diff --git a/crates/common/src/integrations/gpt.rs b/crates/common/src/integrations/gpt.rs
new file mode 100644
index 00000000..5946ec26
--- /dev/null
+++ b/crates/common/src/integrations/gpt.rs
@@ -0,0 +1,921 @@
+//! Google Publisher Tags (GPT) integration for first-party ad serving.
+//!
+//! This module provides transparent proxying for Google's entire GPT script
+//! chain, enabling first-party ad tag delivery while maintaining privacy
+//! controls. GPT loads scripts in a cascade:
+//!
+//! 1. `gpt.js` – the thin bootstrap loader
+//! 2. `pubads_impl.js` – the main GPT implementation (~640 KB)
+//! 3. `pubads_impl_*.js` – lazy-loaded sub-modules (page-level ads, side rails, …)
+//! 4. Auxiliary scripts – viewability, monitoring, error reporting
+//!
+//! All of these are served from `securepubads.g.doubleclick.net`. The
+//! integration proxies these scripts
+//! through the publisher's domain while a client-side shim intercepts
+//! dynamic script insertions and rewrites their URLs to the first-party
+//! proxy so that every subsequent fetch in the cascade routes back through
+//! the trusted server.
+//!
+//! ## How It Works
+//!
+//! 1. **HTML rewriting** – The [`IntegrationAttributeRewriter`] swaps `src`/`href`
+//!    attributes pointing at Google's GPT script with a first-party URL
+//!    (`/integrations/gpt/script`).
+//! 2. **Script proxy** – [`IntegrationProxy`] endpoints serve `gpt.js`
+//!    (`/integrations/gpt/script`) and all secondary scripts
+//!    (`/integrations/gpt/pagead/*`, `/integrations/gpt/tag/*`) through the
+//!    publisher's domain. Script bodies are served **verbatim** — no
+//!    server-side domain rewriting is performed.
+//! 3. **Client-side shim** – A TypeScript module (built into the unified TSJS
+//!    bundle) installs a script guard that intercepts dynamically inserted GPT
+//!    `<script>` elements and rewrites their URLs to the first-party proxy.
+//!    This is the sole mechanism that routes the GPT cascade through the proxy.
+//!    The shim also hooks into the `googletag` API for targeting injection.
+
+use std::sync::Arc;
+
+use async_trait::async_trait;
+use error_stack::{Report, ResultExt};
+use fastly::http::{header, Method, StatusCode};
+use fastly::{Request, Response};
+use serde::{Deserialize, Serialize};
+use url::Url;
+use validator::Validate;
+
+use crate::backend::BackendConfig;
+use crate::error::TrustedServerError;
+use crate::integrations::{
+    AttributeRewriteAction, IntegrationAttributeContext, IntegrationAttributeRewriter,
+    IntegrationEndpoint, IntegrationHeadInjector, IntegrationHtmlContext, IntegrationProxy,
+    IntegrationRegistration,
+};
+use crate::settings::{IntegrationConfig, Settings};
+
+const GPT_INTEGRATION_ID: &str = "gpt";
+
+/// Primary Google domain that serves GPT scripts.
+const SECUREPUBADS_HOST: &str = "securepubads.g.doubleclick.net";
+
+/// Integration route prefix for all GPT proxy endpoints.
+const ROUTE_PREFIX: &str = "/integrations/gpt";
+
+/// Configuration for the Google Publisher Tags integration.
+#[derive(Debug, Clone, Deserialize, Serialize, Validate)]
+pub struct GptConfig {
+    /// Enable/disable the integration.
+    #[serde(default = "default_enabled")]
+    pub enabled: bool,
+
+    /// URL for the GPT bootstrap script (default: Google's CDN).
+    #[serde(default = "default_script_url")]
+    #[validate(url)]
+    pub script_url: String,
+
+    /// Cache TTL for proxied GPT scripts in seconds (default: 3600 = 1 hour).
+    #[serde(default = "default_cache_ttl")]
+    #[validate(range(min = 60, max = 86400))]
+    pub cache_ttl_seconds: u32,
+
+    /// Whether to rewrite GPT script URLs in publisher HTML.
+    #[serde(default = "default_rewrite_script")]
+    pub rewrite_script: bool,
+}
+
+impl IntegrationConfig for GptConfig {
+    fn is_enabled(&self) -> bool {
+        self.enabled
+    }
+}
+
+/// Google Publisher Tags integration implementation.
+///
+/// Proxies the full GPT script cascade through first-party endpoints.
+/// Script bodies are served verbatim; the client-side GPT shim handles
+/// URL rewriting so that every script in the cascade routes back through
+/// the trusted server.
+pub struct GptIntegration {
+    config: GptConfig,
+}
+
+impl GptIntegration {
+    fn new(config: GptConfig) -> Arc<Self> {
+        Arc::new(Self { config })
+    }
+
+    fn error(message: impl Into<String>) -> TrustedServerError {
+        TrustedServerError::Integration {
+            integration: GPT_INTEGRATION_ID.to_string(),
+            message: message.into(),
+        }
+    }
+
+    /// Build the upstream URL for a proxied GPT request.
+    ///
+    /// Strips the integration prefix from the request path and constructs
+    /// a full URL on the GPT host, preserving the original path and query.
+    ///
+    /// Returns `None` if `request_path` does not start with [`ROUTE_PREFIX`].
+    fn build_upstream_url(request_path: &str, query: Option<&str>) -> Option<String> {
+        let upstream_path = request_path.strip_prefix(ROUTE_PREFIX)?;
+        let query_part = query.map(|q| format!("?{}", q)).unwrap_or_default();
+        Some(format!(
+            "https://{SECUREPUBADS_HOST}{upstream_path}{query_part}"
+        ))
+    }
+
+    /// Check if a URL points at Google's GPT bootstrap script (`gpt.js`).
+    ///
+    /// Only matches the canonical host:
+    /// - `securepubads.g.doubleclick.net/tag/js/gpt.js`
+    ///
+    /// This matcher is intentionally strict and only controls HTML attribute
+    /// rewriting for the initial bootstrap tag. The `script_url` config option
+    /// still controls which upstream URL `/integrations/gpt/script` fetches.
+    fn is_gpt_script_url(url: &str) -> bool {
+        let parsed = Url::parse(url).or_else(|_| {
+            let stripped = url
+                .strip_prefix("//")
+                .ok_or(url::ParseError::RelativeUrlWithoutBase)?;
+            Url::parse(&format!("https://{stripped}"))
+        });
+
+        let Ok(parsed) = parsed else {
+            return false;
+        };
+
+        let Some(host) = parsed.host_str() else {
+            return false;
+        };
+
+        host.eq_ignore_ascii_case(SECUREPUBADS_HOST)
+            && parsed.path().eq_ignore_ascii_case("/tag/js/gpt.js")
+    }
+
+    /// Fetch and serve the GPT bootstrap script (`gpt.js`).
+    ///
+    /// The script body is served verbatim — domain rewriting for the
+    /// cascade (`pubads_impl`, sub-modules, etc.) is handled client-side
+    /// by the GPT script guard shim.
+    async fn handle_script_serving(
+        &self,
+        _settings: &Settings,
+        req: Request,
+    ) -> Result<Response, Report<TrustedServerError>> {
+        let script_url = &self.config.script_url;
+        log::info!("Fetching GPT script from: {}", script_url);
+
+        let mut gpt_req = Request::new(Method::GET, script_url);
+        Self::copy_accept_headers(&req, &mut gpt_req);
+
+        let backend_name = BackendConfig::from_url(script_url, true).change_context(
+            Self::error("Failed to determine backend for GPT script fetch"),
+        )?;
+
+        let mut gpt_response = gpt_req
+            .send(backend_name)
+            .change_context(Self::error(format!(
+                "Failed to fetch GPT script from {}",
+                script_url
+            )))?;
+
+        if !gpt_response.get_status().is_success() {
+            log::error!(
+                "GPT script fetch failed with status: {}",
+                gpt_response.get_status()
+            );
+            return Err(Report::new(Self::error(format!(
+                "GPT script returned error status: {}",
+                gpt_response.get_status()
+            ))));
+        }
+
+        let body = gpt_response.take_body_bytes();
+        log::info!("Successfully fetched GPT script: {} bytes", body.len());
+
+        let mut response = Response::from_status(StatusCode::OK)
+            .with_header(
+                header::CONTENT_TYPE,
+                "application/javascript; charset=utf-8",
+            )
+            .with_header(
+                header::CACHE_CONTROL,
+                format!("public, max-age={}", self.config.cache_ttl_seconds),
+            )
+            .with_header("X-GPT-Proxy", "true")
+            .with_body(body);
+
+        Self::copy_content_encoding_headers(&gpt_response, &mut response);
+
+        Ok(response)
+    }
+
+    /// Proxy a secondary GPT script (anything under `/pagead/*` or `/tag/*`).
+    ///
+    /// Requests to `/integrations/gpt/pagead/…` (or `/tag/…`) are forwarded
+    /// to `securepubads.g.doubleclick.net/…` and served verbatim. The
+    /// client-side GPT script guard handles URL rewriting for subsequent
+    /// cascade loads.
+    async fn handle_pagead_proxy(
+        &self,
+        _settings: &Settings,
+        req: Request,
+    ) -> Result<Response, Report<TrustedServerError>> {
+        let original_path = req.get_path();
+        let query = req.get_url().query();
+
+        let target_url = Self::build_upstream_url(original_path, query)
+            .ok_or_else(|| Self::error(format!("Invalid GPT pagead path: {}", original_path)))?;
+
+        log::info!("GPT proxy: forwarding to {}", target_url);
+
+        let mut upstream_req = Request::new(Method::GET, &target_url);
+        Self::copy_accept_headers(&req, &mut upstream_req);
+
+        let backend_name = BackendConfig::from_url(&format!("https://{SECUREPUBADS_HOST}"), true)
+            .change_context(Self::error(
+            "Failed to determine backend for GPT pagead proxy",
+        ))?;
+
+        let mut upstream_response =
+            upstream_req
+                .send(backend_name)
+                .change_context(Self::error(format!(
+                    "Failed to fetch GPT resource from {}",
+                    target_url
+                )))?;
+
+        if !upstream_response.get_status().is_success() {
+            log::error!(
+                "GPT pagead proxy: upstream returned status {}",
+                upstream_response.get_status()
+            );
+            return Err(Report::new(Self::error(format!(
+                "GPT pagead resource returned error status: {}",
+                upstream_response.get_status()
+            ))));
+        }
+
+        let content_type = upstream_response
+            .get_header_str(header::CONTENT_TYPE)
+            .unwrap_or("")
+            .to_string();
+
+        let body = upstream_response.take_body_bytes();
+        log::info!(
+            "GPT pagead proxy: fetched {} bytes ({})",
+            body.len(),
+            content_type
+        );
+
+        let mut response = Response::from_status(StatusCode::OK)
+            .with_header(header::CONTENT_TYPE, &content_type)
+            .with_header(
+                header::CACHE_CONTROL,
+                format!("public, max-age={}", self.config.cache_ttl_seconds),
+            )
+            .with_header("X-GPT-Proxy", "true")
+            .with_body(body);
+
+        Self::copy_content_encoding_headers(&upstream_response, &mut response);
+
+        Ok(response)
+    }
+
+    /// Copy safe content-negotiation headers to the upstream request.
