Prospect One

Prospect One

Open-source CDN for JavaScript libraries and npm packages. jsDelivr serves free, fast, and reliable assets globally without tracking end users. Access logs may record IP addresses for abuse prevention, but no advertising or behavioral cookies are set.

Back to Vendor Library

Overview

jsDelivr is a free, open-source content delivery network (CDN) purpose-built for open-source JavaScript libraries and npm packages. Operated by Prospect One, a web infrastructure company, jsDelivr serves billions of requests per month to web developers worldwide who use it to load popular front-end libraries — jQuery, Bootstrap, Vue.js, React, lodash, Font Awesome, and thousands of others — without self-hosting them. The CDN has edge nodes across multiple continents and is available at no cost under an open-source community model.

jsDelivr is unique among CDNs in providing a permanent URL structure that never 404s — even for deleted or deprecated npm packages — making it a reliable long-term asset hosting option. It also supports a GitHub integration that allows any public GitHub repository's files to be served via the CDN automatically.

What This Script Does

jsDelivr is a pure asset delivery service with no client-side tracking code, advertising capabilities, or behavioral data collection.

How it works:

  • Requests to cdn.jsdelivr.net/npm/[package]@[version]/[file] or cdn.jsdelivr.net/gh/[user]/[repo]/[file] are resolved at the CDN edge and the requested static file (JS, CSS, fonts, images) is returned
  • The browser loads the file as a standard <script>, <link>, or <img> resource — no jsDelivr JavaScript executes within the page context
  • No cookies are set on the visitor's browser by jsDelivr for any purpose
  • No localStorage or sessionStorage entries are written
  • No tracking pixels or beacons are fired

Server-side access logs: jsDelivr's CDN infrastructure logs standard HTTP access data — including the requesting IP address, requested URL, timestamp, user agent string, and referrer — for purposes of abuse prevention, security monitoring, and aggregate usage statistics (used to publish download counts on npm). This logging occurs at the infrastructure level, not through any browser-side mechanism, and constitutes server log data rather than cookie-based tracking.

Subresource Integrity (SRI): jsDelivr URLs are compatible with the integrity attribute for Subresource Integrity verification, allowing browsers to cryptographically verify that the delivered file matches the expected content and reject tampered assets.

URL structure examples:

  • https://cdn.jsdelivr.net/npm/[email protected]/dist/axios.min.js
  • https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css
  • https://cdn.jsdelivr.net/gh/username/repository@version/path/to/file.js

Consent & Compliance

jsDelivr falls under the essential consent category.

  • GDPR/ePrivacy: No consent required. jsDelivr does not set cookies, access terminal device storage, or perform any browser-side tracking. The server-side IP logging for abuse prevention constitutes legitimate interest processing under Article 6(1)(f) GDPR and does not trigger the Article 5(3) ePrivacy requirement for consent.
  • CCPA/CPRA: jsDelivr does not collect personal information for commercial purposes. Server-side access logs are not shared or sold.
  • ePrivacy Directive: Article 5(3) applies only to the reading or writing of information on terminal equipment. jsDelivr does not engage in this activity.
  • Data transfers: jsDelivr CDN infrastructure is distributed globally. Prospect One is a EU-based entity; server log data processing is covered under standard EU data protection requirements.

Should You Block This Without Consent?

No. jsDelivr is essential infrastructure for delivering front-end libraries and assets. It does not set cookies, track users, or collect behavioral data. Blocking it would break any functionality dependent on the libraries it serves. No consent gate is warranted.

Visit website

Consent Categories

Essential

Also Known As

Prospect OnejsDelivropen-source CDNnpm CDNfree JavaScript CDN

Industries

Computers Electronics and Technology

Tracked Domains (1)

jsdelivr.netEssential

Frequently Asked Questions

Does jsDelivr (Prospect One) require cookie consent?

No. jsDelivr is a pure CDN that delivers static JavaScript and CSS files. It sets no cookies, writes nothing to localStorage, and fires no tracking pixels. The only data processed is standard server-side access logs for abuse prevention, which do not require consent.

What does a jsDelivr request actually do?

When your site loads a resource from cdn.jsdelivr.net, the browser fetches the static file — a JS library, CSS stylesheet, or font — directly from the CDN edge. No jsDelivr JavaScript executes within your page, and no visitor data is shared with advertising networks.

How does ConsentStack handle Prospect One / jsDelivr?

ConsentStack classifies jsDelivr as an essential vendor with no consent requirement. Its CDN requests are always permitted regardless of visitor consent choices, ensuring that any JavaScript libraries or stylesheets your site depends on continue to load for all visitors.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for Prospect One

ConsentStack automatically detects and manages Prospect One trackers so your site stays compliant with global privacy regulations.

Get started