diff --git a/server/initScript.js b/server/initScript.js
index 9cf52280..cd73441a 100644
--- a/server/initScript.js
+++ b/server/initScript.js
@@ -1,17 +1,75 @@
 const html = require('choo/html');
 const raw = require('choo/html/raw');
+const config = require('./config');
+
+let sentry = '';
+if (config.sentry_id) {
+  //eslint-disable-next-line node/no-missing-require
+  const version = require('../../dist/version.json');
+  sentry = `
+var RAVEN_CONFIG = {
+  release: '${version.version}',
+  tags: {
+    commit: '${version.commit}'
+  },
+  dataCallback: function (data) {
+    var hash = window.location.hash;
+    if (hash) {
+      return JSON.parse(JSON.stringify(data).replace(new RegExp(hash.slice(1), 'g'), ''));
+    }
+    return data;
+  }
+}
+var SENTRY_ID = '${config.sentry_id}';
+`;
+}
+
+let ga = '';
+if (config.analytics_id) {
+  ga = `var GOOGLE_ANALYTICS_ID = '${config.analytics_id}';`;
+}
 
 module.exports = function(state) {
-  // return '';
+  const authConfig = state.authConfig
+    ? `var AUTH_CONFIG = ${JSON.stringify(state.authConfig)};`
+    : '';
+
+  /* eslint-disable no-useless-escape */
+  const jsconfig = `
+  var isIE = /trident\\\/7\.|msie/i.test(navigator.userAgent);
+  var isUnsupportedPage = /\\\/unsupported/.test(location.pathname);
+  if (isIE && !isUnsupportedPage) {
+    window.location.replace('/unsupported/ie');
+  }
+  var LIMITS = {
+    ANON: {
+      MAX_FILE_SIZE: ${config.anon_max_file_size},
+      MAX_DOWNLOADS: ${config.anon_max_downloads},
+      MAX_EXPIRE_SECONDS: ${config.anon_max_expire_seconds},
+    },
+    MAX_FILE_SIZE: ${config.max_file_size},
+    MAX_DOWNLOADS: ${config.max_downloads},
+    MAX_EXPIRE_SECONDS: ${config.max_expire_seconds},
+    MAX_FILES_PER_ARCHIVE: ${config.max_files_per_archive},
+    MAX_ARCHIVES_PER_USER: ${config.max_archives_per_user}
+  };
+  var DEFAULTS = {
+    DOWNLOAD_COUNTS: ${JSON.stringify(config.download_counts)},
+    EXPIRE_TIMES_SECONDS: ${JSON.stringify(config.expire_times_seconds)},
+    EXPIRE_SECONDS: ${config.default_expire_seconds}
+  };
+  const LOCALE = '${state.locale}';
+  const downloadMetadata = ${
+    state.downloadMetadata ? raw(JSON.stringify(state.downloadMetadata)) : '{}'
+  };
+  ${authConfig};
+  ${ga}
+  ${sentry}
+  `;
   return state.cspNonce
     ? html`
         <script nonce="${state.cspNonce}">
-          const LOCALE = '${state.locale}';
-          const downloadMetadata = ${
-            state.downloadMetadata
-              ? raw(JSON.stringify(state.downloadMetadata))
-              : '{}'
-          };
+          ${raw(jsconfig)};
         </script>
       `
     : '';
diff --git a/server/layout.js b/server/layout.js
index 5fd7d337..62198ecc 100644
--- a/server/layout.js
+++ b/server/layout.js
@@ -96,7 +96,6 @@ module.exports = function(state, body = '') {
         <meta name="msapplication-config" content="/browserconfig.xml" />
 