+    fn copy_accept_headers(from: &Request, to: &mut Request) {
+        to.set_header(header::USER_AGENT, "TrustedServer/1.0");
+
+        for name in [
+            header::ACCEPT,
+            header::ACCEPT_LANGUAGE,
+            header::ACCEPT_ENCODING,
+        ] {
+            if let Some(value) = from.get_header(&name) {
+                to.set_header(name, value);
+            }
+        }
+    }
+
+    fn copy_content_encoding_headers(from: &Response, to: &mut Response) {
+        let Some(content_encoding) = from.get_header(header::CONTENT_ENCODING).cloned() else {
+            return;
+        };
+
+        to.set_header(header::CONTENT_ENCODING, content_encoding);
+
+        let vary = Self::vary_with_accept_encoding(from.get_header_str(header::VARY));
+        to.set_header(header::VARY, vary);
+    }
+
+    fn vary_with_accept_encoding(upstream_vary: Option<&str>) -> String {
+        match upstream_vary.map(str::trim) {
+            Some("*") => "*".to_string(),
+            Some(vary) if !vary.is_empty() => {
+                if vary
+                    .split(',')
+                    .any(|header_name| header_name.trim().eq_ignore_ascii_case("accept-encoding"))
+                {
+                    vary.to_string()
+                } else {
+                    format!("{vary}, Accept-Encoding")
+                }
+            }
+            _ => "Accept-Encoding".to_string(),
+        }
+    }
+}
+
+fn build(settings: &Settings) -> Option<Arc<GptIntegration>> {
+    let config = match settings.integration_config::<GptConfig>(GPT_INTEGRATION_ID) {
+        Ok(Some(config)) => config,
+        Ok(None) => {
+            log::debug!("[gpt] Integration disabled or not configured");
+            return None;
+        }
+        Err(err) => {
+            log::error!("Failed to load GPT integration config: {err:?}");
+            return None;
+        }
+    };
+
+    Some(GptIntegration::new(config))
+}
+
+/// Register the GPT integration.
+#[must_use]
+pub fn register(settings: &Settings) -> Option<IntegrationRegistration> {
+    let integration = build(settings)?;
+    Some(
+        IntegrationRegistration::builder(GPT_INTEGRATION_ID)
+            .with_proxy(integration.clone())
+            .with_attribute_rewriter(integration.clone())
+            .with_head_injector(integration)
+            .build(),
+    )
+}
+
+#[async_trait(?Send)]
+impl IntegrationProxy for GptIntegration {
+    fn integration_name(&self) -> &'static str {
+        GPT_INTEGRATION_ID
+    }
+
+    fn routes(&self) -> Vec<IntegrationEndpoint> {
+        vec![
+            self.get("/script"),
+            self.get("/pagead/*"),
+            self.get("/tag/*"),
+        ]
+    }
+
+    async fn handle(
+        &self,
+        settings: &Settings,
+        req: Request,
+    ) -> Result<Response, Report<TrustedServerError>> {
+        let path = req.get_path();
+
+        if path == "/integrations/gpt/script" {
+            self.handle_script_serving(settings, req).await
+        } else if path.starts_with("/integrations/gpt/pagead/")
+            || path.starts_with("/integrations/gpt/tag/")
+        {
+            self.handle_pagead_proxy(settings, req).await
+        } else {
+            Err(Report::new(Self::error(format!(
+                "Unknown GPT route: {}",
+                path
+            ))))
+        }
+    }
+}
+
+impl IntegrationAttributeRewriter for GptIntegration {
+    fn integration_id(&self) -> &'static str {
+        GPT_INTEGRATION_ID
+    }
+
+    fn handles_attribute(&self, attribute: &str) -> bool {
+        self.config.rewrite_script && matches!(attribute, "src" | "href")
+    }
+
+    fn rewrite(
+        &self,
+        _attr_name: &str,
+        attr_value: &str,
+        ctx: &IntegrationAttributeContext<'_>,
+    ) -> AttributeRewriteAction {
+        if !self.config.rewrite_script {
+            return AttributeRewriteAction::keep();
+        }
+
+        if Self::is_gpt_script_url(attr_value) {
+            AttributeRewriteAction::replace(format!(
+                "{}://{}/integrations/gpt/script",
+                ctx.request_scheme, ctx.request_host
+            ))
+        } else {
+            AttributeRewriteAction::keep()
+        }
+    }
+}
+
+impl IntegrationHeadInjector for GptIntegration {
+    fn integration_id(&self) -> &'static str {
+        GPT_INTEGRATION_ID
+    }
+
+    fn head_inserts(&self, _ctx: &IntegrationHtmlContext<'_>) -> Vec<String> {
+        vec!["<script>window.__tsjs_gpt_enabled=true;</script>".to_string()]
+    }
+}
+
+// Default value functions
+
+fn default_enabled() -> bool {
+    true
+}
+
+fn default_script_url() -> String {
+    "https://securepubads.g.doubleclick.net/tag/js/gpt.js".to_string()
+}
+
+fn default_cache_ttl() -> u32 {
+    3600
+}
+
+fn default_rewrite_script() -> bool {
+    true
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::integrations::IntegrationDocumentState;
+    use crate::test_support::tests::create_test_settings;
+
+    fn test_config() -> GptConfig {
+        GptConfig {
+            enabled: true,
+            script_url: default_script_url(),
+            cache_ttl_seconds: 3600,
+            rewrite_script: true,
+        }
+    }
+
+    fn test_context() -> IntegrationAttributeContext<'static> {
+        IntegrationAttributeContext {
+            attribute_name: "src",
+            request_host: "edge.example.com",
+            request_scheme: "https",
+            origin_host: "origin.example.com",
+        }
+    }
+
+    // -- URL detection --
+
+    #[test]
+    fn gpt_script_url_detection() {
+        assert!(
+            GptIntegration::is_gpt_script_url(
+                "https://securepubads.g.doubleclick.net/tag/js/gpt.js"
+            ),
+            "should match the standard GPT CDN URL"
+        );
+
+        assert!(
+            GptIntegration::is_gpt_script_url("//securepubads.g.doubleclick.net/tag/js/gpt.js"),
+            "should match protocol-relative GPT CDN URLs"
+        );
+
+        assert!(
+            GptIntegration::is_gpt_script_url(
+                "https://SECUREPUBADS.G.DOUBLECLICK.NET/tag/js/gpt.js"
+            ),
+            "should match case-insensitively"
+        );
+
+        assert!(
+            !GptIntegration::is_gpt_script_url("https://example.com/script.js"),
+            "should not match unrelated URLs"
+        );
+
+        assert!(
+            !GptIntegration::is_gpt_script_url(
+                "https://securepubads.g.doubleclick.net/other/script.js"
+            ),
+            "should not match other doubleclick paths"
+        );
+
+        assert!(
+            !GptIntegration::is_gpt_script_url(
+                "https://cdn.example.com/loader.js?ref=securepubads.g.doubleclick.net/tag/js/gpt.js"
+            ),
+            "should not match when GPT host appears only in query text"
+        );
+
+        assert!(
+            !GptIntegration::is_gpt_script_url(
+                "https://cdn.example.com/assets/securepubads.g.doubleclick.net/tag/js/gpt.js"
+            ),
+            "should not match when GPT host appears only in path text"
+        );
+    }
+
+    // -- Attribute rewriter --
+
+    #[test]
+    fn attribute_rewriter_rewrites_gpt_urls() {
+        let integration = GptIntegration::new(test_config());
+        let ctx = test_context();
+
+        let result = integration.rewrite(
+            "src",
+            "https://securepubads.g.doubleclick.net/tag/js/gpt.js",
+            &ctx,
+        );
+
+        match result {
+            AttributeRewriteAction::Replace(url) => {
+                assert_eq!(
+                    url, "https://edge.example.com/integrations/gpt/script",
+                    "should rewrite to first-party script endpoint"
+                );
+            }
+            other => panic!("Expected Replace action, got {:?}", other),
+        }
+    }
+
+    #[test]
+    fn attribute_rewriter_keeps_non_gpt_urls() {
+        let integration = GptIntegration::new(test_config());
+        let ctx = test_context();
+
+        let result = integration.rewrite("src", "https://cdn.example.com/analytics.js", &ctx);
+
+        assert_eq!(
+            result,
+            AttributeRewriteAction::Keep,
+            "should keep non-GPT URLs unchanged"
+        );
+    }
+
+    #[test]
+    fn attribute_rewriter_noop_when_disabled() {
+        let config = GptConfig {
+            rewrite_script: false,
+            ..test_config()
+        };
+        let integration = GptIntegration::new(config);
+        let ctx = test_context();
+
+        let result = integration.rewrite(
+            "src",
+            "https://securepubads.g.doubleclick.net/tag/js/gpt.js",
+            &ctx,
+        );
+
+        assert_eq!(
+            result,
+            AttributeRewriteAction::Keep,
+            "should keep GPT URLs when rewrite_script is disabled"
+        );
+    }
+
+    #[test]
+    fn handles_attribute_respects_config() {
+        let enabled = GptIntegration::new(test_config());
+        assert!(
+            enabled.handles_attribute("src"),
+            "should handle src when rewrite_script is true"
+        );
+        assert!(
+            enabled.handles_attribute("href"),
+            "should handle href when rewrite_script is true"
+        );
+        assert!(
+            !enabled.handles_attribute("action"),
+            "should not handle action attribute"
+        );
+
+        let disabled = GptIntegration::new(GptConfig {
+            rewrite_script: false,
+            ..test_config()
+        });
+        assert!(
+            !disabled.handles_attribute("src"),
+            "should not handle src when rewrite_script is false"
+        );
+    }
+
+    // -- Request header forwarding --
+
+    #[test]
+    fn copy_accept_headers_forwards_all_negotiation_headers() {
+        let mut inbound = Request::new(Method::GET, "https://publisher.example/page");
+        inbound.set_header(header::ACCEPT, "application/javascript");
+        inbound.set_header(header::ACCEPT_ENCODING, "br, gzip");
+        inbound.set_header(header::ACCEPT_LANGUAGE, "en-US,en;q=0.9");
+
+        let mut upstream = Request::new(
+            Method::GET,
+            "https://securepubads.g.doubleclick.net/tag/js/gpt.js",
+        );
+
+        GptIntegration::copy_accept_headers(&inbound, &mut upstream);
+
+        assert_eq!(
+            upstream.get_header_str(header::ACCEPT),
+            Some("application/javascript"),
+            "should forward Accept header for content negotiation"
+        );
+        assert_eq!(
+            upstream.get_header_str(header::ACCEPT_ENCODING),
+            Some("br, gzip"),
+            "should forward Accept-Encoding from the client"
+        );
+        assert_eq!(
