Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
GuardFlame is a niche reverse proxy and bot protection service positioned as a lightweight alternative to Cloudflare and similar edge security providers. It sits in front of the host site, blocks malicious traffic, throttles requests and optionally issues a JavaScript or proof of work challenge before letting the visitor reach the origin. The vendor and the edge region in use should be confirmed in the operator contract.
GuardFlame is a niche reverse proxy and bot protection service positioned as a lightweight alternative to mainstream edge security providers. It sits in front of the host site, inspects every incoming request, runs anti bot and rate limiting heuristics, and optionally issues a browser challenge before letting the visitor reach the origin. Unlike larger players, GuardFlame is rarely visible in technology census reports, so the operator should pay extra attention to the contractual terms and the hosting region.
GuardFlame proxies HTTP and HTTPS requests for the protected origin. Each request goes through a chain of filters: IP reputation, request rate per source, header heuristics, JA3 or JA4 TLS fingerprint, and optionally a proof of work or JavaScript challenge. Once a visitor passes the check, GuardFlame stores the outcome in a short lived challenge cookie so the visitor is not challenged again on every request.
GuardFlame processes the visitor IP, request URL, HTTP headers, TLS fingerprint and the response of the challenge if one is issued. It typically writes a single first party cookie (often named gf_token or similar) that stores the validation status and a server signed timestamp. No advertising, analytics or cross site identifier is set by the service itself.
For its core security function, GuardFlame relies on the legitimate interest of the operator (Art 6(1)(f) GDPR) to protect the website from abuse, fraud and denial of service. The challenge cookie is strictly necessary under the consent exemption of Art 5(3) ePrivacy because the website would not be reachable without it once the protection is active. Visitor IPs and request metadata should be kept for the shortest period needed for forensic analysis.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
No prior consent is needed to load GuardFlame because the function is strictly necessary security. The privacy notice should explain that the site uses an edge protection service, mention the vendor and describe the processing of IP and request metadata. The challenge cookie should be listed in the cookie table with Strictly Necessary classification.
As a niche provider, GuardFlame may not offer a guaranteed EU only deployment. Verify in the contract or admin panel the location of the edge serving European visitors and the back office that stores the request logs. If the edge or the logs sit outside the EU/EEA, document Standard Contractual Clauses and a Transfer Impact Assessment, and consider falling back to an EU based alternative for sensitive verticals.
Sign the GuardFlame DPA. Lock the edge to an EU region when possible. Configure log retention to the shortest period needed for incident response (typically 30 to 90 days). Document the service in the records of processing as a security sub processor. Audit the challenge logic to make sure it does not exclude accessibility tooling. Review the contract yearly to verify the actual hosting region and the up to date sub processor list.
Websites using GuardFlame must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a defensive reverse proxy when the operator processes only the request metadata strictly needed to filter abuse. A DPIA is recommended when GuardFlame is paired with extended logging, when its data feeds a separate fraud profile that targets identifiable individuals, or when the edge region serving European visitors sits outside the EU/EEA. Document GuardFlame in the records of processing as a security sub processor.
Sample consent text
This site uses GuardFlame, a reverse proxy and bot protection service, to filter malicious traffic before requests reach our servers. GuardFlame inspects the request metadata (IP, headers, user agent) and may issue a short browser challenge to confirm that you are not a bot. The challenge cookie set on validation is strictly necessary for the security of the service and does not require your consent.
This service may collect user data. Ensure GDPR compliance with FlowConsent.