From 61ef195c1ea7abb0d02b95391de260c349114d51 Mon Sep 17 00:00:00 2001
From: prk-Jr <prakashsagwara@gmail.com>
Date: Tue, 10 Feb 2026 21:21:07 +0530
Subject: [PATCH 1/5] Expose Fastly geo data to replace third-party lookups

Third-party geo and DMA lookups add avoidable latency and introduce
additional privacy and compliance risk. This change enables geo
information to be derived from Fastly at the edge and passed through
the Trusted Server instead of relying on browser-side APIs.

Centralizing geo handling reduces external dependencies, improves
reliability when third-party services fail, and supports ongoing
efforts to minimize client-side data exposure while preserving
existing ad and bidding functionality.

Resolves: #280
---
 crates/common/src/error.rs                   |   5 +
 crates/common/src/html_processor.rs          |   8 +
 crates/common/src/integrations/nextjs/mod.rs |   1 +
 crates/common/src/integrations/prebid.rs     | 309 ++++++++++++++++++-
 crates/common/src/integrations/registry.rs   |   4 +
 crates/common/src/publisher.rs               |  58 ++++
 crates/fastly/src/main.rs                    |   6 +-
 7 files changed, 383 insertions(+), 8 deletions(-)

diff --git a/crates/common/src/error.rs b/crates/common/src/error.rs
index c5964cfe..a3c52832 100644
--- a/crates/common/src/error.rs
+++ b/crates/common/src/error.rs
@@ -42,6 +42,10 @@ pub enum TrustedServerError {
     #[display("Invalid UTF-8 data: {message}")]
     InvalidUtf8 { message: String },
 
+    /// Serialization error.
+    #[display("Serialization error: {message}")]
+    Serialization { message: String },
+
     /// HTTP header value creation failed.
     #[display("Invalid HTTP header value: {message}")]
     InvalidHeaderValue { message: String },
@@ -100,6 +104,7 @@ impl IntoHttpResponse for TrustedServerError {
             Self::GdprConsent { .. } => StatusCode::BAD_REQUEST,
             Self::InsecureSecretKey => StatusCode::INTERNAL_SERVER_ERROR,
             Self::InvalidHeaderValue { .. } => StatusCode::BAD_REQUEST,
+            Self::Serialization { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             Self::InvalidUtf8 { .. } => StatusCode::BAD_REQUEST,
             Self::KvStore { .. } => StatusCode::SERVICE_UNAVAILABLE,
             Self::Prebid { .. } => StatusCode::BAD_GATEWAY,
diff --git a/crates/common/src/html_processor.rs b/crates/common/src/html_processor.rs
index f4909aa7..c4a63b2e 100644
--- a/crates/common/src/html_processor.rs
+++ b/crates/common/src/html_processor.rs
@@ -24,6 +24,7 @@ struct HtmlWithPostProcessing {
     request_host: String,
     request_scheme: String,
     document_state: IntegrationDocumentState,
+    geo_info: Option<crate::geo::GeoInfo>,
 }
 
 impl StreamProcessor for HtmlWithPostProcessing {
@@ -42,6 +43,7 @@ impl StreamProcessor for HtmlWithPostProcessing {
             request_scheme: &self.request_scheme,
             origin_host: &self.origin_host,
             document_state: &self.document_state,
+            geo: self.geo_info.as_ref(),
         };
 
         // Preflight to avoid allocating a `String` unless at least one post-processor wants to run.
@@ -90,6 +92,7 @@ pub struct HtmlProcessorConfig {
     pub request_host: String,
     pub request_scheme: String,
     pub integrations: IntegrationRegistry,
+    pub geo_info: Option<crate::geo::GeoInfo>,
 }
 
 impl HtmlProcessorConfig {
@@ -101,12 +104,14 @@ impl HtmlProcessorConfig {
         origin_host: &str,
         request_host: &str,
         request_scheme: &str,
+        geo_info: Option<&crate::geo::GeoInfo>,
     ) -> Self {
         Self {
             origin_host: origin_host.to_string(),
             request_host: request_host.to_string(),
             request_scheme: request_scheme.to_string(),
             integrations: integrations.clone(),
+            geo_info: geo_info.cloned(),
         }
     }
 }
@@ -450,6 +455,7 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
         request_host: config.request_host,
         request_scheme: config.request_scheme,
         document_state,
+        geo_info: config.geo_info,
     }
 }
 
@@ -471,6 +477,7 @@ mod tests {
             request_host: "test.example.com".to_string(),
             request_scheme: "https".to_string(),
             integrations: IntegrationRegistry::default(),
+            geo_info: None,
         }
     }
 
@@ -577,6 +584,7 @@ mod tests {
             "origin.test-publisher.com",
             "proxy.example.com",
             "https",
+            None,
         );
 
         assert_eq!(config.origin_host, "origin.test-publisher.com");
diff --git a/crates/common/src/integrations/nextjs/mod.rs b/crates/common/src/integrations/nextjs/mod.rs
index 549e420d..7483423d 100644
--- a/crates/common/src/integrations/nextjs/mod.rs
+++ b/crates/common/src/integrations/nextjs/mod.rs
@@ -121,6 +121,7 @@ mod tests {
             "origin.example.com",
             "test.example.com",
             "https",
+            None,
         )
     }
 
diff --git a/crates/common/src/integrations/prebid.rs b/crates/common/src/integrations/prebid.rs
index 2a5ddba6..380342e7 100644
--- a/crates/common/src/integrations/prebid.rs
+++ b/crates/common/src/integrations/prebid.rs
@@ -54,6 +54,18 @@ pub struct PrebidIntegrationConfig {
         deserialize_with = "crate::settings::vec_from_seq_or_map"
     )]
     pub script_patterns: Vec<String>,
+    #[serde(default)]
+    pub auto_configure: bool,
+
+    #[serde(default)]
+    pub inject_geo: bool,
+
+    #[serde(default = "default_geo_cache_key")]
+    pub geo_cache_key: String,
+}
+
+fn default_geo_cache_key() -> String {
+    "cwgl".to_string()
 }
 
 impl IntegrationConfig for PrebidIntegrationConfig {
@@ -192,15 +204,138 @@ fn build(settings: &Settings) -> Option<Arc<PrebidIntegration>> {
     Some(PrebidIntegration::new(config))
 }
 