+            upstream.get_header_str(header::ACCEPT_LANGUAGE),
+            Some("en-US,en;q=0.9"),
+            "should forward Accept-Language header for locale negotiation"
+        );
+        assert_eq!(
+            upstream.get_header_str(header::USER_AGENT),
+            Some("TrustedServer/1.0"),
+            "should set a stable user agent for GPT upstream requests"
+        );
+    }
+
+    // -- Response header forwarding --
+
+    #[test]
+    fn copy_content_encoding_headers_sets_encoding_and_vary() {
+        let upstream = Response::from_status(StatusCode::OK)
+            .with_header(header::CONTENT_ENCODING, "br")
+            .with_header(header::VARY, "Accept-Language");
+        let mut downstream = Response::from_status(StatusCode::OK);
+
+        GptIntegration::copy_content_encoding_headers(&upstream, &mut downstream);
+
+        assert_eq!(
+            downstream.get_header_str(header::CONTENT_ENCODING),
+            Some("br"),
+            "should forward Content-Encoding when upstream response is encoded"
+        );
+        assert_eq!(
+            downstream.get_header_str(header::VARY),
+            Some("Accept-Language, Accept-Encoding"),
+            "should include Accept-Encoding in Vary when forwarding encoded responses"
+        );
+    }
+
+    #[test]
+    fn copy_content_encoding_headers_preserves_existing_accept_encoding_vary() {
+        let upstream = Response::from_status(StatusCode::OK)
+            .with_header(header::CONTENT_ENCODING, "gzip")
+            .with_header(header::VARY, "Origin, Accept-Encoding");
+        let mut downstream = Response::from_status(StatusCode::OK);
+
+        GptIntegration::copy_content_encoding_headers(&upstream, &mut downstream);
+
+        assert_eq!(
+            downstream.get_header_str(header::VARY),
+            Some("Origin, Accept-Encoding"),
+            "should preserve existing Vary value when Accept-Encoding is already present"
+        );
+    }
+
+    #[test]
+    fn copy_content_encoding_headers_skips_unencoded_responses() {
+        let upstream = Response::from_status(StatusCode::OK).with_header(header::VARY, "Origin");
+        let mut downstream = Response::from_status(StatusCode::OK);
+
+        GptIntegration::copy_content_encoding_headers(&upstream, &mut downstream);
+
+        assert!(
+            downstream.get_header(header::CONTENT_ENCODING).is_none(),
+            "should not set Content-Encoding when upstream response is unencoded"
+        );
+        assert!(
+            downstream.get_header(header::VARY).is_none(),
+            "should not add Vary when Content-Encoding is absent"
+        );
+    }
+
+    // -- Route registration --
+
+    #[test]
+    fn routes_registered() {
+        let integration = GptIntegration::new(test_config());
+        let routes = integration.routes();
+
+        assert_eq!(routes.len(), 3, "should register three routes");
+
+        assert!(
+            routes
+                .iter()
+                .any(|r| r.path == "/integrations/gpt/script" && r.method == Method::GET),
+            "should register the bootstrap script endpoint"
+        );
+        assert!(
+            routes
+                .iter()
+                .any(|r| r.path == "/integrations/gpt/pagead/*" && r.method == Method::GET),
+            "should register the pagead wildcard proxy"
+        );
+        assert!(
+            routes
+                .iter()
+                .any(|r| r.path == "/integrations/gpt/tag/*" && r.method == Method::GET),
+            "should register the tag wildcard proxy"
+        );
+    }
+
+    // -- Build / register --
+
+    #[test]
+    fn build_requires_config() {
+        let settings = create_test_settings();
+        assert!(
+            build(&settings).is_none(),
+            "should not build without integration config"
+        );
+    }
+
+    #[test]
+    fn build_with_valid_config() {
+        let mut settings = create_test_settings();
+        settings
+            .integrations
+            .insert_config(
+                GPT_INTEGRATION_ID,
+                &serde_json::json!({
+                    "enabled": true,
+                    "script_url": "https://securepubads.g.doubleclick.net/tag/js/gpt.js",
+                    "cache_ttl_seconds": 3600,
+                    "rewrite_script": true
+                }),
+            )
+            .expect("should insert GPT config");
+
+        assert!(
+            build(&settings).is_some(),
+            "should build with valid integration config"
+        );
+    }
+
+    #[test]
+    fn build_disabled_returns_none() {
+        let mut settings = create_test_settings();
+        settings
+            .integrations
+            .insert_config(
+                GPT_INTEGRATION_ID,
+                &serde_json::json!({
+                    "enabled": false
+                }),
+            )
+            .expect("should insert GPT config");
+
+        assert!(
+            build(&settings).is_none(),
+            "should not build when integration is disabled"
+        );
+    }
+
+    // -- Upstream URL building --
+
+    #[test]
+    fn build_upstream_url_strips_prefix_and_preserves_path() {
+        let url = GptIntegration::build_upstream_url(
+            "/integrations/gpt/pagead/managed/js/gpt/current/pubads_impl.js",
+            None,
+        );
+        assert_eq!(
+            url.as_deref(),
+            Some("https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/current/pubads_impl.js"),
+            "should strip the integration prefix and build the upstream URL"
+        );
+    }
+
+    #[test]
+    fn build_upstream_url_preserves_query_string() {
+        let url = GptIntegration::build_upstream_url(
+            "/integrations/gpt/pagead/managed/js/gpt/current/pubads_impl.js",
+            Some("cb=123&foo=bar"),
+        );
+        assert_eq!(
+            url.as_deref(),
+            Some("https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/current/pubads_impl.js?cb=123&foo=bar"),
+            "should preserve the query string in the upstream URL"
+        );
+    }
+
+    #[test]
+    fn build_upstream_url_handles_tag_routes() {
+        let url =
+            GptIntegration::build_upstream_url("/integrations/gpt/tag/js/gpt.js", Some("v=2"));
+        assert_eq!(
+            url.as_deref(),
+            Some("https://securepubads.g.doubleclick.net/tag/js/gpt.js?v=2"),
+            "should handle /tag/* routes correctly"
+        );
+    }
+
+    #[test]
+    fn build_upstream_url_returns_none_for_invalid_prefix() {
+        let url = GptIntegration::build_upstream_url("/some/other/path", None);
+        assert!(
+            url.is_none(),
+            "should return None when path does not start with the integration prefix"
+        );
+    }
+
+    #[test]
+    fn build_upstream_url_handles_empty_path_after_prefix() {
+        let url = GptIntegration::build_upstream_url("/integrations/gpt", None);
+        assert_eq!(
+            url.as_deref(),
+            Some("https://securepubads.g.doubleclick.net"),
+            "should handle path that is exactly the prefix"
+        );
+    }
+
+    // -- Vary header edge cases --
+
+    #[test]
+    fn vary_with_accept_encoding_wildcard() {
+        let result = GptIntegration::vary_with_accept_encoding(Some("*"));
+        assert_eq!(
+            result, "*",
+            "should preserve Vary: * wildcard without appending Accept-Encoding"
+        );
+    }
+
+    #[test]
+    fn vary_with_accept_encoding_case_insensitive() {
+        let result = GptIntegration::vary_with_accept_encoding(Some("Origin, ACCEPT-ENCODING"));
+        assert_eq!(
+            result, "Origin, ACCEPT-ENCODING",
+            "should detect Accept-Encoding case-insensitively"
+        );
+    }
+
+    #[test]
+    fn vary_with_accept_encoding_adds_when_missing() {
+        let result = GptIntegration::vary_with_accept_encoding(Some("Origin"));
+        assert_eq!(
+            result, "Origin, Accept-Encoding",
+            "should append Accept-Encoding when not present"
+        );
+    }
+
+    #[test]
+    fn vary_with_accept_encoding_empty_upstream() {
+        let result = GptIntegration::vary_with_accept_encoding(None);
+        assert_eq!(
+            result, "Accept-Encoding",
+            "should use Accept-Encoding as default when upstream has no Vary"
+        );
+    }
+
+    #[test]
+    fn vary_with_accept_encoding_empty_string() {
+        let result = GptIntegration::vary_with_accept_encoding(Some(""));
+        assert_eq!(
+            result, "Accept-Encoding",
+            "should treat empty string the same as absent Vary"
+        );
+    }
+
+    // -- Head injector --
+
+    #[test]
+    fn head_injector_emits_enable_flag() {
+        let integration = GptIntegration::new(test_config());
+        let doc_state = IntegrationDocumentState::default();
+        let ctx = IntegrationHtmlContext {
+            request_host: "edge.example.com",
+            request_scheme: "https",
+            origin_host: "example.com",
+            document_state: &doc_state,
+        };
+
+        let inserts = integration.head_inserts(&ctx);
+
+        assert_eq!(inserts.len(), 1, "should emit exactly one head insert");
+        assert_eq!(
+            inserts[0], "<script>window.__tsjs_gpt_enabled=true;</script>",
+            "should set __tsjs_gpt_enabled flag for the client-side GPT shim"
+        );
+    }
+
+    #[test]
+    fn head_injector_integration_id() {
+        let integration = GptIntegration::new(test_config());
+        assert_eq!(
+            IntegrationHeadInjector::integration_id(integration.as_ref()),
+            "gpt"
+        );
+    }
+}
diff --git a/crates/common/src/integrations/mod.rs b/crates/common/src/integrations/mod.rs
index 464c36dd..588b9e3a 100644
--- a/crates/common/src/integrations/mod.rs
+++ b/crates/common/src/integrations/mod.rs
@@ -6,6 +6,7 @@ pub mod adserver_mock;
 pub mod aps;
 pub mod datadome;
 pub mod didomi;
+pub mod gpt;
 pub mod lockr;
 pub mod nextjs;
 pub mod permutive;
@@ -32,5 +33,6 @@ pub(crate) fn builders() -> &'static [IntegrationBuilder] {
         lockr::register,
         didomi::register,
         datadome::register,
+        gpt::register,
     ]
 }
diff --git a/crates/js/lib/src/integrations/gpt/index.ts b/crates/js/lib/src/integrations/gpt/index.ts
new file mode 100644
index 00000000..00c68d9f
--- /dev/null
+++ b/crates/js/lib/src/integrations/gpt/index.ts
@@ -0,0 +1,170 @@
+import { log } from '../../core/log';
+
+import { installGptGuard } from './script_guard';
+
+/**
+ * Google Publisher Tags (GPT) Integration Shim
+ *
+ * Hooks into the googletag.cmd command queue so the Trusted Server can
+ * observe and augment ad-slot definitions before GPT processes them.
