Edge Cookies (EC)
Trusted Server's EC module maintains user recognition across all browsers through first-party identifiers.
What are Edge Cookies?
Edge Cookies (EC) are privacy-safe identifiers generated on a first site visit using HMAC-based hashing that allow tracking with user consent while protecting user privacy. Trusted Server derives a deterministic HMAC base from the client IP address and appends a short random suffix to reduce collision risk. They are passed in requests on subsequent visits and activity.
Trusted Server surfaces the current EC ID via response headers and a first-party cookie. For the exact header and cookie names, see the API Reference.
How They Work
HMAC-Based Generation
EC IDs use HMAC (Hash-based Message Authentication Code) to generate a deterministic base from the client IP address, then append a short random suffix.
Format: 64-hex-hmac.6-alphanumeric-suffix
IP normalization: IPv6 addresses are normalized to a /64 prefix before hashing.
Configuration
Configure EC secrets in trusted-server.toml. See the full Configuration Reference for the [edge_cookie] section and environment variable overrides.
Privacy Considerations
- EC IDs combine a deterministic HMAC base derived from the client IP with a random suffix for uniqueness. The cookie is only set when storage consent is present
- No personally identifiable information (PII) is stored in the ID
- The hash input is the client IP address only
- IDs can be rotated by changing the secret key
Best Practices
- Always verify GDPR consent before generating IDs
- Rotate secret keys periodically
- Monitor ID collision rates
Next Steps
- Learn about GDPR Compliance
- Configure Ad Serving
- Learn about Collective Sync for cross-publisher data sharing details and diagrams