+pub struct PrebidHtmlInjector {
+    config: PrebidIntegrationConfig,
+}
+
+impl PrebidHtmlInjector {
+    fn new(config: PrebidIntegrationConfig) -> Arc<Self> {
+        Arc::new(Self { config })
+    }
+}
+
+impl crate::integrations::IntegrationHtmlPostProcessor for PrebidHtmlInjector {
+    fn integration_id(&self) -> &'static str {
+        PREBID_INTEGRATION_ID
+    }
+
+    fn should_process(
+        &self,
+        html: &str,
+        _ctx: &crate::integrations::IntegrationHtmlContext<'_>,
+    ) -> bool {
+        // Only inject if there's a head tag (to be safe) and we haven't already injected
+        html.contains("<head")
+    }
+
+    fn post_process(
+        &self,
+        html: &mut String,
+        ctx: &crate::integrations::IntegrationHtmlContext<'_>,
+    ) -> bool {
+        // Construct the S2S config
+        // Note: We use the trusted server itself as the endpoint
+        let s2s_config = json!({
+            "accountId": "trusted-server",
+            "enabled": true,
+            "bidders": self.config.bidders,
+            "timeout": self.config.timeout_ms,
+            "adapter": "prebidServer",
+            "endpoint": format!("{}://{}/openrtb2/auction", ctx.request_scheme, ctx.request_host),
+            "syncEndpoint": format!("{}://{}/cookie_sync", ctx.request_scheme, ctx.request_host),
+            "cookieSet": true,
+            "cookiesetUrl": format!("{}://{}/setuid", ctx.request_scheme, ctx.request_host),
+        });
+
+        // Create geo injection script if enabled and geo info is available
+        let geo_script = if self.config.inject_geo {
+            if let Some(geo) = ctx.geo {
+                let geo_data = json!({
+                    "country": geo.country,
+                    "region": geo.region,
+                    "city": geo.city,
+                    "postal_code": "", // Not currently available in GeoInfo
+                });
+
+                // Script to inject geo data into localStorage
+                // We use the configured cache key
+                // We also set the timestamp key (usually cache_key + "t")
+                // And we set window._tudeGeo as a fallback/optimization for Aditude wrapper
+                format!(
+                    r#"<script>
+                    (function() {{
+                        try {{
+                            var geo = {};
+                            var now = Date.now();
+                            localStorage.setItem("{}", JSON.stringify(geo));
+                            localStorage.setItem("{}t", now);
+                            window._tudeGeo = geo;
+                        }} catch (e) {{
+                            console.error("Trusted Server: Failed to inject geo", e);
+                        }}
+                    }})();
+                    </script>"#,
+                    geo_data, self.config.geo_cache_key, self.config.geo_cache_key
+                )
+            } else {
+                String::new()
+            }
+        } else {
+            String::new()
+        };
+
+        let script = format!(
+            r#"<script>
+            (function() {{
+                var pbjs = window.pbjs || {{}};
+                pbjs.que = pbjs.que || [];
+                pbjs.que.push(function() {{
+                    pbjs.setConfig({{
+                        s2sConfig: {}
+                    }});
+                }});
+                window.pbjs = pbjs;
+                window.__trustedServerPrebid = true;
+            }})();
+            </script>"#,
+            s2s_config
+        );
+
+        let final_injection = format!("{geo_script}{script}");
+
+        // Inject after <head>
+        if let Some(idx) = html.find("<head>") {
+            let insert_point = idx + 6;
+            html.insert_str(insert_point, &final_injection);
+            true
+        } else if let Some(idx) = html.find("<head") {
+            // Handle case with attributes like <head class="...">
+            if let Some(close_idx) = html[idx..].find('>') {
+                let insert_point = idx + close_idx + 1;
+                html.insert_str(insert_point, &final_injection);
+                true
+            } else {
+                false
+            }
+        } else {
+            false
+        }
+    }
+}
+
 #[must_use]
 pub fn register(settings: &Settings) -> Option<IntegrationRegistration> {
     let integration = build(settings)?;
-    Some(
-        IntegrationRegistration::builder(PREBID_INTEGRATION_ID)
-            .with_proxy(integration.clone())
-            .with_attribute_rewriter(integration)
-            .build(),
-    )
+    let mut builder = IntegrationRegistration::builder(PREBID_INTEGRATION_ID)
+        .with_proxy(integration.clone())
+        .with_attribute_rewriter(integration.clone());
+
+    if integration.config.auto_configure {
+        builder =
+            builder.with_html_post_processor(PrebidHtmlInjector::new(integration.config.clone()));
+    }
+
+    Some(builder.build())
 }
 
 #[async_trait(?Send)]
@@ -753,7 +888,10 @@ pub fn register_auction_provider(settings: &Settings) -> Vec<Arc<dyn AuctionProv
 mod tests {
     use super::*;
     use crate::html_processor::{create_html_processor, HtmlProcessorConfig};
-    use crate::integrations::{AttributeRewriteAction, IntegrationRegistry};
+    use crate::integrations::{
+        AttributeRewriteAction, IntegrationDocumentState, IntegrationHtmlContext,
+        IntegrationHtmlPostProcessor, IntegrationRegistry,
+    };
     use crate::settings::Settings;
     use crate::streaming_processor::{Compression, PipelineConfig, StreamingPipeline};
     use crate::test_support::tests::crate_test_settings_str;
@@ -774,6 +912,9 @@ mod tests {
             debug: false,
             debug_query_params: None,
             script_patterns: default_script_patterns(),
+            auto_configure: false,
+            inject_geo: false,
+            geo_cache_key: "cwgl".to_string(),
         }
     }
 
@@ -787,6 +928,7 @@ mod tests {
             "origin.example.com",
             "test.example.com",
             "https",
+            None,
         )
     }
 