         ${firaTag}
-        <script defer src="/jsconfig.js"></script>
         <script defer src="${assets.get('cryptofill.js')}"></script>
         <script defer src="${assets.get('app.js')}"></script>
       </head>
diff --git a/server/routes/index.js b/server/routes/index.js
index 2a813428..5bc43d8c 100644
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -69,7 +69,6 @@ module.exports = function(app) {
   app.get('/', language, pages.index);
   app.get('/oauth', language, pages.blank);
   app.get('/legal', language, pages.legal);
-  app.get('/jsconfig.js', require('./jsconfig'));
   app.get('/app.webmanifest', language, require('./webmanifest'));
   app.get(`/download/:id${ID_REGEX}`, language, pages.download);
   app.get('/unsupported/:reason', language, pages.unsupported);
diff --git a/server/routes/jsconfig.js b/server/routes/jsconfig.js
deleted file mode 100644
index 1f511ffc..00000000
--- a/server/routes/jsconfig.js
+++ /dev/null
@@ -1,72 +0,0 @@
-const config = require('../config');
-const { getFxaConfig } = require('../fxa');
-
-let sentry = '';
-if (config.sentry_id) {
-  //eslint-disable-next-line node/no-missing-require
-  const version = require('../../dist/version.json');
-  sentry = `
-var RAVEN_CONFIG = {
-  release: '${version.version}',
-  tags: {
-    commit: '${version.commit}'
-  },
-  dataCallback: function (data) {
-    var hash = window.location.hash;
-    if (hash) {
-      return JSON.parse(JSON.stringify(data).replace(new RegExp(hash.slice(1), 'g'), ''));
-    }
-    return data;
-  }
-}
-var SENTRY_ID = '${config.sentry_id}';
-`;
-}
-
-let ga = '';
-if (config.analytics_id) {
-  ga = `var GOOGLE_ANALYTICS_ID = '${config.analytics_id}';`;
-}
-
-module.exports = async function(req, res) {
-  let authConfig = '';
-  if (config.fxa_client_id) {
-    try {
-      const fxaConfig = await getFxaConfig();
-      fxaConfig.client_id = config.fxa_client_id;
-      authConfig = `var AUTH_CONFIG = ${JSON.stringify(fxaConfig)};`;
-    } catch (e) {
-      // continue without accounts
-    }
-  }
-  /* eslint-disable no-useless-escape */
-  const jsconfig = `
-  var isIE = /trident\\\/7\.|msie/i.test(navigator.userAgent);
-  var isUnsupportedPage = /\\\/unsupported/.test(location.pathname);
-  if (isIE && !isUnsupportedPage) {
-    window.location.replace('/unsupported/ie');
-  }
-  var LIMITS = {
-    ANON: {
-      MAX_FILE_SIZE: ${config.anon_max_file_size},
-      MAX_DOWNLOADS: ${config.anon_max_downloads},
-      MAX_EXPIRE_SECONDS: ${config.anon_max_expire_seconds},
-    },
-    MAX_FILE_SIZE: ${config.max_file_size},
-    MAX_DOWNLOADS: ${config.max_downloads},
-    MAX_EXPIRE_SECONDS: ${config.max_expire_seconds},
-    MAX_FILES_PER_ARCHIVE: ${config.max_files_per_archive},
-    MAX_ARCHIVES_PER_USER: ${config.max_archives_per_user}
-  };
-  var DEFAULTS = {
-    DOWNLOAD_COUNTS: ${JSON.stringify(config.download_counts)},
-    EXPIRE_TIMES_SECONDS: ${JSON.stringify(config.expire_times_seconds)},
-    EXPIRE_SECONDS: ${config.default_expire_seconds}
-  };
-  ${authConfig};
-  ${ga}
-  ${sentry}
-  `;
-  res.set('Content-Type', 'application/javascript');
-  res.send(jsconfig);
-};
diff --git a/server/routes/pages.js b/server/routes/pages.js
index efe8fdae..dd54d25b 100644
--- a/server/routes/pages.js
+++ b/server/routes/pages.js
@@ -9,16 +9,19 @@ function stripEvents(str) {
 }
 
 module.exports = {
-  index: function(req, res) {
-    res.send(stripEvents(routes().toString('/', state(req))));
+  index: async function(req, res) {
+    const appState = await state(req);
+    res.send(stripEvents(routes().toString('/', appState)));
   },
 
