An edge location of a content delivery network may protect data that is stored and transmitted within the edge location while providing access to associated metadata. After an origin-facing server obtains a requested object, the server may encrypt the object using a client-specific encryption key. In some cases, the server may also separately encrypt the metadata. The encrypted object and metadata may be sent to an intermediate layer server. The intermediate server may decrypt the metadata (if it is encrypted) and determine, based on the metadata, routing for the object. The object remains encrypted at the intermediate server. In some cases, the metadata may be re-encrypted by the intermediate server. The encrypted object and metadata may be sent to a client-facing server, in accordance with the determined routing. The client-facing server may decrypt the encrypted object and send the encrypted object to the client.