@@ -1117,4 +1259,157 @@ server_url = "https://prebid.example"
         // Should have 0 routes when no script patterns configured
         assert_eq!(routes.len(), 0);
     }
+
+    #[test]
+    fn test_prebid_html_injector_injection_logic() {
+        let config = PrebidIntegrationConfig {
+            enabled: true,
+            server_url: "http://localhost:8080".to_string(),
+            timeout_ms: 2000,
+            bidders: vec!["bidderA".to_string(), "bidderB".to_string()],
+            debug: false,
+            debug_query_params: None,
+            script_patterns: vec![],
+            auto_configure: true,
+            inject_geo: false,
+            geo_cache_key: "cwgl".to_string(),
+        };
+        let injector = PrebidHtmlInjector::new(config);
+        let params = IntegrationDocumentState::default();
+        let ctx = IntegrationHtmlContext {
+            request_host: "pub.example",
+            request_scheme: "https",
+            origin_host: "origin.example",
+            document_state: &params,
+            geo: None,
+        };
+
+        // Case 1: Simple <head>
+        let mut html = "<html><head><title>Test</title></head><body></body></html>".to_string();
+        assert!(injector.post_process(&mut html, &ctx));
+        assert!(html.starts_with("<html><head><script>"));
+        assert!(html.contains("pbjs.setConfig"));
+
+        // Case 2: Head with attributes
+        let mut html =
+            r#"<html><head lang="en"><title>Test</title></head><body></body></html>"#.to_string();
+        assert!(injector.post_process(&mut html, &ctx));
+        assert!(html.starts_with(r#"<html><head lang="en"><script>"#));
+
+        // Case 3: No head
+        let mut html = "<html><body></body></html>".to_string();
+        assert!(!injector.post_process(&mut html, &ctx));
+        assert!(!html.contains("pbjs.setConfig"));
+    }
+
+    #[test]
+    fn test_prebid_html_injector_config_content() {
+        let config = PrebidIntegrationConfig {
+            enabled: true,
+            server_url: "http://localhost:8080".to_string(),
+            timeout_ms: 2000,
+            bidders: vec!["bidderA".to_string(), "bidderB".to_string()],
+            debug: false,
+            debug_query_params: None,
+            script_patterns: vec![],
+            auto_configure: true,
+            inject_geo: false,
+            geo_cache_key: "cwgl".to_string(),
+        };
+        let injector = PrebidHtmlInjector::new(config);
+        let params = IntegrationDocumentState::default();
+        let ctx = IntegrationHtmlContext {
+            request_host: "pub.example",
+            request_scheme: "https",
+            origin_host: "origin.example",
+            document_state: &params,
+            geo: None,
+        };
+
+        let mut html = "<html><head></head></html>".to_string();
+        injector.post_process(&mut html, &ctx);
+
+        // Extract the JSON config from the injected script
+        // Script pattern: ... s2sConfig: { ... } ...
+        let start_marker = "s2sConfig: ";
+        let start_idx =
+            html.find(start_marker).expect("should find s2sConfig") + start_marker.len();
+        let end_idx = html[start_idx..]
+            .find("}")
+            .expect("should find closing brace")
+            + start_idx
+            + 1; // +1 to include }
+
+        let json_str = &html[start_idx..end_idx];
+        let json: serde_json::Value =
+            serde_json::from_str(json_str).expect("should parse valid JSON config");
+
+        assert_eq!(json["timeout"], 2000);
+        assert_eq!(json["bidders"][0], "bidderA");
+        assert_eq!(json["bidders"][1], "bidderB");
+        assert_eq!(json["endpoint"], "https://pub.example/openrtb2/auction");
+        assert_eq!(json["accountId"], "trusted-server");
+        assert_eq!(json["enabled"], true);
+    }
+
+    #[test]
+    fn html_processor_injects_geo_info() {
+        let html = r#"<html><head></head><body></body></html>"#;
+
+        let mut settings = make_settings();
+        settings
+            .integrations
+            .insert_config(
+                "prebid",
+                &json!({
+                    "enabled": true,
+                    "server_url": "https://test-prebid.com/openrtb2/auction",
+                    "timeout_ms": 1000,
+                    "bidders": ["mocktioneer"],
+                    "script_patterns": [],
+                    "inject_geo": true,
+                    "geo_cache_key": "cwgl_test",
+                    "auto_configure": true
+                }),
+            )
+            .expect("should update prebid config");
+
+        let registry = IntegrationRegistry::new(&settings).expect("should create registry");
+
+        let geo_info = crate::geo::GeoInfo {
+            city: "New York".to_string(),
+            country: "US".to_string(),
+            continent: "NA".to_string(),
+            latitude: 40.7128,
+            longitude: -74.0060,
+            metro_code: 501,
+            region: Some("NY".to_string()),
+        };
+
+        let config = config_from_settings(&settings, &registry);
+        // Manually override geo_info in config since config_from_settings defaults to None
+        let mut config = config;
+        config.geo_info = Some(geo_info);
+
+        let processor = create_html_processor(config);
+        let pipeline_config = PipelineConfig {
+            input_compression: Compression::None,
+            output_compression: Compression::None,
+            chunk_size: 8192,
+        };
+        let mut pipeline = StreamingPipeline::new(pipeline_config, processor);
+
+        let mut output = Vec::new();
+        pipeline
+            .process(Cursor::new(html.as_bytes()), &mut output)
+            .expect("should process html");
+
+        let result = String::from_utf8(output).expect("valid utf8");
+
+        // Verify geo injection script
+        assert!(result.contains("localStorage.setItem(\"cwgl_test\", JSON.stringify(geo));"));
+        assert!(result.contains("\"country\":\"US\""));
+        assert!(result.contains("\"city\":\"New York\""));
+        assert!(result.contains("\"region\":\"NY\""));
+    }
 }
diff --git a/crates/common/src/integrations/registry.rs b/crates/common/src/integrations/registry.rs
index 7fe9e778..9bfd0320 100644
--- a/crates/common/src/integrations/registry.rs
+++ b/crates/common/src/integrations/registry.rs
@@ -345,6 +345,8 @@ pub trait IntegrationScriptRewriter: Send + Sync {
     fn rewrite(&self, content: &str, ctx: &IntegrationScriptContext<'_>) -> ScriptRewriteAction;
 }
 
+use crate::geo::GeoInfo;
+
 /// Context for HTML post-processors.
 #[derive(Debug)]
 pub struct IntegrationHtmlContext<'a> {
@@ -352,6 +354,7 @@ pub struct IntegrationHtmlContext<'a> {
     pub request_scheme: &'a str,
     pub origin_host: &'a str,
     pub document_state: &'a IntegrationDocumentState,
+    pub geo: Option<&'a GeoInfo>,
 }
 