-  blank: function(req, res) {
-    res.send(stripEvents(routes().toString('/blank', state(req))));
+  blank: async function(req, res) {
+    const appState = await state(req);
+    res.send(stripEvents(routes().toString('/blank', appState)));
   },
 
   download: async function(req, res, next) {
     const id = req.params.id;
+    const appState = await state(req);
     try {
       const { nonce, pwd } = await storage.metadata(id);
       res.set('WWW-Authenticate', `send-v1 ${nonce}`);
@@ -26,7 +29,7 @@ module.exports = {
         stripEvents(
           routes().toString(
             `/download/${id}`,
-            Object.assign(state(req), {
+            Object.assign(appState, {
               downloadMetadata: { nonce, pwd }
             })
           )
@@ -37,22 +40,25 @@ module.exports = {
     }
   },
 
-  unsupported: function(req, res) {
+  unsupported: async function(req, res) {
+    const appState = await state(req);
     res.send(
       stripEvents(
         routes().toString(
           `/unsupported/${req.params.reason}`,
-          Object.assign(state(req), { fira: true })
+          Object.assign(appState, { fira: true })
         )
       )
     );
   },
 
-  legal: function(req, res) {
-    res.send(stripEvents(routes().toString('/legal', state(req))));
+  legal: async function(req, res) {
+    const appState = await state(req);
+    res.send(stripEvents(routes().toString('/legal', appState)));
   },
 
-  notfound: function(req, res) {
-    res.status(404).send(stripEvents(routes().toString('/404', state(req))));
+  notfound: async function(req, res) {
+    const appState = await state(req);
+    res.status(404).send(stripEvents(routes().toString('/404', appState)));
   }
 };
diff --git a/server/state.js b/server/state.js
index 4d90825a..03cc5471 100644
--- a/server/state.js
+++ b/server/state.js
@@ -2,9 +2,19 @@ const config = require('./config');
 const layout = require('./layout');
 const assets = require('../common/assets');
 const getTranslator = require('./locale');
+const { getFxaConfig } = require('./fxa');
 
-module.exports = function(req) {
+module.exports = async function(req) {
   const locale = req.language || 'en-US';
+  let authConfig = null;
+  if (config.fxa_client_id) {
+    try {
+      authConfig = await getFxaConfig();
+      authConfig.client_id = config.fxa_client_id;
+    } catch (e) {
+      // continue without accounts
+    }
+  }
   return {
     locale,
     capabilities: { account: false },
@@ -21,6 +31,7 @@ module.exports = function(req) {
     fileInfo: {},
     cspNonce: req.cspNonce,
     user: { avatar: assets.get('user.svg'), loggedIn: false },
+    authConfig,
     layout
   };
 };
diff --git a/test/frontend/routes.js b/test/frontend/routes.js
index 41dcc390..559318f1 100644
--- a/test/frontend/routes.js
+++ b/test/frontend/routes.js
@@ -1,5 +1,6 @@
 const html = require('choo/html');
 const assets = require('../../common/assets');
+const initScript = require('../../server/initScript');
 
 module.exports = function(app) {
   app.get('/mocha.css', function(req, res) {
@@ -29,10 +30,13 @@ module.exports = function(app) {
                 timeout: 5000
               });
             </script>
-            <script src="/jsconfig.js"></script>
+            ${
+              initScript({
+                cspNonce: 'test',
+                locale: 'en-US'
+              })
+            }
             <script src="${assets.get('cryptofill.js')}"></script>
-            <!-- <script src="${assets.get('runtime.js')}"></script> -->
-            <script src="${assets.get('vendor.js')}"></script>
             <script src="${assets.get('tests.js')}"></script>
           </head>
           <body>