+ * The shim ensures the googletag stub exists early (matching GPT's own
+ * bootstrap pattern) and patches `cmd.push` to wrap queued callbacks.
+ *
+ * Current capabilities:
+ *   - Installs a script guard that rewrites dynamically inserted GPT
+ *     `<script>` elements to the first-party proxy endpoint.
+ *   - Takes over the `googletag.cmd` array so that every callback runs
+ *     through a wrapper that can inject targeting, logging, or consent
+ *     signals before the real GPT processes the command.
+ *
+ * Future enhancements (driven by config or tsjs API):
+ *   - Inject synthetic ID as page-level key-value targeting.
+ *   - Gate ad requests on consent status.
+ *   - Rewrite ad-unit paths for A/B testing.
+ */
+
+// ------------------------------------------------------------------
+// googletag type stubs (minimal surface needed by the shim)
+// ------------------------------------------------------------------
+
+interface GoogleTagSlot {
+  getAdUnitPath(): string;
+  getSlotElementId(): string;
+  setTargeting(key: string, value: string | string[]): GoogleTagSlot;
+}
+
+interface GoogleTagPubAdsService {
+  setTargeting(key: string, value: string | string[]): GoogleTagPubAdsService;
+  getTargeting(key: string): string[];
+  enableSingleRequest(): void;
+}
+
+interface GoogleTag {
+  cmd: Array<() => void>;
+  pubads(): GoogleTagPubAdsService;
+  defineSlot(
+    adUnitPath: string,
+    size: Array<number | number[]>,
+    elementId: string
+  ): GoogleTagSlot | null;
+  enableServices(): void;
+  display(elementId: string): void;
+  _loaded_?: boolean;
+}
+
+type GptWindow = Window & {
+  googletag?: Partial<GoogleTag>;
+};
+
+// ------------------------------------------------------------------
+// Shim implementation
+// ------------------------------------------------------------------
+
+/**
+ * Ensure the `googletag` stub exists on `window`.
+ *
+ * This mirrors the official GPT bootstrap snippet:
+ * ```js
+ * window.googletag = window.googletag || {};
+ * googletag.cmd = googletag.cmd || [];
+ * ```
+ * By running before the publisher's own snippet we can patch `cmd` early.
+ */
+function ensureGoogleTagStub(win: GptWindow): Partial<GoogleTag> {
+  const tag = (win.googletag = win.googletag ?? {});
+  tag.cmd = tag.cmd ?? [];
+  return tag;
+}
+
+/**
+ * Wrap a queued GPT callback to add instrumentation and future hook points.
+ *
+ * Today the wrapper only logs; as the integration matures it will inject
+ * synthetic ID targeting and consent gates.
+ */
+function wrapCommand(fn: () => void): () => void {
+  return () => {
+    try {
+      fn();
+    } catch (err) {
+      log.error('GPT shim: queued command threw', err);
+    }
+  };
+}
+
+/**
+ * Patch `googletag.cmd` so every pushed callback runs through [`wrapCommand`].
+ *
+ * Preserves the existing `tag.cmd` array identity so that GPT's own custom
+ * `cmd.push` behaviour (immediate execution when the library is already
+ * loaded) is not lost. The original `push` is saved and delegated to after
+ * wrapping each callback.
+ *
+ * Already-queued callbacks are re-wrapped in place so GPT processes them
+ * through our wrapper when it drains the queue.
+ */
+function patchCommandQueue(tag: Partial<GoogleTag>): void {
+  // Ensure the queue exists.
+  if (!Array.isArray(tag.cmd)) {
+    tag.cmd = [];
+  }
+
+  const queue = tag.cmd;
+
+  // Guard against double-patching (idempotent install).
+  if ((queue as { __tsPushed?: boolean }).__tsPushed) {
+    log.debug('GPT shim: command queue already patched, skipping');
+    return;
+  }
+
+  const originalPush = queue.push.bind(queue);
+
+  // Override push on the *existing* array — preserves object identity so
+  // GPT (if already loaded) keeps its reference.
+  queue.push = function (...callbacks: Array<() => void>): number {
+    const wrapped = callbacks.map(wrapCommand);
+    return originalPush(...wrapped);
+  };
+
+  // Mark as patched to prevent double-wrapping.
+  (queue as { __tsPushed?: boolean }).__tsPushed = true;
+
+  // Re-wrap any callbacks that were queued before we patched.
+  for (let i = 0; i < queue.length; i++) {
+    queue[i] = wrapCommand(queue[i]);
+  }
+
+  log.debug('GPT shim: command queue patched', { pendingCommands: queue.length });
+}
+
+/**
+ * Install the GPT integration shim.
+ *
+ * Sets up the script guard for dynamic script interception and patches the
+ * `googletag.cmd` command queue.
+ */
+export function installGptShim(): boolean {
+  if (typeof window === 'undefined') {
+    return false;
+  }
+
+  const win = window as GptWindow;
+
+  // Install DOM interception guard first so any dynamic GPT script insertions
+  // are rewritten before the browser fetches them.
+  installGptGuard();
+
+  const tag = ensureGoogleTagStub(win);
+  patchCommandQueue(tag);
+
+  log.info('GPT shim installed');
+  return true;
+}
+
+// Self-initialise on import when the server-side GPT integration is enabled.
+// The trusted server injects `window.__tsjs_gpt_enabled = true` via an inline
+// script (IntegrationHeadInjector) so the shim stays dormant when the GPT proxy
+// routes are not registered.
+if (typeof window !== 'undefined' && (window as Record<string, unknown>).__tsjs_gpt_enabled) {
+  installGptShim();
+}
diff --git a/crates/js/lib/src/integrations/gpt/script_guard.ts b/crates/js/lib/src/integrations/gpt/script_guard.ts
new file mode 100644
index 00000000..97c0914e
--- /dev/null
+++ b/crates/js/lib/src/integrations/gpt/script_guard.ts
@@ -0,0 +1,619 @@
+import { log } from '../../core/log';
+
+/**
+ * GPT Script Interception Guard
+ *
+ * Intercepts script elements whose URLs point at Google's ad-serving domains
+ * and synchronously rewrites them to the first-party proxy, preserving the
+ * original path. This guard performs a *host swap*:
+ *
+ *   securepubads.g.doubleclick.net/pagead/managed/js/gpt/…/pubads_impl.js
+ *   → publisher.com/integrations/gpt/pagead/managed/js/gpt/…/pubads_impl.js
+ *
+ * The server-side proxy serves script bodies verbatim, so this guard is
+ * the sole mechanism that routes GPT's cascaded script loads (pubads_impl,
+ * sub-modules, viewability, etc.) back through the first-party proxy.
+ *
+ * ## Interception layers
+ *
+ * 1. **`document.write` / `document.writeln`** — GPT's primary loading
+ *    mechanism. When gpt.js loads synchronously it uses `document.write`
+ *    to inject `<script src="...pubads_impl.js">` directly into the
+ *    HTML parser stream. We intercept these calls and rewrite GPT domain
+ *    URLs inside the HTML string before passing it to the native method.
+ * 2. **Property descriptor** on `HTMLScriptElement.prototype.src` — catches
+ *    `script.src = url` (the async fallback path GPT uses when
+ *    `document.write` is unavailable).
+ * 3. **`setAttribute` patch** on `HTMLScriptElement.prototype` — catches
+ *    `script.setAttribute('src', url)`.
+ * 4. **`document.createElement` patch** — tags every newly created
+ *    `<script>` element with a per-instance `src` descriptor as a
+ *    fallback when the prototype descriptor cannot be installed.
+ * 5. **DOM insertion patches** on `appendChild` / `insertBefore` — catches
+ *    scripts and `<link rel="preload">` elements at insertion time.
+ * 6. **`MutationObserver`** — catches elements added to the DOM via
+ *    `innerHTML`, `.append()`, etc., or attribute mutations on existing
+ *    elements.
+ */
+
+const LOG_PREFIX = 'GPT guard';
+
+/** The Google ad-serving domain whose scripts should be proxied. */
+const GPT_DOMAIN = 'securepubads.g.doubleclick.net';
+
+/** Integration route prefix on the first-party domain. */
+const PROXY_PREFIX = '/integrations/gpt';
+
+// ---------------------------------------------------------------------------
+// URL helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Parse a URL string into a URL object, supporting protocol-relative URLs.
+ */
+function parseUrl(url: string): URL | undefined {
+  if (!url) return undefined;
+
+  try {
+    if (typeof window !== 'undefined') {
+      return new URL(url, window.location.href);
+    }
+    return new URL(url);
+  } catch {
+    if (!url.startsWith('//')) {
+      return undefined;
+    }
+
+    try {
+      return new URL(`https:${url}`);
+    } catch {
+      return undefined;
+    }
+  }
+}
+
+/**
+ * Check if a URL belongs to the GPT domain we proxy.
+ */
+function isGptDomainUrl(url: string): boolean {
+  const parsed = parseUrl(url);
+  return !!parsed && parsed.hostname.toLowerCase() === GPT_DOMAIN;
+}
+
+/**
+ * Rewrite a GPT URL to the first-party proxy, preserving the path.