 /// Trait for integration-provided HTML post-processors.
@@ -817,6 +820,7 @@ mod tests {
             request_scheme: "https",
             origin_host: "origin.example.com",
             document_state: &document_state,
+            geo: None,
         };
 
         assert!(
diff --git a/crates/common/src/publisher.rs b/crates/common/src/publisher.rs
index 7d8f92d5..7d4675f3 100644
--- a/crates/common/src/publisher.rs
+++ b/crates/common/src/publisher.rs
@@ -42,6 +42,31 @@ pub fn handle_tsjs_dynamic(req: &Request) -> Result<Response, Report<TrustedServ
     Ok(resp)
 }
 
+/// Returns the geographic information for the request as a JSON response.
+///
+/// Use this endpoint to get the client's location data (City, Country, DMA, etc.)
+/// without making a third-party API call.
+///
+/// # Errors
+///
+/// Returns a 500 error if JSON serialization fails (unlikely).
+pub fn handle_geo_info(req: &Request) -> Result<Response, Report<TrustedServerError>> {
+    use crate::geo::GeoInfo;
+
+    let geo_info = GeoInfo::from_request(req);
+
+    // Create a JSON response
+    let body =
+        serde_json::to_string(&geo_info).change_context(TrustedServerError::Serialization {
+            message: "Failed to serialize geo info".to_string(),
+        })?;
+
+    Ok(Response::from_body(body)
+        .with_status(StatusCode::OK)
+        .with_header(header::CONTENT_TYPE, "application/json")
+        .with_header("Cache-Control", "private, no-store"))
+}
+
 /// Parameters for processing response streaming
 struct ProcessResponseParams<'a> {
     content_encoding: &'a str,
@@ -52,6 +77,7 @@ struct ProcessResponseParams<'a> {
     settings: &'a Settings,
     content_type: &'a str,
     integration_registry: &'a IntegrationRegistry,
+    geo_info: Option<&'a crate::geo::GeoInfo>,
 }
 
 /// Process response body in streaming fashion with compression preservation
@@ -86,6 +112,7 @@ fn process_response_streaming(
             params.request_scheme,
             params.settings,
             params.integration_registry,
+            params.geo_info,
         )?;
 
         let config = PipelineConfig {
@@ -147,6 +174,7 @@ fn create_html_stream_processor(
     request_scheme: &str,
     settings: &Settings,
     integration_registry: &IntegrationRegistry,
+    geo_info: Option<&crate::geo::GeoInfo>,
 ) -> Result<impl StreamProcessor, Report<TrustedServerError>> {
     use crate::html_processor::{create_html_processor, HtmlProcessorConfig};
 
@@ -156,6 +184,7 @@ fn create_html_stream_processor(
         origin_host,
         request_host,
         request_scheme,
+        geo_info,
     );
 
     Ok(create_html_processor(config))
@@ -219,6 +248,29 @@ pub fn handle_publisher_request(
     let backend_name = ensure_backend_from_url(&settings.publisher.origin_url)?;
     let origin_host = settings.publisher.origin_host();
 
+    // Inject Geo headers for the backend request
+    crate::geo::get_dma_code(&mut req);
+
+    // Extract GeoInfo from request before it is consumed
+    use crate::geo::GeoInfo;
+    let geo_info = GeoInfo::from_request(&req);
+
+    // Capture Geo headers to copy to response
+    let geo_headers: Vec<(String, String)> = [
+        "x-geo-city",
+        "x-geo-country",
+        "x-geo-continent",
+        "x-geo-coordinates",
+        "x-geo-metro-code",
+    ]
+    .iter()
+    .filter_map(|&h| {
+        req.get_header(h)
+            .and_then(|v| v.to_str().ok())
+            .map(|v| (h.to_string(), v.to_string()))
+    })
+    .collect();
+
     log::debug!(
         "Proxying to dynamic backend: {} (from {})",
         backend_name,
@@ -232,6 +284,11 @@ pub fn handle_publisher_request(
             message: "Failed to proxy request to origin".to_string(),
         })?;
 
+    // Copy Geo headers to response
+    for (name, value) in geo_headers {
+        response.set_header(name, value);
+    }
+
     // Log all response headers for debugging
     log::debug!("Response headers:");
     for (name, value) in response.get_headers() {
@@ -276,6 +333,7 @@ pub fn handle_publisher_request(
             settings,
             content_type: &content_type,
             integration_registry,
+            geo_info: geo_info.as_ref(),
         };
         match process_response_streaming(body, &params) {
             Ok(processed_body) => {
diff --git a/crates/fastly/src/main.rs b/crates/fastly/src/main.rs
index 0112bd99..3cb6d711 100644
--- a/crates/fastly/src/main.rs
+++ b/crates/fastly/src/main.rs
@@ -12,7 +12,9 @@ use trusted_server_common::proxy::{
     handle_first_party_click, handle_first_party_proxy, handle_first_party_proxy_rebuild,
     handle_first_party_proxy_sign,
 };
-use trusted_server_common::publisher::{handle_publisher_request, handle_tsjs_dynamic};
+use trusted_server_common::publisher::{
+    handle_geo_info, handle_publisher_request, handle_tsjs_dynamic,
+};
 use trusted_server_common::request_signing::{
     handle_deactivate_key, handle_rotate_key, handle_trusted_server_discovery,
     handle_verify_signature,
@@ -103,6 +105,8 @@ async fn route_request(
         (Method::POST, "/first-party/proxy-rebuild") => {
             handle_first_party_proxy_rebuild(settings, req).await
         }
+        // Geo info endpoint
+        (Method::GET, "/first-party/geo") => handle_geo_info(&req),
         (m, path) if integration_registry.has_route(&m, path) => integration_registry
             .handle_proxy(&m, path, settings, req)
             .await

From 57411c1317028c651c299a756d2c0c6edefa4ef4 Mon Sep 17 00:00:00 2001
From: prk-Jr <prakashsagwara@gmail.com>
Date: Tue, 10 Feb 2026 22:19:28 +0530
Subject: [PATCH 2/5] Add geo_info handling to HTML processor creation

---
 crates/common/src/html_processor.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crates/common/src/html_processor.rs b/crates/common/src/html_processor.rs
index 618e30d1..d62ead73 100644
--- a/crates/common/src/html_processor.rs
+++ b/crates/common/src/html_processor.rs
@@ -121,6 +121,7 @@ impl HtmlProcessorConfig {
 pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcessor {
     let post_processors = config.integrations.html_post_processors();
     let document_state = IntegrationDocumentState::default();
+    let geo_info = config.geo_info.clone();
 
