Skip to main content
All posts

Sentry on Astro + Cloudflare Pages: GDPR-Compliant Error Tracking

· 3 min read ·
sentry astro gdpr monitoring cloudflare

Most production issues on Astro + Cloudflare Pages sites are invisible without error tracking. The build passes. Cloudflare’s deployment logs show green. But a contact form silently fails for certain inputs, or a Stripe webhook returns a 500 that nobody sees. You find out when a customer emails you.

Sentry fixes this. For sites with real users or payment flows, it belongs in the stack from day one — not added later after you’ve already missed something important. The free tier covers 5,000 errors per month, which is more than enough until you have significant traffic.

This is how we set it up: EU-hosted, GDPR-compliant, with PII scrubbing and the noise filters that make it actually useful.

Create the account in the EU region

This matters for GDPR. When you sign up at sentry.io, the region selector appears on the first screen. Choose EU (Frankfurt). This cannot be changed after account creation — you’d need to start over with a new organization.

GDPR compliance before you add the SDK

Before installing a single package, do two things in the Sentry dashboard:

Sign the DPA: Settings → Legal → Data Processing Agreement → sign it. Sentry is a data processor under GDPR; without the DPA, using it is a compliance gap.

Enable data scrubbing: Settings → Security & Privacy → Data Scrubbing → On. Add: password, token, email, credit_card, card_number. This prevents sensitive fields from appearing in error reports even if they slip through your beforeSend filter.

Install and configure

pnpm add @sentry/astro @sentry/cloudflare

In astro.config.mjs:

import sentry from '@sentry/astro';

export default defineConfig({
  integrations: [
    sentry({
      dsn: import.meta.env.SENTRY_DSN,
      sourceMapsUploadOptions: {
        project: 'your-project-slug',
        authToken: import.meta.env.SENTRY_AUTH_TOKEN,
      },
    }),
  ],
});

Create sentry.client.config.js at the project root:

import * as Sentry from '@sentry/astro';

Sentry.init({
  dsn: import.meta.env.PUBLIC_SENTRY_DSN,
  tracesSampleRate: 0.1,
  beforeSend(event) {
    if (event.user) {
      delete event.user.ip_address;
      delete event.user.email;
      delete event.user.username;
    }
    // Drop fetch errors from ad networks — these are ad blocker noise, not real bugs
    if (event.exception?.values?.[0]?.value?.includes('doubleclick') ||
        event.exception?.values?.[0]?.value?.includes('googlesyndication')) {
      return null;
    }
    return event;
  },
});

Create sentry.server.config.js:

import * as Sentry from '@sentry/cloudflare';

Sentry.init({
  dsn: import.meta.env.SENTRY_DSN,
  tracesSampleRate: 0.1,
  beforeSend(event) {
    if (event.user) {
      delete event.user.ip_address;
      delete event.user.email;
      delete event.user.username;
    }
    return event;
  },
});

The beforeSend on the client is critical. Without it, user IPs and emails can appear in error reports. The ad network filter stops the constant noise from requests that ad blockers cancel — without it, sites running AdSense generate hundreds of fake errors per day.

Environment variables

In Cloudflare Pages → Settings → Environment variables:

VariableNotes
SENTRY_DSNSecret — used server-side only
PUBLIC_SENTRY_DSNPlaintext — same value, needed for client-side init
SENTRY_AUTH_TOKENSecret — from Sentry → Settings → Auth Tokens

Yes, you need both SENTRY_DSN and PUBLIC_SENTRY_DSN with the same value. Astro’s import.meta.env.PUBLIC_* variables are the only ones exposed to the browser bundle.

SSR sites need nodejs_compat

If your site uses @astrojs/cloudflare for SSR, Sentry requires the Node.js compatibility flag. Add to Cloudflare Pages → Settings → Functions → Compatibility Flags:

nodejs_compat

Or in wrangler.toml:

compatibility_flags = ["nodejs_compat"]

Static sites (SSG) don’t need this.

Source maps are automatic

Source maps let Sentry show readable stack traces instead of minified production code. The @sentry/astro integration uploads them automatically during pnpm build when SENTRY_AUTH_TOKEN is set. No extra configuration required.

Verify they’re uploading after first deploy: Sentry → your project → Releases → deploys should appear there.

Privacy policy update

Add Sentry to your privacy policy under error tracking. Required under GDPR since Sentry processes request data even with PII scrubbing enabled.

We use Sentry (Functional Software, Inc.) to monitor technical errors on our website. Error reports are processed on servers in the EU (Frankfurt). No personally identifiable information is intentionally collected. For details, see Sentry’s privacy policy.

CSP header

If your site has a Content Security Policy, Sentry’s ingest endpoint needs to be in connect-src:

connect-src 'self' https://o4511038991630336.ingest.de.sentry.io

Replace the organization ID with your own — it’s visible in the DSN URL.

What to monitor

Add Sentry to any site that has contact forms, payment flows, or authenticated user sessions. For pure static content sites with no forms or dynamic endpoints, it’s overkill. One Sentry project per site keeps alerts clean and makes it obvious which site an error came from.

Want to learn more?

See what a modern Astro website can do for your business, transparently priced.

Learn more
← All posts