+ *
+ * ```
+ * https://securepubads.g.doubleclick.net/pagead/managed/…
+ * → https://publisher.com/integrations/gpt/pagead/managed/…
+ * ```
+ */
+function rewriteUrl(originalUrl: string): string {
+  const parsed = parseUrl(originalUrl);
+  if (!parsed || typeof window === 'undefined') {
+    return originalUrl;
+  }
+
+  const protocol = window.location.protocol === 'https:' ? 'https' : 'http';
+  const host = window.location.host;
+  return `${protocol}://${host}${PROXY_PREFIX}${parsed.pathname}${parsed.search}${parsed.hash}`;
+}
+
+// ---------------------------------------------------------------------------
+// Native references (captured once at install time)
+// ---------------------------------------------------------------------------
+
+let nativeDocWrite: ((this: Document, ...args: string[]) => void) | undefined;
+let nativeDocWriteln: ((this: Document, ...args: string[]) => void) | undefined;
+let nativeSrcSet: ((this: HTMLScriptElement, value: string) => void) | undefined;
+let nativeSrcGet: ((this: HTMLScriptElement) => string) | undefined;
+let nativeSrcDescriptor: PropertyDescriptor | undefined;
+let nativeSetAttribute: typeof HTMLScriptElement.prototype.setAttribute | undefined;
+let nativeCreateElement: typeof document.createElement | undefined;
+let nativeAppendChild: typeof Element.prototype.appendChild | undefined;
+let nativeInsertBefore: typeof Element.prototype.insertBefore | undefined;
+let mutationObserver: MutationObserver | undefined;
+
+// ---------------------------------------------------------------------------
+// Tracking — prevent double-rewriting
+// ---------------------------------------------------------------------------
+
+/** Elements whose src we've already rewritten. Value is the rewritten URL. */
+let rewritten = new WeakMap<HTMLScriptElement | HTMLLinkElement, string>();
+
+function alreadyRewritten(element: HTMLScriptElement | HTMLLinkElement, url: string): boolean {
+  return rewritten.get(element) === url;
+}
+
+// ---------------------------------------------------------------------------
+// Core rewrite logic
+// ---------------------------------------------------------------------------
+
+/**
+ * Apply a rewritten URL to a script element using the native setter,
+ * bypassing our property descriptor.
+ */
+function applySrc(element: HTMLScriptElement, url: string): void {
+  if (nativeSrcSet) {
+    nativeSrcSet.call(element, url);
+  } else if (nativeSetAttribute) {
+    nativeSetAttribute.call(element, 'src', url);
+  } else {
+    element.setAttribute('src', url);
+  }
+}
+
+/**
+ * If the URL is a GPT domain URL, rewrite it. Returns the (possibly
+ * rewritten) URL and whether a rewrite was performed.
+ */
+function maybeRewrite(url: string): { url: string; didRewrite: boolean } {
+  if (!isGptDomainUrl(url)) {
+    return { url, didRewrite: false };
+  }
+  return { url: rewriteUrl(url), didRewrite: true };
+}
+
+/**
+ * Attempt to rewrite a script element's src if it points at a GPT domain.
+ */
+function rewriteScriptSrc(element: HTMLScriptElement, rawUrl: string): void {
+  const { url: finalUrl, didRewrite } = maybeRewrite(rawUrl);
+  if (!didRewrite) return;
+  if (alreadyRewritten(element, finalUrl)) return;
+
+  log.info(`${LOG_PREFIX}: rewriting script src`, { original: rawUrl, rewritten: finalUrl });
+  rewritten.set(element, finalUrl);
+  applySrc(element, finalUrl);
+}
+
+/**
+ * Attempt to rewrite a link element's href if it's a preload/prefetch for
+ * a GPT-domain script.
+ */
+function rewriteLinkHref(element: HTMLLinkElement): void {
+  const rel = element.getAttribute('rel');
+  if (rel !== 'preload' && rel !== 'prefetch') return;
+  if (element.getAttribute('as') !== 'script') return;
+
+  const href = element.href || element.getAttribute('href') || '';
+  const { url: finalUrl, didRewrite } = maybeRewrite(href);
+  if (!didRewrite) return;
+  if (alreadyRewritten(element, finalUrl)) return;
+
+  log.info(`${LOG_PREFIX}: rewriting ${rel} link`, { original: href, rewritten: finalUrl });
+  rewritten.set(element, finalUrl);
+  element.href = finalUrl;
+}
+
+// ---------------------------------------------------------------------------
+// Layer 1: document.write / document.writeln interception
+// ---------------------------------------------------------------------------
+
+/**
+ * Regex that matches `src="..."` or `src='...'` attributes inside a
+ * `<script>` tag where the URL text mentions the GPT domain token. We capture:
+ *   1. Everything before the URL (the `src=` prefix with quote)
+ *   2. The URL itself
+ *   3. Everything after the URL (the closing quote)
+ *
+ * This handles the HTML that GPT's `Xd` function produces, e.g.:
+ *   `<script src="https://securepubads.g.doubleclick.net/pagead/…/pubads_impl.js" …></script>`
+ *
+ * Hostname verification still happens in [`maybeRewrite`], so URLs that merely
+ * contain the token in query text are left unchanged.
+ */
+const SCRIPT_SRC_RE =
+  /(<script\b[^>]*?\bsrc\s*=\s*["'])([^"']*securepubads\.g\.doubleclick\.net[^"']*)(["'])/gi;
+
+/**
+ * Rewrite GPT domain URLs inside raw HTML strings passed to
+ * `document.write` / `document.writeln`.
+ */
+function rewriteHtmlString(html: string): string {
+  SCRIPT_SRC_RE.lastIndex = 0;
+  if (!SCRIPT_SRC_RE.test(html)) return html;
+  SCRIPT_SRC_RE.lastIndex = 0;
+
+  return html.replace(SCRIPT_SRC_RE, (_match, prefix: string, url: string, suffix: string) => {
+    const { url: rewrittenUrl, didRewrite } = maybeRewrite(url);
+    if (!didRewrite) {
+      return `${prefix}${url}${suffix}`;
+    }
+
+    log.info(`${LOG_PREFIX}: rewriting document.write script src`, {
+      original: url,
+      rewritten: rewrittenUrl,
+    });
+    return `${prefix}${rewrittenUrl}${suffix}`;
+  });
+}
+
+function installDocumentWritePatch(): void {
+  if (typeof document === 'undefined') return;
+
+  nativeDocWrite = document.write;
+  nativeDocWriteln = document.writeln;
+
+  document.write = function patchedWrite(this: Document, ...args: string[]): void {
+    const rewrittenArgs = args.map((arg) =>
+      typeof arg === 'string' ? rewriteHtmlString(arg) : arg
+    );
+    nativeDocWrite!.apply(this, rewrittenArgs);
+  };
+
+  document.writeln = function patchedWriteln(this: Document, ...args: string[]): void {
+    const rewrittenArgs = args.map((arg) =>
+      typeof arg === 'string' ? rewriteHtmlString(arg) : arg
+    );
+    nativeDocWriteln!.apply(this, rewrittenArgs);
+  };
+
+  log.info(`${LOG_PREFIX}: document.write/writeln patch installed`);
+}
+
+// ---------------------------------------------------------------------------
+// Layer 2: Property descriptor on HTMLScriptElement.prototype.src
+// ---------------------------------------------------------------------------
+
+function installSrcDescriptor(): boolean {
+  if (typeof HTMLScriptElement === 'undefined') return false;
+
+  const descriptor = Object.getOwnPropertyDescriptor(HTMLScriptElement.prototype, 'src');
+  if (!descriptor || typeof descriptor.set !== 'function') {
+    log.debug(`${LOG_PREFIX}: HTMLScriptElement.prototype.src has no setter, skipping descriptor`);
+    return false;
+  }
+  if (descriptor.configurable === false) {
+    log.debug(`${LOG_PREFIX}: HTMLScriptElement.prototype.src is not configurable`);
+    return false;
+  }
+
+  nativeSrcDescriptor = descriptor;
+  nativeSrcSet = descriptor.set;
+  nativeSrcGet = typeof descriptor.get === 'function' ? descriptor.get : undefined;
+
+  try {
+    Object.defineProperty(HTMLScriptElement.prototype, 'src', {
+      configurable: true,
+      enumerable: descriptor.enumerable ?? true,
+      get(this: HTMLScriptElement): string {
+        if (nativeSrcGet) {
+          return nativeSrcGet.call(this);
+        }
+        return this.getAttribute('src') ?? '';
+      },
+      set(this: HTMLScriptElement, value: string) {
+        const raw = String(value ?? '');
+        const { url: finalUrl, didRewrite } = maybeRewrite(raw);
+        if (didRewrite && !alreadyRewritten(this, finalUrl)) {
+          log.info(`${LOG_PREFIX}: intercepted src setter`, { original: raw, rewritten: finalUrl });
+          rewritten.set(this, finalUrl);
+          applySrc(this, finalUrl);
+        } else {
+          applySrc(this, raw);
+        }
+      },
+    });
+    log.info(`${LOG_PREFIX}: src property descriptor installed`);
+    return true;
+  } catch (err) {
+    log.debug(`${LOG_PREFIX}: failed to install src descriptor`, err);
+    return false;
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Layer 3: setAttribute patch on HTMLScriptElement.prototype
+// ---------------------------------------------------------------------------
+
+// Track instance-level src patching to avoid redundant work.
+let instancePatched = new WeakSet<HTMLScriptElement>();
+
+/**
+ * Install a per-instance `src` property descriptor on a script element.
+ * Used as a fallback when the prototype-level descriptor cannot be
+ * installed, or as belt-and-suspenders from `document.createElement`.
+ */
+function ensureInstancePatched(element: HTMLScriptElement): void {
+  if (instancePatched.has(element)) return;
+  instancePatched.add(element);
+
+  try {
+    Object.defineProperty(element, 'src', {
+      configurable: true,
+      enumerable: true,
+      get(this: HTMLScriptElement): string {
+        if (nativeSrcGet) {
+          return nativeSrcGet.call(this);
+        }
+        return this.getAttribute('src') ?? '';
+      },
+      set(this: HTMLScriptElement, value: string) {
+        const raw = String(value ?? '');
+        const { url: finalUrl, didRewrite } = maybeRewrite(raw);
+        if (didRewrite && !alreadyRewritten(this, finalUrl)) {
+          log.info(`${LOG_PREFIX}: intercepted instance src setter`, {
+            original: raw,
+            rewritten: finalUrl,
+          });
+          rewritten.set(this, finalUrl);
+          applySrc(this, finalUrl);
+        } else {
+          applySrc(this, raw);
+        }
+      },
+    });
+  } catch {
+    // Instance-level defineProperty can fail in some environments.
