Documentation

Setting Up Your Tracking Domain

Configure a CNAME subdomain to serve the ClickStream SDK from your own domain. This enables first-party cookies with full browser support and 365-day persistence.

Your Dashboard Guides You Through This

When you log in to einstein.clickstream.com, the onboarding wizard walks you through DNS setup step by step. This guide explains what happens behind the scenes.

1
Privacy Profile
Cookie consent & GDPR
2
DNS Setup
You are here
3
Add Snippet
Script tag
4
Verify
Live data check
5
Done
Dashboard live

Why First-Party Tracking Matters

Third-party cookies are blocked by Safari ITP (since 2017), Firefox ETP (since 2019), and Chrome (phasing out 2024-2025). When your analytics SDK loads from a third-party domain, browsers cap cookie lifetimes to 7 days or block them entirely.

A CNAME tracking subdomain makes your SDK a first-party resource. Cookies set from t.yourdomain.com are treated identically to cookies from www.yourdomain.com — full 365-day persistence, no ITP restrictions, no ad-blocker interference.

Result: First-party tracking domains achieve significantly higher visitor recognition versus third-party infrastructure.

Step 1: Choose Your Subdomain

Select a subdomain that looks natural on your domain. Avoid obvious analytics-related names that ad blockers target.

Recommended Avoid Why
t.yourdomain.com analytics.yourdomain.com Short and not blocked by ad-blocker filter lists
data.yourdomain.com tracking.yourdomain.com Generic enough to avoid pattern-matching filters
edge.yourdomain.com pixel.yourdomain.com Not associated with common tracking patterns
api.yourdomain.com collect.yourdomain.com Blends with legitimate API infrastructure

Step 2: Create the CNAME Record

Point your chosen subdomain to the ClickStream edge network. The target CNAME value will be provided in your ClickStream dashboard when you add a new site.

Your CNAME target: feynman.clickstream.com (provided in your dashboard under Settings > Tracking Domain)

Cloudflare

  1. Log into the Cloudflare dashboard and select your domain
  2. Navigate to DNS > Records
  3. Click Add Record
  4. Set Type to CNAME
  5. Set Name to your subdomain (e.g., t)
  6. Set Target to feynman.clickstream.com
  7. Important: Set Proxy Status to DNS Only (gray cloud). Do NOT use Cloudflare proxy (orange cloud) as it will interfere with SSL provisioning.
  8. Click Save
# Cloudflare API (alternative) curl -X POST "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \ -H "Authorization: Bearer {api_token}" \ -H "Content-Type: application/json" \ --data '{ "type": "CNAME", "name": "t", "content": "feynman.clickstream.com", "ttl": 1, "proxied": false }'

AWS Route 53

  1. Open the Route 53 console and select your hosted zone
  2. Click Create Record
  3. Set Record Name to your subdomain (e.g., t)
  4. Set Record Type to CNAME
  5. Set Value to feynman.clickstream.com
  6. Set TTL to 300 (5 minutes)
  7. Click Create Records
# AWS CLI (alternative) aws route53 change-resource-record-sets \ --hosted-zone-id {zone_id} \ --change-batch '{ "Changes": [{ "Action": "CREATE", "ResourceRecordSet": { "Name": "t.yourdomain.com", "Type": "CNAME", "TTL": 300, "ResourceRecords": [{"Value": "feynman.clickstream.com"}] } }] }'

GoDaddy

  1. Log into GoDaddy and go to My Products > DNS
  2. Click Add under the DNS Records section
  3. Set Type to CNAME
  4. Set Name to your subdomain (e.g., t)
  5. Set Value to feynman.clickstream.com
  6. Set TTL to 1 Hour
  7. Click Save

Namecheap

  1. Log into Namecheap and go to Domain List > Manage
  2. Click the Advanced DNS tab
  3. Click Add New Record
  4. Set Type to CNAME Record
  5. Set Host to your subdomain (e.g., t)
  6. Set Value to feynman.clickstream.com
  7. Set TTL to Automatic
  8. Click the green checkmark to save

Step 3: SSL Provisioning

After DNS propagation (typically 5-30 minutes), ClickStream automatically provisions an SSL certificate for your tracking subdomain using Let's Encrypt.

