CNAME Tracking Setup Guide: Extend Cookie Lifespan for Better Attribution
Step-by-step guide to setting up CNAME tracking on your domain. Bypass ITP restrictions and extend cookie lifespan from 7 days to 1 year.
ONClix Team
If you have noticed your attribution windows shrinking and conversion data degrading lately, you are facing a specific technical hurdle.
We see this exact pattern in almost every client audit we conduct.
Intelligent Tracking Prevention (ITP) in Safari and privacy updates in Chrome have fundamentally changed how data storage works. Browsers now cap standard third-party cookie lifespans at 7 days or less.
Any visitor who does not convert within that short week effectively vanishes from your reports.
Our team uses CNAME tracking as the standard solution to reclaim this lost data. It works by extending cookie lifespans from mere days to up to a full year.
This guide walks you through the complete setup process. We will cover the technical foundations and the exact verification steps to ensure your implementation is compliant and effective. Paired with the right marketing attribution software, CNAME tracking transforms your data accuracy overnight.
What Is CNAME Tracking?
CNAME stands for Canonical Name. It is a specific type of DNS record that maps one domain name to another. In marketing attribution, CNAME tracking involves routing your tracking requests through a subdomain of your own website instead of sending them directly to a third-party vendor.
We often explain it to clients like white-labeling a product.
Instead of your tracking pixel firing requests to a vendor like track.thirdparty.com, you configure a CNAME record so that t.yourdomain.com handles the request. The browser sees cookies coming from your own domain. Consequently, it treats them as “first-party” cookies rather than “third-party” cookies.
This DNS shift has a massive impact on data retention.
By making your tracking infrastructure look like a natural part of your website, browsers extend the trust they grant to your regular site content to your analytics tools.
The Technical Difference:
- Standard Tracking: Browser sees data going to
facebook.comorgoogle-analytics.com(Third-party).- CNAME Tracking: Browser sees data going to
metrics.yoursite.com(First-party).
How ITP Limits Cookie Lifespan in 2026
Apple introduced Intelligent Tracking Prevention in Safari in 2017. It has grown more aggressive with every iOS and macOS update.
Our data shows that Safari traffic often accounts for over 50% of mobile visits in the US.
That makes this a critical blind spot if ignored. Here is how the current browser landscape affects your data:
1. Third-Party Cookies Are Obsolete
These are blocked entirely in Safari and Firefox. Chrome is also phasing them out through 2026. Any cookie set by a domain different from the one the user is visiting is rejected or partitioned immediately.
2. Client-Side (JavaScript) Cookies Are Capped
Cookies set via standard JavaScript (like document.cookie) are capped at 7 days under ITP restrictions.
We find this particularly damaging for businesses with long sales cycles.
If a user clicks an ad, browses your site, and returns 8 days later to buy, the connection to the original ad is gone. You lose the ability to attribute that revenue to your marketing spend.
3. Server-Set Cookies (The CNAME Advantage)
Cookies set via HTTP response headers can persist for up to 400 days. ITP does not currently restrict server-set first-party cookies with the same severity as JavaScript cookies.
This is where CNAME tracking proves its value.
When your tracking subdomain serves the request, the cookies are set via HTTP response headers. This bypasses the 7-day cap entirely. It is not a “hack” or a loophole. It is simply how first-party server infrastructure is designed to function.
Comparison: Cookie Survival Rates
| Cookie Type | Set By | Safari Lifespan (ITP) | Chrome/Edge Lifespan |
|---|---|---|---|
| Third-Party | External Vendor | Blocked (0 days) | Phasing Out / Restricted |
| First-Party | JavaScript (Client) | 7 Days (or 24 hours*) | 400 Days |
| First-Party | CNAME / Server (HTTP) | Up to 400 Days | 400 Days |
*Note: If the user arrives via a known tracking link (like a distinct gclid or fbclid parameter), Safari may cap client-side cookies at just 24 hours.
Step-by-Step DNS Setup
Setting up CNAME tracking requires access to your domain’s DNS settings. You will also need to coordinate with your tracking platform, such as Segment, Tealium, or a server-side Google Tag Manager container.
We recommend having your IT or DevOps lead available if you are unfamiliar with DNS propagation.
Step 1: Choose Your Tracking Subdomain
Select a subdomain that will handle the tracking requests.
Our team advises against using names that scream “tracking.”
Avoid subdomains like pixel.yourdomain.com or tracking.yourdomain.com. These are often flagged by ad-blocking lists like EasyPrivacy. Instead, choose a mundane, infrastructure-sounding name.
Recommended Examples:
metrics.yourdomain.comdata.yourdomain.coms.yourdomain.comapi.yourdomain.com
Step 2: Create the CNAME Record
Log into your DNS provider. This is likely Cloudflare, AWS Route 53, GoDaddy, or Namecheap.
We use Cloudflare for most implementations.
If you do too, you must pay attention to the specific proxy settings. Add a new record with these details:
- Type: CNAME
- Name:
metrics(or your chosen prefix) - Target: The endpoint provided by your attribution platform (e.g.,
custom.tracking-service.com) - TTL: Auto or 3600 (1 hour)
Critical Cloudflare Warning: If you use Cloudflare, ensure the “Proxy status” is set to DNS Only (the gray cloud icon). Do not use the “Proxied” (orange cloud) setting. You need the request to resolve directly to the tracking server, not pass through Cloudflare’s proxy layer first.