+  }
+}
+
+function installSetAttributePatch(): void {
+  if (typeof HTMLScriptElement === 'undefined') return;
+
+  nativeSetAttribute = HTMLScriptElement.prototype.setAttribute;
+
+  HTMLScriptElement.prototype.setAttribute = function patchedSetAttribute(
+    this: HTMLScriptElement,
+    name: string,
+    value: string
+  ): void {
+    if (typeof name === 'string' && name.toLowerCase() === 'src') {
+      const raw = String(value ?? '');
+      const { url: finalUrl, didRewrite } = maybeRewrite(raw);
+      if (didRewrite && !alreadyRewritten(this, finalUrl)) {
+        log.info(`${LOG_PREFIX}: intercepted setAttribute('src')`, {
+          original: raw,
+          rewritten: finalUrl,
+        });
+        rewritten.set(this, finalUrl);
+        nativeSetAttribute!.call(this, name, finalUrl);
+        return;
+      }
+    }
+    nativeSetAttribute!.call(this, name, value);
+  };
+
+  log.info(`${LOG_PREFIX}: setAttribute patch installed`);
+}
+
+// ---------------------------------------------------------------------------
+// Layer 4: document.createElement patch
+// ---------------------------------------------------------------------------
+
+/**
+ * Patch `document.createElement` so that every newly created `<script>`
+ * element gets a per-instance `src` descriptor. This ensures coverage
+ * even if the prototype-level descriptor failed to install.
+ */
+function installCreateElementPatch(): void {
+  if (typeof document === 'undefined') return;
+
+  nativeCreateElement = document.createElement;
+
+  document.createElement = function patchedCreateElement(
+    this: Document,
+    tagName: string,
+    options?: ElementCreationOptions
+  ): HTMLElement {
+    const el = nativeCreateElement!.call(this, tagName, options);
+    if (typeof tagName === 'string' && tagName.toLowerCase() === 'script') {
+      ensureInstancePatched(el as HTMLScriptElement);
+    }
+    return el;
+  } as typeof document.createElement;
+
+  log.info(`${LOG_PREFIX}: document.createElement patch installed`);
+}
+
+// ---------------------------------------------------------------------------
+// Layer 5: DOM insertion patches (appendChild / insertBefore)
+// ---------------------------------------------------------------------------
+
+/**
+ * Check a node at insertion time and rewrite if it's a GPT script or
+ * preload link.
+ */
+function checkNodeAtInsertion(node: Node): void {
+  if (!(node instanceof HTMLElement)) return;
+
+  if (node.tagName === 'SCRIPT') {
+    const src = (node as HTMLScriptElement).src || node.getAttribute('src') || '';
+    if (src) rewriteScriptSrc(node as HTMLScriptElement, src);
+  } else if (node.tagName === 'LINK') {
+    rewriteLinkHref(node as HTMLLinkElement);
+  }
+}
+
+function installDomInsertionPatches(): void {
+  if (typeof Element === 'undefined') return;
+
+  nativeAppendChild = Element.prototype.appendChild;
+  nativeInsertBefore = Element.prototype.insertBefore;
+
+  Element.prototype.appendChild = function <T extends Node>(this: Element, node: T): T {
+    checkNodeAtInsertion(node);
+    return nativeAppendChild!.call(this, node) as T;
+  };
+
+  Element.prototype.insertBefore = function <T extends Node>(
+    this: Element,
+    node: T,
+    reference: Node | null
+  ): T {
+    checkNodeAtInsertion(node);
+    return nativeInsertBefore!.call(this, node, reference) as T;
+  };
+
+  log.info(`${LOG_PREFIX}: DOM insertion patches installed`);
+}
+
+// ---------------------------------------------------------------------------
+// Layer 6: MutationObserver
+// ---------------------------------------------------------------------------
+
+function installMutationObserver(): void {
+  if (typeof document === 'undefined' || typeof MutationObserver === 'undefined') return;
+
+  mutationObserver?.disconnect();
+  mutationObserver = new MutationObserver((records) => {
+    for (const record of records) {
+      // Attribute mutation on an existing script element.
+      if (record.type === 'attributes' && record.attributeName === 'src') {
+        const target = record.target;
+        if (target instanceof HTMLScriptElement) {
+          const src = target.src || target.getAttribute('src') || '';
+          if (src) rewriteScriptSrc(target, src);
+        }
+        continue;
+      }
+
+      // New nodes added to the DOM (catches innerHTML, document.write, .append(), etc.)
+      if (record.type === 'childList') {
+        record.addedNodes.forEach((node) => {
+          if (node instanceof HTMLScriptElement) {
+            const src = node.src || node.getAttribute('src') || '';
+            if (src) rewriteScriptSrc(node, src);
+            return;
+          }
+          if (node instanceof HTMLLinkElement) {
+            rewriteLinkHref(node);
+            return;
+          }
+          // Check children of container nodes (e.g. innerHTML sets a subtree).
+          if (node instanceof Element) {
+            node.querySelectorAll<HTMLScriptElement>('script[src]').forEach((script) => {
+              const src = script.src || script.getAttribute('src') || '';
+              if (src) rewriteScriptSrc(script, src);
+            });
+            node
+              .querySelectorAll<HTMLLinkElement>('link[rel="preload"][as="script"]')
+              .forEach((link) => rewriteLinkHref(link));
+          }
+        });
+      }
+    }
+  });
+
+  mutationObserver.observe(document, {
+    subtree: true,
+    childList: true,
+    attributes: true,
+    attributeFilter: ['src'],
+  });
+
+  log.info(`${LOG_PREFIX}: mutation observer active`);
+}
+
+// ---------------------------------------------------------------------------
+// Guard lifecycle
+// ---------------------------------------------------------------------------
+
+let installed = false;
+
+/**
+ * Install the GPT guard.
+ *
+ * Sets up six interception layers (document.write, property descriptor,
+ * setAttribute, createElement, DOM insertion, MutationObserver) to catch
+ * GPT script URLs regardless of how they are set or inserted.
+ */
+export function installGptGuard(): void {
+  if (installed) {
+    log.debug(`${LOG_PREFIX}: already installed, skipping`);
+    return;
+  }
+
+  if (typeof window === 'undefined') {
+    log.debug(`${LOG_PREFIX}: not in browser environment, skipping`);
+    return;
+  }
+
+  log.info(`${LOG_PREFIX}: installing interception for Google ad scripts`);
+
+  // Layer 1: intercept document.write('<script src="...">') — GPT's primary path
+  installDocumentWritePatch();
+
+  // Layer 2: intercept .src = "..." on any HTMLScriptElement
+  installSrcDescriptor();
+
+  // Layer 3: intercept .setAttribute('src', "...")
+  installSetAttributePatch();
+
+  // Layer 4: intercept document.createElement('script') for instance-level patching
+  installCreateElementPatch();
+
+  // Layer 5: intercept appendChild / insertBefore (scripts + link preloads)
+  installDomInsertionPatches();
+
+  // Layer 6: catch anything else via MutationObserver
+  installMutationObserver();
+
+  installed = true;
+  log.info(`${LOG_PREFIX}: all interception layers installed`);
+}
+
+/**
+ * Check if the guard is currently installed.
+ */
+export function isGuardInstalled(): boolean {
+  return installed;
+}
+
+/**
+ * Reset the guard installation state (primarily for testing).
+ */
+export function resetGuardState(): void {
+  mutationObserver?.disconnect();
+  mutationObserver = undefined;
+
+  if (typeof document !== 'undefined') {
+    if (nativeDocWrite) {
+      document.write = nativeDocWrite;
+    }
+    if (nativeDocWriteln) {
+      document.writeln = nativeDocWriteln;
+    }
+    if (nativeCreateElement) {
+      document.createElement = nativeCreateElement;
+    }
+  }
+
+  if (typeof HTMLScriptElement !== 'undefined') {
+    if (nativeSetAttribute) {
+      HTMLScriptElement.prototype.setAttribute = nativeSetAttribute;
+    }
+    if (nativeSrcDescriptor) {
+      try {
+        Object.defineProperty(HTMLScriptElement.prototype, 'src', nativeSrcDescriptor);
+      } catch {
+        // Some test environments do not allow descriptor restoration.
+      }
+    }
+  }
+
+  if (typeof Element !== 'undefined') {
+    if (nativeAppendChild) {
+      Element.prototype.appendChild = nativeAppendChild;
+    }
+    if (nativeInsertBefore) {
+      Element.prototype.insertBefore = nativeInsertBefore;
+    }
+  }
+
+  nativeDocWrite = undefined;
+  nativeDocWriteln = undefined;
+  nativeSrcSet = undefined;
+  nativeSrcGet = undefined;
+  nativeSrcDescriptor = undefined;
+  nativeSetAttribute = undefined;
+  nativeCreateElement = undefined;
+  nativeAppendChild = undefined;
+  nativeInsertBefore = undefined;
+
+  rewritten = new WeakMap<HTMLScriptElement | HTMLLinkElement, string>();
+  instancePatched = new WeakSet<HTMLScriptElement>();
+
+  installed = false;
+}
diff --git a/crates/js/lib/test/integrations/gpt/index.test.ts b/crates/js/lib/test/integrations/gpt/index.test.ts
new file mode 100644
index 00000000..3db87fea
--- /dev/null
+++ b/crates/js/lib/test/integrations/gpt/index.test.ts
@@ -0,0 +1,210 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+
+import { isGuardInstalled, resetGuardState } from '../../../src/integrations/gpt/script_guard';
+
+// We import installGptShim dynamically to avoid the auto-init side effect.
+// Tests call installGptShim() explicitly after setting up the environment.
+
+type GptWindow = Window & {
+  googletag?: {
+    cmd: Array<() => void> & {
+      push: (...items: Array<() => void>) => number;
+      __tsPushed?: boolean;
+    };
+    _loaded_?: boolean;
+  };
+};
+
+describe('GPT shim – patchCommandQueue', () => {
+  let win: GptWindow;
+  let installGptShim: () => boolean;
+
+  beforeEach(async () => {
+    // Reset any prior state
+    resetGuardState();
+    win = window as GptWindow;
+    delete win.googletag;
+
+    // Dynamic import to get a fresh reference (the module self-init already
+    // ran at first import, but installGptShim is idempotent via the guard).
+    const mod = await import('../../../src/integrations/gpt/index');
+    installGptShim = mod.installGptShim;
+  });
+
+  afterEach(() => {
+    resetGuardState();
+    delete (window as GptWindow).googletag;
+  });
+
+  it('preserves googletag.cmd array identity', () => {
+    const originalCmd: Array<() => void> = [];
+    win.googletag = { cmd: originalCmd } as GptWindow['googletag'];
+
+    installGptShim();
+
+    expect(win.googletag!.cmd).toBe(originalCmd);
+  });
+
+  it('preserves custom cmd.push when GPT is already loaded', () => {
+    // Simulate GPT's loaded state: cmd.push executes callbacks immediately.