     // Simplified URL patterns structure - stores only core data and generates variants on-demand
     struct UrlPatterns {
@@ -199,6 +200,7 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
             let integrations = integration_registry.clone();
             let patterns = patterns.clone();
             let document_state = document_state.clone();
+            let geo_info = geo_info.clone();
             move |el| {
                 if !injected_tsjs.get() {
                     let mut snippet = String::new();
@@ -207,6 +209,7 @@ pub fn create_html_processor(config: HtmlProcessorConfig) -> impl StreamProcesso
                         request_scheme: &patterns.request_scheme,
                         origin_host: &patterns.origin_host,
                         document_state: &document_state,
+                        geo: geo_info.as_ref(),
                     };
                     // First inject the unified TSJS bundle (defines tsjs.setConfig, etc.)
                     snippet.push_str(&tsjs::unified_script_tag());

From 7ef482b673be04d953e510e73819c6ee0c61bd02 Mon Sep 17 00:00:00 2001
From: prk-Jr <prakashsagwara@gmail.com>
Date: Wed, 11 Feb 2026 19:09:59 +0530
Subject: [PATCH 3/5] feat: Implement first-party Geo and DMA lookup

Third-party geo and DMA lookups add avoidable latency and introduce additional privacy and compliance risk. This change enables geo information to be derived from Fastly at the edge and passed through the Trusted Server instead of relying on browser-side APIs.

Centralizing geo handling reduces external dependencies, improves reliability when third-party services fail, and supports ongoing efforts to minimize client-side data exposure while preserving existing ad and bidding functionality.

Resolves: #280
---
 crates/common/src/geo.rs                      |  30 ++++
 crates/common/src/integrations/prebid.rs      | 170 +++---------------
 crates/common/src/publisher.rs                |  25 ---
 crates/common/src/settings.rs                 |  29 +++
 crates/fastly/src/main.rs                     |   8 +-
 .../js/lib/src/integrations/prebid/index.ts   |  50 ++++++
 trusted-server.toml                           |   5 +
 7 files changed, 147 insertions(+), 170 deletions(-)
 create mode 100644 crates/js/lib/src/integrations/prebid/index.ts

diff --git a/crates/common/src/geo.rs b/crates/common/src/geo.rs
index a903c31d..4ba9451a 100644
--- a/crates/common/src/geo.rs
+++ b/crates/common/src/geo.rs
@@ -150,3 +150,33 @@ pub fn get_dma_code(req: &mut Request) -> Option<String> {
 
     None
 }
+
+/// Returns the geographic information for the request as a JSON response.
+///
+/// Use this endpoint to get the client's location data (City, Country, DMA, etc.)
+/// without making a third-party API call.
+///
+/// # Errors
+///
+/// Returns a 500 error if JSON serialization fails (unlikely).
+pub fn handle_first_party_geo(
+    req: &Request,
+) -> Result<fastly::Response, error_stack::Report<crate::error::TrustedServerError>> {
+    use crate::error::TrustedServerError;
+    use error_stack::ResultExt;
+    use fastly::http::{header, StatusCode};
+    use fastly::Response;
+
+    let geo_info = GeoInfo::from_request(req);
+
+    // Create a JSON response
+    let body =
+        serde_json::to_string(&geo_info).change_context(TrustedServerError::Serialization {
+            message: "Failed to serialize geo info".to_string(),
+        })?;
+
+    Ok(Response::from_body(body)
+        .with_status(StatusCode::OK)
+        .with_header(header::CONTENT_TYPE, "application/json")
+        .with_header("Cache-Control", "private, no-store"))
+}
diff --git a/crates/common/src/integrations/prebid.rs b/crates/common/src/integrations/prebid.rs
index a4752f27..7b09d96b 100644
--- a/crates/common/src/integrations/prebid.rs
+++ b/crates/common/src/integrations/prebid.rs
@@ -57,15 +57,9 @@ pub struct PrebidIntegrationConfig {
     #[serde(default)]
     pub auto_configure: bool,
 
+    /// Ad Units configuration
     #[serde(default)]
-    pub inject_geo: bool,
-
-    #[serde(default = "default_geo_cache_key")]
-    pub geo_cache_key: String,
-}
-
-fn default_geo_cache_key() -> String {
-    "cwgl".to_string()
+    pub ad_units: Vec<serde_json::Value>,
 }
 
 impl IntegrationConfig for PrebidIntegrationConfig {
@@ -233,9 +227,8 @@ impl crate::integrations::IntegrationHtmlPostProcessor for PrebidHtmlInjector {
         html: &mut String,
         ctx: &crate::integrations::IntegrationHtmlContext<'_>,
     ) -> bool {
-        // Construct the S2S config
-        // Note: We use the trusted server itself as the endpoint
-        let s2s_config = json!({
+        // Construct the Prebid configuration object
+        let config = json!({
             "accountId": "trusted-server",
             "enabled": true,
             "bidders": self.config.bidders,
@@ -245,74 +238,31 @@ impl crate::integrations::IntegrationHtmlPostProcessor for PrebidHtmlInjector {
             "syncEndpoint": format!("{}://{}/cookie_sync", ctx.request_scheme, ctx.request_host),
             "cookieSet": true,
             "cookiesetUrl": format!("{}://{}/setuid", ctx.request_scheme, ctx.request_host),
+            "adUnits": self.config.ad_units,
+            "debug": self.config.debug,
         });
 
-        // Create geo injection script if enabled and geo info is available
-        let geo_script = if self.config.inject_geo {
-            if let Some(geo) = ctx.geo {
-                let geo_data = json!({
-                    "country": geo.country,
-                    "region": geo.region,
-                    "city": geo.city,
-                    "postal_code": "", // Not currently available in GeoInfo
-                });
-
-                // Script to inject geo data into localStorage
-                // We use the configured cache key
-                // We also set the timestamp key (usually cache_key + "t")
-                // And we set window._tudeGeo as a fallback/optimization for Aditude wrapper
-                format!(
-                    r#"<script>
-                    (function() {{
-                        try {{
-                            var geo = {};
-                            var now = Date.now();
-                            localStorage.setItem("{}", JSON.stringify(geo));
-                            localStorage.setItem("{}t", now);
-                            window._tudeGeo = geo;
-                        }} catch (e) {{
-                            console.error("Trusted Server: Failed to inject geo", e);
-                        }}
-                    }})();
-                    </script>"#,
-                    geo_data, self.config.geo_cache_key, self.config.geo_cache_key
-                )
-            } else {
-                String::new()
-            }
-        } else {
-            String::new()
-        };
-
+        // Script to inject configuration and initialize Prebid via tsjs
         let script = format!(
             r#"<script>
-            (function() {{
-                var pbjs = window.pbjs || {{}};
-                pbjs.que = pbjs.que || [];
-                pbjs.que.push(function() {{
-                    pbjs.setConfig({{
-                        s2sConfig: {}
-                    }});
-                }});
-                window.pbjs = pbjs;
-                window.__trustedServerPrebid = true;
-            }})();
+            window.__tsjs_prebid = {};
+            if (window.tsjs && window.tsjs.modules && window.tsjs.modules.prebid) {{
+                window.tsjs.modules.prebid.init();
+            }}
             </script>"#,
-            s2s_config
+            config
         );
 
