Hi Brandon,
in case a web application firewall (WAF) or CDN like Akamai, Cloudflare etc. is already in place on the website, it makes a lot of sense to route the Snowplow endpoint through the WAF/CDN, because you can:
- create filter rules (e.g. host, request path, ISP, country etc.)
- circumvent Safari ITP
- detect and block bot or enrich the requests with additional headers to filter downstream (e.g triggered WAF rules, proxy detection etc.)
- setup DoS prevention
- etc.
We have this in place with Akamai incl. Akamai Bot Manager and I can definitely recommend it.
Edit: there was already a similar question with insightful answers: Snowplow JS Authentication - #6 by matus