Step 3: Configure SSL for the Subdomain
Your tracking subdomain must serve content over HTTPS.
We have seen browsers completely block tracking requests that attempt to run over unsecured HTTP.
Most modern attribution platforms will automatically provision an SSL certificate (often via Let’s Encrypt) once they detect the CNAME record. If you are self-hosting using a tool like Stape.io or your own AWS instance, you may need to manually generate a certificate using Certbot. Verify that https://metrics.yourdomain.com loads without security warnings before moving forward.
Step 4: Update Your Tracking Script
Replace the default tracking domain in your website’s header code with your new subdomain.
You must ensure that the script source (src) points to your own domain.
Before (standard third-party setup):
<script src="https://track.thirdparty.com/pixel.js"></script>
After (CNAME setup, first-party context):
<script src="https://metrics.yourdomain.com/pixel.js"></script>
Update every instance of the pixel on your site. If your tracking setup involves API calls for custom events, update those endpoint URLs to match your new subdomain as well.
Step 5: Configure Server-Side Cookie Setting
The tracking server behind your CNAME should set cookies via HTTP response headers.
We always verify the response headers to ensure the HttpOnly flag is present.
The cookie configuration should look like this in the server response:
Set-Cookie: _ocid=unique_visitor_id; Domain=.yourdomain.com; Path=/; Max-Age=34560000; HttpOnly; Secure; SameSite=Lax
Why These Flags Matter:
- HttpOnly: Prevents client-side scripts from accessing the cookie. This security measure helps the cookie survive ITP’s strictest checks.
- Secure: Ensures the cookie is only transmitted over encrypted (HTTPS) connections.
- Max-Age: Setting this to 34,560,000 seconds equates to roughly 400 days.
Benefits for Attribution
The impact of CNAME tracking extends beyond just technical compliance. It directly improves the bottom line by clarifying where your revenue comes from.
We have observed that implementing this correctly can increase attributed revenue by 15% to 20% in reports.
Longer Attribution Windows
You can track the full customer journey for months. This is vital for high-ticket items, B2B services, or home improvement projects where the decision-making process spans several weeks.
Higher API Match Rates
Platforms like Meta (Facebook) CAPI and Google Enhanced Conversions rely on click IDs (fbc/fbp) to match events.
Our testing confirms that longer-lived cookies result in higher Event Match Quality scores.
When the cookie persists, you send better signals back to the ad platforms. This allows their algorithms to optimize your campaigns more effectively.
Better Retargeting Audiences
First-party audiences built from these cookies are larger and degrade slower. You stop losing retargeting candidates simply because they haven’t visited in 7 days.
Testing and Verification
After completing the setup, you must verify the data flow.
We recommend using the “Network” tab in Chrome Developer Tools for this validation.
- DNS Propagation: Use a terminal command like
dig metrics.yourdomain.com CNAMEor an online tool like Whatsmydns.net. Confirm it points to the vendor’s target. - SSL Validation: Visit the subdomain directly in your browser (
https://metrics.yourdomain.com). You should see a blank page or a specific status message, but definitely no “Not Secure” warnings. - Cookie Inspection: Open the Application tab in Chrome DevTools. Look at the Cookies section for your domain.
- Find your tracking cookie.
- Check the Expires/Max-Age column. It should be a date next year, not next week.
- Verify the HttpOnly box is checked.
- Safari “Stress Test”: This is the ultimate proof. Visit your site in Safari. Clear your cache, load the page, and verify the cookie is set. Wait 24 hours (or simulate time passing) and check if the cookie remains.
Common Pitfalls to Avoid
Setting up CNAME tracking is precise work. Small errors can break your entire data pipeline.
We frequently fix these specific mistakes in client accounts:
- Using “Cloaking” Tactics: Do not use CNAME tracking to serve different content to bots vs. humans or to sneakily bypass user consent. Security researchers and ad blockers like uBlock Origin are getting better at detecting “CNAME Cloaking.”
- Ignoring Privacy Laws (CCPA/CPRA): Just because it is a first-party cookie technically does not mean you can ignore privacy regulations. You must still disclose this tracking in your privacy policy and respect opt-outs, especially for California residents.
- Certificate Mismatches: If your SSL certificate does not match the subdomain exactly, data collection will stop immediately.
- Lowering TTL Too Late: If you need to switch targets later, lower your TTL to 60 seconds before making changes. This prevents downtime during propagation.
Conclusion
CNAME tracking is a necessary evolution for accurate attribution.
We consider it a baseline requirement for any business spending significant budget on digital ads.
CNAME tracking is a core component of any robust server-side tracking strategy. By routing tracking through your own domain, you align your analytics infrastructure with modern privacy standards. You secure a 400-day window into your customer’s journey rather than a 7-day keyhole. The setup is technical, but the payoff in data clarity and improved ROAS is immediate.
Ready to secure your data? Start by auditing your current cookie lifespans in Safari today. If you see expiration dates shorter than a week, it is time to open your DNS settings and get to work.