-        let final_injection = format!("{geo_script}{script}");
-
         // Inject after <head>
         if let Some(idx) = html.find("<head>") {
             let insert_point = idx + 6;
-            html.insert_str(insert_point, &final_injection);
+            html.insert_str(insert_point, &script);
             true
         } else if let Some(idx) = html.find("<head") {
             // Handle case with attributes like <head class="...">
             if let Some(close_idx) = html[idx..].find('>') {
                 let insert_point = idx + close_idx + 1;
-                html.insert_str(insert_point, &final_injection);
+                html.insert_str(insert_point, &script);
                 true
             } else {
                 false
@@ -913,8 +863,7 @@ mod tests {
             debug_query_params: None,
             script_patterns: default_script_patterns(),
             auto_configure: false,
-            inject_geo: false,
-            geo_cache_key: "cwgl".to_string(),
+            ad_units: vec![],
         }
     }
 
@@ -1271,8 +1220,7 @@ server_url = "https://prebid.example"
             debug_query_params: None,
             script_patterns: vec![],
             auto_configure: true,
-            inject_geo: false,
-            geo_cache_key: "cwgl".to_string(),
+            ad_units: vec![],
         };
         let injector = PrebidHtmlInjector::new(config);
         let params = IntegrationDocumentState::default();
@@ -1288,7 +1236,8 @@ server_url = "https://prebid.example"
         let mut html = "<html><head><title>Test</title></head><body></body></html>".to_string();
         assert!(injector.post_process(&mut html, &ctx));
         assert!(html.starts_with("<html><head><script>"));
-        assert!(html.contains("pbjs.setConfig"));
+        assert!(html.contains("window.__tsjs_prebid ="));
+        assert!(html.contains("window.tsjs.modules.prebid.init()"));
 
         // Case 2: Head with attributes
         let mut html =
@@ -1299,7 +1248,7 @@ server_url = "https://prebid.example"
         // Case 3: No head
         let mut html = "<html><body></body></html>".to_string();
         assert!(!injector.post_process(&mut html, &ctx));
-        assert!(!html.contains("pbjs.setConfig"));
+        assert!(!html.contains("window.__tsjs_prebid ="));
     }
 
     #[test]
@@ -1313,8 +1262,7 @@ server_url = "https://prebid.example"
             debug_query_params: None,
             script_patterns: vec![],
             auto_configure: true,
-            inject_geo: false,
-            geo_cache_key: "cwgl".to_string(),
+            ad_units: vec![],
         };
         let injector = PrebidHtmlInjector::new(config);
         let params = IntegrationDocumentState::default();
@@ -1330,15 +1278,16 @@ server_url = "https://prebid.example"
         injector.post_process(&mut html, &ctx);
 
         // Extract the JSON config from the injected script
-        // Script pattern: ... s2sConfig: { ... } ...
-        let start_marker = "s2sConfig: ";
-        let start_idx =
-            html.find(start_marker).expect("should find s2sConfig") + start_marker.len();
+        // Script pattern: window.__tsjs_prebid = { ... };
+        let start_marker = "window.__tsjs_prebid = ";
+        let start_idx = html
+            .find(start_marker)
+            .expect("should find window.__tsjs_prebid =")
+            + start_marker.len();
         let end_idx = html[start_idx..]
-            .find("}")
-            .expect("should find closing brace")
-            + start_idx
-            + 1; // +1 to include }
+            .find(";")
+            .expect("should find closing semicolon")
+            + start_idx;
 
         let json_str = &html[start_idx..end_idx];
         let json: serde_json::Value =
@@ -1351,65 +1300,4 @@ server_url = "https://prebid.example"
         assert_eq!(json["accountId"], "trusted-server");
         assert_eq!(json["enabled"], true);
     }
-
-    #[test]
-    fn html_processor_injects_geo_info() {
-        let html = r#"<html><head></head><body></body></html>"#;
-
-        let mut settings = make_settings();
-        settings
-            .integrations
-            .insert_config(
-                "prebid",
-                &json!({
-                    "enabled": true,
-                    "server_url": "https://test-prebid.com/openrtb2/auction",
-                    "timeout_ms": 1000,
-                    "bidders": ["mocktioneer"],
-                    "script_patterns": [],
-                    "inject_geo": true,
-                    "geo_cache_key": "cwgl_test",
-                    "auto_configure": true
-                }),
-            )
-            .expect("should update prebid config");
-
-        let registry = IntegrationRegistry::new(&settings).expect("should create registry");
-
-        let geo_info = crate::geo::GeoInfo {
-            city: "New York".to_string(),
-            country: "US".to_string(),
-            continent: "NA".to_string(),
-            latitude: 40.7128,
-            longitude: -74.0060,
-            metro_code: 501,
-            region: Some("NY".to_string()),
-        };
-
-        let config = config_from_settings(&settings, &registry);
-        // Manually override geo_info in config since config_from_settings defaults to None
-        let mut config = config;
-        config.geo_info = Some(geo_info);
-
-        let processor = create_html_processor(config);
-        let pipeline_config = PipelineConfig {
-            input_compression: Compression::None,
-            output_compression: Compression::None,
-            chunk_size: 8192,
-        };
-        let mut pipeline = StreamingPipeline::new(pipeline_config, processor);
-
-        let mut output = Vec::new();
-        pipeline
-            .process(Cursor::new(html.as_bytes()), &mut output)
-            .expect("should process html");
-
-        let result = String::from_utf8(output).expect("valid utf8");
-
-        // Verify geo injection script
-        assert!(result.contains("localStorage.setItem(\"cwgl_test\", JSON.stringify(geo));"));
-        assert!(result.contains("\"country\":\"US\""));
-        assert!(result.contains("\"city\":\"New York\""));
-        assert!(result.contains("\"region\":\"NY\""));
-    }
 }
diff --git a/crates/common/src/publisher.rs b/crates/common/src/publisher.rs
index d7b8c9a9..b51f4459 100644
--- a/crates/common/src/publisher.rs
+++ b/crates/common/src/publisher.rs
@@ -42,31 +42,6 @@ pub fn handle_tsjs_dynamic(req: &Request) -> Result<Response, Report<TrustedServ
     Ok(resp)
 }
 