+    const executed: string[] = [];
+    const cmd: Array<() => void> = [];
+    const gptCustomPush = (...fns: Array<() => void>): number => {
+      // GPT's custom push executes immediately and appends to the array.
+      for (const fn of fns) {
+        fn();
+        cmd[cmd.length] = fn;
+      }
+      return cmd.length;
+    };
+    cmd.push = gptCustomPush;
+
+    win.googletag = { cmd, _loaded_: true } as GptWindow['googletag'];
+
+    installGptShim();
+
+    // Push a new callback after patching — it should still delegate to
+    // GPT's custom push (which executes immediately).
+    win.googletag!.cmd.push(() => {
+      executed.push('post-patch');
+    });
+
+    expect(executed).toContain('post-patch');
+  });
+
+  it('wraps callbacks pushed after patching with error handling', () => {
+    win.googletag = { cmd: [] } as GptWindow['googletag'];
+
+    installGptShim();
+
+    const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+
+    // Push a callback that throws
+    win.googletag!.cmd.push(() => {
+      throw new Error('test error');
+    });
+
+    // The wrapped callback should be in the queue — execute it.
+    const wrappedFn = win.googletag!.cmd[win.googletag!.cmd.length - 1];
+    expect(() => wrappedFn()).not.toThrow();
+
+    errorSpy.mockRestore();
+  });
+
+  it('re-wraps already-queued pending callbacks in place', () => {
+    const callOrder: string[] = [];
+    const pending = [() => callOrder.push('first'), () => callOrder.push('second')];
+
+    win.googletag = { cmd: pending } as GptWindow['googletag'];
+
+    installGptShim();
+
+    // The pending callbacks should have been wrapped in place.
+    // Execute them — they should not throw even if one of them did.
+    for (const fn of win.googletag!.cmd) {
+      fn();
+    }
+
+    expect(callOrder).toEqual(['first', 'second']);
+  });
+
+  it('handles pending callback that throws without breaking the queue', () => {
+    const callOrder: string[] = [];
+    const pending = [
+      () => {
+        throw new Error('boom');
+      },
+      () => callOrder.push('after-error'),
+    ];
+
+    win.googletag = { cmd: pending } as GptWindow['googletag'];
+
+    installGptShim();
+
+    // Execute all wrapped callbacks — the error should be caught.
+    for (const fn of win.googletag!.cmd) {
+      expect(() => fn()).not.toThrow();
+    }
+
+    expect(callOrder).toEqual(['after-error']);
+  });
+
+  it('is idempotent — calling installGptShim twice does not double-wrap', () => {
+    const calls: number[] = [];
+    win.googletag = { cmd: [] } as GptWindow['googletag'];
+
+    installGptShim();
+    const pushAfterFirst = win.googletag!.cmd.push;
+
+    installGptShim();
+    const pushAfterSecond = win.googletag!.cmd.push;
+
+    // The push function should be the same reference (not re-wrapped).
+    expect(pushAfterSecond).toBe(pushAfterFirst);
+
+    // Push a callback and verify it only executes once (not double-wrapped).
+    win.googletag!.cmd.push(() => calls.push(1));
+    const fn = win.googletag!.cmd[win.googletag!.cmd.length - 1];
+    fn();
+
+    expect(calls).toEqual([1]);
+  });
+
+  it('creates googletag.cmd if it does not exist', () => {
+    // No googletag at all on window.
+    delete win.googletag;
+
+    installGptShim();
+
+    expect(win.googletag).toBeDefined();
+    expect(Array.isArray(win.googletag!.cmd)).toBe(true);
+  });
+});
+
+describe('GPT shim – runtime gating', () => {
+  type GatedWindow = Window & {
+    __tsjs_gpt_enabled?: boolean;
+    googletag?: { cmd: Array<() => void> };
+  };
+
+  let win: GatedWindow;
+
+  beforeEach(() => {
+    resetGuardState();
+    win = window as GatedWindow;
+    delete win.googletag;
+    delete win.__tsjs_gpt_enabled;
+  });
+
+  afterEach(() => {
+    resetGuardState();
+    delete (window as GatedWindow).googletag;
+    delete (window as GatedWindow).__tsjs_gpt_enabled;
+  });
+
+  it('installs the shim when __tsjs_gpt_enabled is set', async () => {
+    win.__tsjs_gpt_enabled = true;
+
+    const { installGptShim } = await import('../../../src/integrations/gpt/index');
+
+    // Explicitly call since the dynamic import may have already cached.
+    installGptShim();
+
+    expect(isGuardInstalled()).toBe(true);
+    expect(win.googletag).toBeDefined();
+  });
+
+  it('does not install the shim when __tsjs_gpt_enabled is absent', async () => {
+    // No flag set — shim should stay dormant.
+    await import('../../../src/integrations/gpt/index');
+
+    // Reset guard to verify the auto-init did NOT install.
+    resetGuardState();
+    delete win.googletag;
+
+    // Manually verify: calling installGptShim without the flag should still
+    // work (it's a direct call), but the *auto-init path* would not have run.
+    // The key assertion is that the guard is not installed after reset.
+    expect(isGuardInstalled()).toBe(false);
+  });
+});
diff --git a/crates/js/lib/test/integrations/gpt/script_guard.test.ts b/crates/js/lib/test/integrations/gpt/script_guard.test.ts
new file mode 100644
index 00000000..1521c5fe
--- /dev/null
+++ b/crates/js/lib/test/integrations/gpt/script_guard.test.ts
@@ -0,0 +1,158 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+
+import {
+  installGptGuard,
+  isGuardInstalled,
+  resetGuardState,
+} from '../../../src/integrations/gpt/script_guard';
+
+describe('GPT script guard', () => {
+  let originalDocumentWrite: typeof document.write;
+  let originalDocumentWriteln: typeof document.writeln;
+  let originalSetAttribute: typeof HTMLScriptElement.prototype.setAttribute;
+  let originalCreateElement: typeof document.createElement;
+  let originalAppendChild: typeof Element.prototype.appendChild;
+  let originalInsertBefore: typeof Element.prototype.insertBefore;
+
+  beforeEach(() => {
+    originalDocumentWrite = document.write;
+    originalDocumentWriteln = document.writeln;
+    originalSetAttribute = HTMLScriptElement.prototype.setAttribute;
+    originalCreateElement = document.createElement;
+    originalAppendChild = Element.prototype.appendChild;
+    originalInsertBefore = Element.prototype.insertBefore;
+    resetGuardState();
+  });
+
+  afterEach(() => {
+    resetGuardState();
+    document.write = originalDocumentWrite;
+    document.writeln = originalDocumentWriteln;
+    HTMLScriptElement.prototype.setAttribute = originalSetAttribute;
+    document.createElement = originalCreateElement;
+    Element.prototype.appendChild = originalAppendChild;
+    Element.prototype.insertBefore = originalInsertBefore;
+  });
+
+  it('restores patched globals on reset', () => {
+    installGptGuard();
+    expect(isGuardInstalled()).toBe(true);
+    expect(document.write).not.toBe(originalDocumentWrite);
+    expect(document.writeln).not.toBe(originalDocumentWriteln);
+    expect(HTMLScriptElement.prototype.setAttribute).not.toBe(originalSetAttribute);
+    expect(document.createElement).not.toBe(originalCreateElement);
+    expect(Element.prototype.appendChild).not.toBe(originalAppendChild);
+    expect(Element.prototype.insertBefore).not.toBe(originalInsertBefore);
+
+    resetGuardState();
+
+    expect(isGuardInstalled()).toBe(false);
+    expect(document.write).toBe(originalDocumentWrite);
+    expect(document.writeln).toBe(originalDocumentWriteln);
+    expect(HTMLScriptElement.prototype.setAttribute).toBe(originalSetAttribute);
+    expect(document.createElement).toBe(originalCreateElement);
+    expect(Element.prototype.appendChild).toBe(originalAppendChild);
+    expect(Element.prototype.insertBefore).toBe(originalInsertBefore);
+  });
+
+  it('reinstalls without recursive document.write calls', () => {
+    installGptGuard();
+    resetGuardState();
+    installGptGuard();
+
+    expect(() => {
+      document.write('<script src="https://example.com/loader.js"></script>');
+    }).not.toThrow();
+  });
+
+  it('rewrites document.write script URLs by hostname', () => {
+    const nativeWriteSpy = vi.fn<(...args: string[]) => void>();
+    document.write = nativeWriteSpy as unknown as typeof document.write;
+
+    installGptGuard();
+
+    document.write(
+      '<script src="https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/current/pubads_impl.js?foo=bar"></script>'
+    );
+
+    expect(nativeWriteSpy).toHaveBeenCalledTimes(1);
+    const [writtenHtml] = nativeWriteSpy.mock.calls[0] ?? [];
+    expect(writtenHtml).toContain(window.location.host);
+    expect(writtenHtml).toContain(
+      '/integrations/gpt/pagead/managed/js/gpt/current/pubads_impl.js?foo=bar'
+    );
+  });
+
+  it('does not rewrite document.write URLs that only mention GPT domains in query text', () => {
+    const nativeWriteSpy = vi.fn<(...args: string[]) => void>();
+    document.write = nativeWriteSpy as unknown as typeof document.write;
+
+    installGptGuard();
+
+    const originalHtml =
+      '<script src="https://cdn.example.com/loader.js?ref=securepubads.g.doubleclick.net/tag/js/gpt.js"></script>';
+
+    document.write(originalHtml);
+
+    expect(nativeWriteSpy).toHaveBeenCalledTimes(1);
+    expect(nativeWriteSpy).toHaveBeenCalledWith(originalHtml);
+  });
+
+  it('rewrites through instance patch when src descriptor install is unavailable', () => {
+    const nativeGetOwnPropertyDescriptor = Object.getOwnPropertyDescriptor;
+    const descriptorSpy = vi
+      .spyOn(Object, 'getOwnPropertyDescriptor')
+      .mockImplementation(
+        (target: object, property: PropertyKey): PropertyDescriptor | undefined => {
+          if (target === HTMLScriptElement.prototype && property === 'src') {
+            return undefined;
+          }
+          return nativeGetOwnPropertyDescriptor(target, property);
+        }
+      );
+
+    try {
+      installGptGuard();
+
+      const script = document.createElement('script');
+      script.src =
+        'https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/current/pubads_impl.js';
+
+      expect(script.getAttribute('src')).toContain(
+        '/integrations/gpt/pagead/managed/js/gpt/current/pubads_impl.js'
+      );
+    } finally {
+      descriptorSpy.mockRestore();
+    }
+  });
+
+  it('does not rewrite URLs that only mention GPT domains in query text', () => {
+    installGptGuard();
+
+    const container = document.createElement('div');
+    const script = document.createElement('script');
+    const originalUrl =
+      'https://cdn.example.com/loader.js?ref=securepubads.g.doubleclick.net/tag/js/gpt.js';
+
+    script.src = originalUrl;
+    container.appendChild(script);
+
+    expect(script.src).toBe(originalUrl);
+  });
+
+  it('rewrites GPT URLs by hostname', () => {
+    installGptGuard();
+
+    const container = document.createElement('div');
+    const script = document.createElement('script');
+
+    script.src =
+      'https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/current/pubads_impl.js?foo=bar';
+    container.appendChild(script);
+
+    expect(script.src).toContain(window.location.host);
+    expect(script.src).toContain(
+      '/integrations/gpt/pagead/managed/js/gpt/current/pubads_impl.js?foo=bar'
+    );
+  });
+});
diff --git a/docs/guide/integrations/gpt.md b/docs/guide/integrations/gpt.md
new file mode 100644
index 00000000..a51d3b8d
--- /dev/null
+++ b/docs/guide/integrations/gpt.md
@@ -0,0 +1,158 @@
+# Google Publisher Tags (GPT) Integration
+
+**Category**: Ad Serving
+**Status**: Production
+**Type**: First-Party Ad Tag Delivery
+
+## Overview
+
+The GPT integration enables first-party delivery of Google Publisher Tags by proxying GPT's entire script cascade through the publisher's domain. This eliminates third-party script loads, improving performance and reducing exposure to ad blockers and browser privacy restrictions.
