPress plugin solves this with server-side cookies. For sites not on WordPress (Webflow, Squarespace, Framer, or any static host), you can use a Cloudflare Worker instead.

How it works

The worker sits between your visitors and your site. On every HTML page load, it checks for the SourceTag cookie and re-sets it via an HTTP Set-Cookie header. Browsers treat server-set cookies differently from JavaScript cookies, allowing up to 400 days of persistence.

The worker only refreshes the cookie when:

  • The visitor arrives with UTM parameters or a click ID (new attribution event)
  • The visitor arrives from an external referrer (organic search, social, etc.)
  • More than 24 hours have passed since the last refresh

This keeps the number of Set-Cookie headers minimal.

Requirements

  • Your site must be proxied through Cloudflare (the orange cloud icon must be enabled for your domain in Cloudflare DNS)
  • A Cloudflare account (free tier is sufficient)

Setup

1. Add your site to Cloudflare

If your site isn’t already on Cloudflare, add your domain and point your DNS there. Make sure the proxy is enabled (orange cloud icon) for your domain. This applies to all platforms: Webflow, Squarespace, Framer, or any other host. You’ll need a custom domain (not a .webflow.io or .squarespace.com subdomain) pointed at Cloudflare with the proxy turned on.

2. Deploy the worker

Use the deploy button to create it in your Cloudflare account:

Deploy to Cloudflare Workers

This creates the worker in your Cloudflare account. After deployment, skip to step 4 (adding the route).

Manual setup: If you prefer to create the worker manually, go to Workers & Pages > Create > Create Worker in your Cloudflare dashboard. Name it sourcetag-cookies, paste the code from the GitHub repo, and click Deploy.

4. Add a route

  1. Go to your worker’s Settings > Triggers
  2. Click Add Route
  3. Select your domain’s Zone from the dropdown
  4. Enter your domain as the Route: yourdomain.com/*
  5. Set Failure mode to Fail open (proceed). This ensures your site keeps working normally if the Worker ever errors. The Worker only sets cookies, so there’s no reason to block requests if it fails.
  6. Click Save

5. Test it

Visit your site in Safari. Open developer tools, go to the Network tab, and check the response headers for any HTML page. You should see a Set-Cookie header with _sourcetag and a long Max-Age value.

Platforms this works with

Any site behind Cloudflare:

  • Webflow (with custom domain proxied through Cloudflare)
  • Squarespace (with custom domain proxied through Cloudflare)
  • Framer
  • Carrd
  • Any static hosting (Netlify, Vercel, GitHub Pages, etc.)

FAQ

Does this affect page load speed?

No. The worker adds a Set-Cookie header to the response. It does not modify the page content or add any latency beyond a fraction of a millisecond.

Does this cost anything?

Cloudflare Workers free tier includes 100,000 requests per day. For most sites this is more than enough.

What if I’m already using Cloudflare Workers for something else?

You can combine this with other workers, or use Cloudflare’s route-based worker assignment to run different workers on different paths.

Doesn't answer your question or need more help? Get in touch.