-/// Returns the geographic information for the request as a JSON response.
-///
-/// Use this endpoint to get the client's location data (City, Country, DMA, etc.)
-/// without making a third-party API call.
-///
-/// # Errors
-///
-/// Returns a 500 error if JSON serialization fails (unlikely).
-pub fn handle_geo_info(req: &Request) -> Result<Response, Report<TrustedServerError>> {
-    use crate::geo::GeoInfo;
-
-    let geo_info = GeoInfo::from_request(req);
-
-    // Create a JSON response
-    let body =
-        serde_json::to_string(&geo_info).change_context(TrustedServerError::Serialization {
-            message: "Failed to serialize geo info".to_string(),
-        })?;
-
-    Ok(Response::from_body(body)
-        .with_status(StatusCode::OK)
-        .with_header(header::CONTENT_TYPE, "application/json")
-        .with_header("Cache-Control", "private, no-store"))
-}
-
 /// Parameters for processing response streaming
 struct ProcessResponseParams<'a> {
     content_encoding: &'a str,
diff --git a/crates/common/src/settings.rs b/crates/common/src/settings.rs
index 6b2d4ca8..4b337b60 100644
--- a/crates/common/src/settings.rs
+++ b/crates/common/src/settings.rs
@@ -320,6 +320,35 @@ pub struct Settings {
     pub auction: AuctionConfig,
     #[serde(default)]
     pub proxy: Proxy,
+    #[serde(default)]
+    #[validate(nested)]
+    pub geo: Geo,
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize, Validate)]
+pub struct Geo {
+    #[serde(default = "default_geo_inject")]
+    pub inject: bool,
+    #[serde(default = "default_geo_cache_key")]
+    #[validate(length(min = 1))]
+    pub cache_key: String,
+}
+
+impl Default for Geo {
+    fn default() -> Self {
+        Self {
+            inject: default_geo_inject(),
+            cache_key: default_geo_cache_key(),
+        }
+    }
+}
+
+fn default_geo_inject() -> bool {
+    false
+}
+
+fn default_geo_cache_key() -> String {
+    "geo".to_string()
 }
 
 #[allow(unused)]
diff --git a/crates/fastly/src/main.rs b/crates/fastly/src/main.rs
index 3cb6d711..e6d22e97 100644
--- a/crates/fastly/src/main.rs
+++ b/crates/fastly/src/main.rs
@@ -12,9 +12,7 @@ use trusted_server_common::proxy::{
     handle_first_party_click, handle_first_party_proxy, handle_first_party_proxy_rebuild,
     handle_first_party_proxy_sign,
 };
-use trusted_server_common::publisher::{
-    handle_geo_info, handle_publisher_request, handle_tsjs_dynamic,
-};
+use trusted_server_common::publisher::{handle_publisher_request, handle_tsjs_dynamic};
 use trusted_server_common::request_signing::{
     handle_deactivate_key, handle_rotate_key, handle_trusted_server_discovery,
     handle_verify_signature,
@@ -106,7 +104,9 @@ async fn route_request(
             handle_first_party_proxy_rebuild(settings, req).await
         }
         // Geo info endpoint
-        (Method::GET, "/first-party/geo") => handle_geo_info(&req),
+        (Method::GET, "/first-party/geo") => {
+            trusted_server_common::geo::handle_first_party_geo(&req)
+        }
         (m, path) if integration_registry.has_route(&m, path) => integration_registry
             .handle_proxy(&m, path, settings, req)
             .await
diff --git a/crates/js/lib/src/integrations/prebid/index.ts b/crates/js/lib/src/integrations/prebid/index.ts
new file mode 100644
index 00000000..6105d878
--- /dev/null
+++ b/crates/js/lib/src/integrations/prebid/index.ts
@@ -0,0 +1,50 @@
+/**
+ * Prebid.js integration module.
+ * Handles initialization and configuration injection.
+ */
+
+declare global {
+    interface Window {
+        __tsjs_prebid?: any;
+        pbjs?: any;
+        __trustedServerPrebid?: boolean;
+    }
+}
+
+export function init() {
+    const config = window.__tsjs_prebid;
+    if (!config) {
+        return;
+    }
+
+    const pbjs = window.pbjs || {};
+    pbjs.que = pbjs.que || [];
+
+    pbjs.que.push(() => {
+        // Configure S2S (Server-to-Server)
+        const s2sConfig = {
+            accountId: config.accountId,
+            enabled: config.enabled,
+            bidders: config.bidders,
+            timeout: config.timeout,
+            adapter: config.adapter,
+            endpoint: config.endpoint,
+            syncEndpoint: config.syncEndpoint,
+            cookieSet: config.cookieSet,
+            cookiesetUrl: config.cookiesetUrl,
+        };
+
+        pbjs.setConfig({
+            s2sConfig,
+            debug: config.debug,
+        });
+
+        // Add Ad Units if provided
+        if (config.adUnits && Array.isArray(config.adUnits)) {
+            pbjs.addAdUnits(config.adUnits);
+        }
+    });
+
+    window.pbjs = pbjs;
+    window.__trustedServerPrebid = true;
+}
diff --git a/trusted-server.toml b/trusted-server.toml
index cdad1f50..0da9fa00 100644
--- a/trusted-server.toml
+++ b/trusted-server.toml
@@ -33,6 +33,11 @@ enabled = false  # Set to true to enable request signing
 config_store_id = "<fastly-config-store-id>" # set config/secret store ids for key rotation
 secret_store_id = "<fastly-secret-store-id>"
 