  1. Go to your ClickStream dashboard > Settings > Tracking Domain
  2. Enter your tracking subdomain (e.g., t.yourdomain.com)
  3. Click Verify & Provision SSL
  4. The system will verify the CNAME record and issue an SSL certificate
  5. Status will change from "Pending" to "Active" when complete

Note: SSL provisioning typically completes within 2-5 minutes after DNS verification succeeds. If it takes longer than 30 minutes, check the troubleshooting section below.

Step 4: Verify Your Setup

Verify that your tracking domain is configured correctly:

# 1. Verify DNS resolution dig t.yourdomain.com CNAME +short # Expected: feynman.clickstream.com. # 2. Verify SSL certificate curl -I https://t.yourdomain.com/health # Expected: HTTP/2 200 # 3. Verify SDK loads curl -s https://t.yourdomain.com/cs.js | head -1 # Expected: First line of ClickStream SDK

Step 5: Configure Your API Key

With the tracking domain verified, add it to your SDK installation:

<script src="https://t.yourdomain.com/cs.js" data-site-id="YOUR_SITE_ID" data-key="cs_live_xxxxxxxxxxxxxxxxxxxxx" defer></script>

See the SDK Installation Guide for full installation instructions including NPM, SPA routing, and consent management.

Troubleshooting

DNS Propagation Delays

DNS changes can take up to 48 hours to propagate globally, though most providers complete within 5-30 minutes. To check current propagation status:

# Check multiple DNS servers dig t.yourdomain.com CNAME @8.8.8.8 +short dig t.yourdomain.com CNAME @1.1.1.1 +short dig t.yourdomain.com CNAME @208.67.222.222 +short

CAA Records Blocking SSL

If your domain has CAA (Certificate Authority Authorization) records, you need to add Let's Encrypt as an authorized CA:

# Check existing CAA records dig yourdomain.com CAA +short # If CAA records exist, add this record: # Type: CAA # Name: @ (or your domain) # Value: 0 issue "letsencrypt.org"

CNAME Flattening (Cloudflare)

If you are using Cloudflare with the proxy enabled (orange cloud), the CNAME will be "flattened" to an A record. This prevents ClickStream from provisioning SSL. Solution: set the record to DNS Only (gray cloud).

Ad Blocker Interference

Some advanced ad blockers maintain custom filter lists that may block known analytics CNAME patterns. If you see blocked requests:

Existing Subdomain Conflict

If the subdomain you chose already has a DNS record (A, AAAA, or another CNAME), you must delete the existing record before creating the new CNAME. DNS does not allow a CNAME to coexist with other record types on the same hostname.

Multiple Tracking Domains

If you operate multiple websites on different domains, each domain needs its own tracking subdomain:

Website Tracking Domain CNAME Target
www.brandone.com t.brandone.com feynman.clickstream.com
www.brandtwo.com t.brandtwo.com feynman.clickstream.com
app.saasproduct.io data.saasproduct.io feynman.clickstream.com

Each tracking domain gets its own SSL certificate and can be managed independently in the ClickStream dashboard. Cross-domain identity linking is handled via the identity graph — if a visitor is identified on one domain, their profile is automatically linked across all domains in your account.

Security Considerations

Verification Checklist

Related Documentation

SDK Installation Guide

Install the ClickStream SDK via script tag or NPM with SPA routing support.

Migrating from GA4

A phased guide to replacing Google Analytics 4 with ClickStream.

Maximize Visitor Recognition. Maximize Revenue.

First-party DNS means higher cookie persistence, better visitor identification, and more conversion opportunities.

GET EARLY ACCESS