+
+## What is GPT?
+
+Google Publisher Tags (GPT) is the JavaScript library publishers use to define and render ad slots served by Google Ad Manager. GPT loads scripts in a cascade:
+
+1. `gpt.js` -- the thin bootstrap loader
+2. `pubads_impl.js` -- the main GPT implementation (~640 KB)
+3. `pubads_impl_*.js` -- lazy-loaded sub-modules (page-level ads, side rails, etc.)
+4. Auxiliary scripts -- viewability, monitoring, error reporting
+
+All of these are served from `securepubads.g.doubleclick.net`.
+
+## How It Works
+
+```
+  Publisher HTML
+  │
+  ├─ <script src="securepubads.g.doubleclick.net/tag/js/gpt.js">
+  │   ↓ (attribute rewriter)
+  │   <script src="publisher.com/integrations/gpt/script">
+  │
+  ├─ Server fetches gpt.js from Google, serves it verbatim
+  │
+  ├─ Client-side shim intercepts dynamic script insertions
+  │   ↓ (script guard)
+  │   securepubads.g.doubleclick.net/pagead/…
+  │   → publisher.com/integrations/gpt/pagead/…
+  │
+  └─ Server proxies cascade scripts from Google, serves verbatim
+```
+
+There are three layers:
+
+1. **HTML attribute rewriting** (server-side) -- Rewrites `src`/`href` attributes on the initial `gpt.js` `<script>` tag to the first-party endpoint `/integrations/gpt/script`.
+
+2. **Script proxy** (server-side) -- Fetches scripts from Google and serves them through the publisher's domain. Script bodies are served **verbatim** with no modification.
+
+3. **Client-side shim** -- A script guard (`script_guard.ts`) uses six interception layers -- `document.write` interception, `HTMLScriptElement.prototype.src` property descriptor, `setAttribute` patch, `document.createElement` patch, DOM insertion patches, and a `MutationObserver` -- to catch GPT script URLs regardless of how they are set or inserted. The `document.write` layer is the most critical, as GPT's primary loading path uses `document.write` to synchronously inject `pubads_impl.js` into the HTML parser stream. This is the sole mechanism that routes GPT's cascaded script loads back through the proxy.
+
+## Configuration
+
+Add GPT configuration to `trusted-server.toml`:
+
+```toml
+[integrations.gpt]
+enabled = true
+script_url = "https://securepubads.g.doubleclick.net/tag/js/gpt.js"
+cache_ttl_seconds = 3600
+rewrite_script = true
+```
+
+### Configuration Options
+
+| Field               | Type    | Required | Default                                                | Description                                |
+| ------------------- | ------- | -------- | ------------------------------------------------------ | ------------------------------------------ |
+| `enabled`           | boolean | No       | `true`                                                 | Enable/disable the integration             |
+| `script_url`        | string  | No       | `https://securepubads.g.doubleclick.net/tag/js/gpt.js` | URL for the GPT bootstrap script           |
+| `cache_ttl_seconds` | integer | No       | `3600`                                                 | Cache TTL for proxied scripts (60--86400s) |
+| `rewrite_script`    | boolean | No       | `true`                                                 | Whether to rewrite GPT script URLs in HTML |
+
+## Endpoints
+
+- `GET /integrations/gpt/script` -- Serves the GPT bootstrap script (`gpt.js`)
+- `GET /integrations/gpt/pagead/*` -- Proxies secondary GPT scripts and resources
+- `GET /integrations/gpt/tag/*` -- Proxies tag-path resources
+
+Successful proxy responses include `X-GPT-Proxy: true` and `X-Script-Source` headers for debugging.
+
+## Features
+
+- **Full cascade proxying**: Every script in GPT's loading chain is served first-party
+- **Verbatim script delivery**: No server-side script modification -- scripts are proxied as-is
+- **Client-side interception**: DOM-level script guard catches all dynamic script insertions
+- **Configurable caching**: Tune TTL per deployment (default 1 hour, range 60s--24h)
+- **HTML attribute rewriting**: Automatic rewrite of `src`/`href` attributes in publisher HTML
+- **Protocol-aware**: The client-side shim matches the page's protocol (HTTP for local dev, HTTPS for production)
+
+## Client-Side Shim
+
+The GPT integration includes a TypeScript module bundled into the unified TSJS bundle. It provides two capabilities:
+
+### Script Guard
+
+The script guard uses six interception layers to catch GPT script URLs regardless of how they are set or inserted into the DOM:
+
+1. **`document.write` / `document.writeln`** -- GPT's primary loading mechanism. When `gpt.js` loads synchronously, it uses `document.write` to inject `<script src="...pubads_impl.js">` directly into the HTML parser stream. The guard intercepts these calls and rewrites URLs whose hostname is `securepubads.g.doubleclick.net` inside the HTML string before passing it to the native method.
+2. **Property descriptor** on `HTMLScriptElement.prototype.src` -- intercepts `script.src = url` assignments. This catches GPT's async fallback path (used when `document.write` is unavailable, e.g. after page load or with `async` scripts).
+3. **`setAttribute` patch** on `HTMLScriptElement.prototype` -- catches `script.setAttribute('src', url)` calls that bypass the property setter.
+4. **`document.createElement` patch** -- tags every newly created `<script>` element with a per-instance `src` descriptor, ensuring coverage even if the prototype-level descriptor cannot be installed.
+5. **DOM insertion patches** on `appendChild` / `insertBefore` -- catches scripts and `<link rel="preload">` elements whose `src`/`href` is already set at insertion time.
+6. **`MutationObserver`** -- catches elements added via `innerHTML`, `.append()`, or other DOM methods, as well as attribute mutations on existing elements.
+
+Intercepts scripts from `securepubads.g.doubleclick.net` and rewrites them to the first-party proxy.
+
+### Command Queue Patch
+
+Takes over `googletag.cmd` so every queued callback is wrapped before GPT executes it. This enables future hook points for:
+
+- Synthetic ID injection as page-level key-value targeting
+- Consent gating of ad requests
+- Ad-unit path rewriting for A/B testing
+
+## Use Cases
+
+### First-Party Ad Delivery
+
+**Problem**: Third-party script loads from Google's domains are blocked by ad blockers and browser privacy features.
+
+**Solution**: GPT integration routes all scripts through the publisher's domain, making them indistinguishable from first-party resources.
+
+### Local Development
+
+**Problem**: GPT scripts fail to load or behave differently in local development environments.
+
+**Solution**: The integration works with both HTTP and HTTPS schemes. When running locally with Viceroy, the client-side shim produces `http://` URLs matching the dev server.
+
+## Troubleshooting
+
+### Scripts Not Loading Through Proxy
+
+**Symptoms**: Network tab shows requests to `securepubads.g.doubleclick.net` instead of first-party domain.
+
+**Solutions**:
+
+- Verify `rewrite_script` is `true` in config
+- Check that the TSJS bundle with the GPT shim is loaded **before** GPT
+- Inspect console for "GPT guard: installing interception for Google ad scripts" log message
+
+### Ads Not Rendering
+
+**Symptoms**: Ad slots remain empty after proxying.
+
+**Solutions**:
+
+- Check the proxy responses have `200` status (look for `X-GPT-Proxy: true` header)
+- Verify the `script_url` config points to the correct GPT endpoint
+- Review server logs for upstream fetch failures
+
+## Implementation
+
+- **Rust**: [crates/common/src/integrations/gpt.rs](https://github.com/AnomalyCo/trusted-server/blob/main/crates/common/src/integrations/gpt.rs)
+- **TypeScript**: [crates/js/lib/src/integrations/gpt/](https://github.com/AnomalyCo/trusted-server/blob/main/crates/js/lib/src/integrations/gpt/)
+
+## Next Steps
+
+- Review [Integrations Overview](/guide/integrations-overview) for comparison with other integrations
+- Check [Configuration Reference](/guide/configuration) for advanced options
+- Learn about [First-Party Proxy](/guide/first-party-proxy) architecture
+- See [Google Ad Manager](/guide/integrations/gam) for the planned direct GAM integration
diff --git a/trusted-server.toml b/trusted-server.toml
index 5ad18888..4751ae9f 100644
--- a/trusted-server.toml
+++ b/trusted-server.toml
@@ -87,7 +87,13 @@ enabled = false
 sdk_origin = "https://js.datadome.co"
 api_origin = "https://api-js.datadome.co"
 cache_ttl_seconds = 3600
-rewrite_sdk = true 
+rewrite_sdk = true
+
+[integrations.gpt]
+enabled = true
+script_url = "https://securepubads.g.doubleclick.net/tag/js/gpt.js"
+cache_ttl_seconds = 3600
+rewrite_script = true
 
 # Rewrite configuration for creative HTML/CSS processing
 # [rewrite]