+# Geo configuration
+[geo]
+inject = false
+cache_key = "geo"
+
 [integrations.prebid]
 enabled = true
 server_url = "http://68.183.113.79:8000"

From 88c5b49269f2602a0d0962b6ff874a5a7763b276 Mon Sep 17 00:00:00 2001
From: prk-Jr <prakashsagwara@gmail.com>
Date: Wed, 11 Feb 2026 19:50:05 +0530
Subject: [PATCH 4/5] Resolve eslint explicit-any errors in prebid integration

---
 .../js/lib/src/integrations/prebid/index.ts   | 27 ++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/crates/js/lib/src/integrations/prebid/index.ts b/crates/js/lib/src/integrations/prebid/index.ts
index 6105d878..28be9688 100644
--- a/crates/js/lib/src/integrations/prebid/index.ts
+++ b/crates/js/lib/src/integrations/prebid/index.ts
@@ -3,10 +3,30 @@
  * Handles initialization and configuration injection.
  */
 
+interface PrebidConfig {
+    accountId: string;
+    enabled: boolean;
+    bidders: string[];
+    timeout: number;
+    adapter: string;
+    endpoint: string;
+    syncEndpoint: string;
+    cookieSet: boolean;
+    cookiesetUrl: string;
+    debug: boolean;
+    adUnits?: unknown[];
+}
+
+interface Pbjs {
+    que: (() => void)[];
+    setConfig: (config: { s2sConfig: unknown; debug: boolean }) => void;
+    addAdUnits: (units: unknown[]) => void;
+}
+
 declare global {
     interface Window {
-        __tsjs_prebid?: any;
-        pbjs?: any;
+        __tsjs_prebid?: PrebidConfig;
+        pbjs?: Pbjs;
         __trustedServerPrebid?: boolean;
     }
 }
@@ -17,7 +37,8 @@ export function init() {
         return;
     }
 
-    const pbjs = window.pbjs || {};
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const pbjs: Pbjs = (window.pbjs as any) || {};
     pbjs.que = pbjs.que || [];
 
     pbjs.que.push(() => {

From 025554303dcbb7e9f9b0d3fb7f789edb8581e903 Mon Sep 17 00:00:00 2001
From: prk-Jr <prakashsagwara@gmail.com>
Date: Wed, 11 Feb 2026 19:55:33 +0530
Subject: [PATCH 5/5] Apply Prettier formatting to to resolve CI lint failure.

---
 .../js/lib/src/integrations/prebid/index.ts   | 100 +++++++++---------
 1 file changed, 50 insertions(+), 50 deletions(-)

diff --git a/crates/js/lib/src/integrations/prebid/index.ts b/crates/js/lib/src/integrations/prebid/index.ts
index 28be9688..7b6bc29a 100644
--- a/crates/js/lib/src/integrations/prebid/index.ts
+++ b/crates/js/lib/src/integrations/prebid/index.ts
@@ -4,68 +4,68 @@
  */
 
 interface PrebidConfig {
-    accountId: string;
-    enabled: boolean;
-    bidders: string[];
-    timeout: number;
-    adapter: string;
-    endpoint: string;
-    syncEndpoint: string;
-    cookieSet: boolean;
-    cookiesetUrl: string;
-    debug: boolean;
-    adUnits?: unknown[];
+  accountId: string;
+  enabled: boolean;
+  bidders: string[];
+  timeout: number;
+  adapter: string;
+  endpoint: string;
+  syncEndpoint: string;
+  cookieSet: boolean;
+  cookiesetUrl: string;
+  debug: boolean;
+  adUnits?: unknown[];
 }
 
 interface Pbjs {
-    que: (() => void)[];
-    setConfig: (config: { s2sConfig: unknown; debug: boolean }) => void;
-    addAdUnits: (units: unknown[]) => void;
+  que: (() => void)[];
+  setConfig: (config: { s2sConfig: unknown; debug: boolean }) => void;
+  addAdUnits: (units: unknown[]) => void;
 }
 
 declare global {
-    interface Window {
-        __tsjs_prebid?: PrebidConfig;
-        pbjs?: Pbjs;
-        __trustedServerPrebid?: boolean;
-    }
+  interface Window {
+    __tsjs_prebid?: PrebidConfig;
+    pbjs?: Pbjs;
+    __trustedServerPrebid?: boolean;
+  }
 }
 
 export function init() {
-    const config = window.__tsjs_prebid;
-    if (!config) {
-        return;
-    }
-
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const pbjs: Pbjs = (window.pbjs as any) || {};
-    pbjs.que = pbjs.que || [];
+  const config = window.__tsjs_prebid;
+  if (!config) {
+    return;
+  }
 
-    pbjs.que.push(() => {
-        // Configure S2S (Server-to-Server)
-        const s2sConfig = {
-            accountId: config.accountId,
-            enabled: config.enabled,
-            bidders: config.bidders,
-            timeout: config.timeout,
-            adapter: config.adapter,
-            endpoint: config.endpoint,
-            syncEndpoint: config.syncEndpoint,
-            cookieSet: config.cookieSet,
-            cookiesetUrl: config.cookiesetUrl,
-        };
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const pbjs: Pbjs = (window.pbjs as any) || {};
+  pbjs.que = pbjs.que || [];
 
-        pbjs.setConfig({
-            s2sConfig,
-            debug: config.debug,
-        });
+  pbjs.que.push(() => {
+    // Configure S2S (Server-to-Server)
+    const s2sConfig = {
+      accountId: config.accountId,
+      enabled: config.enabled,
+      bidders: config.bidders,
+      timeout: config.timeout,
+      adapter: config.adapter,
+      endpoint: config.endpoint,
+      syncEndpoint: config.syncEndpoint,
+      cookieSet: config.cookieSet,
+      cookiesetUrl: config.cookiesetUrl,
+    };
 
-        // Add Ad Units if provided
-        if (config.adUnits && Array.isArray(config.adUnits)) {
-            pbjs.addAdUnits(config.adUnits);
-        }
+    pbjs.setConfig({
+      s2sConfig,
+      debug: config.debug,
     });
 
-    window.pbjs = pbjs;
-    window.__trustedServerPrebid = true;
+    // Add Ad Units if provided
+    if (config.adUnits && Array.isArray(config.adUnits)) {
+      pbjs.addAdUnits(config.adUnits);
+    }
+  });
+
+  window.pbjs = pbjs;
+  window.__trustedServerPrebid = true;
 }