Skip to content
All Blogs

12 things your CIO should know about CNAME work-arounds for third party cookie restrictions

There has been quite an uproar about CNAME and ITP in the last couple of months.

Here is a quick guide to give you the lowdown on the subject:

  1. CNAME stands for Canonical Name Cloaking. It describes the process of masking the identity of a domain through configuring a Domain Name Server (DNS) to resolve and re-route to an alternative domain.
  2. Intelligent Tracking Prevention (ITP) describes a series of initiatives, spearheaded by Apple and subsequently adopted by many other browsers (including Firefox and Brave) designed to prevent advertisers tracking customers who click on their ads without their knowledge and consent.
  3. ITP restricts first party cookies from being set client side (via JavaScript), capping their life to 7 days. They do this because they regard this type of cookie as third party, because it communicates with an external server. This has been designed to target the advertising world but also impacts third party data capture systems, including many of the leading names in the MarTech space, who use cookies set in this way to recognize and capture the data/preferences of anonymous (non-logged in) visitors.
  4. ITP impacts many vendors of CDP, Marketing Analytics and data capture technology, preventing them from personalizing interactions for anonymous visitors who return to a site on a Safari browser after more than 7 days. All previous browsing data will be lost and they will be unable to stitch these sessions into a comprehensive customer profile when the customer identifies themselves by logging in. The customer experience will become less relevant and the data available to the organization for analytics will be diminished.
  5. The reach of ITP technology is vast. Safari is the second most popular browser worldwide with over 19% market share. It has over five times the market share of the third most popular browser, Firefox (3.79%)*. Being the default browser on iPhone and iPad gives Safari an even larger market share on mobile devices, particularly in the US where it accounts for over 56% of traffic**. Safari can also boast quality as well as quantity, due to its association with highly coveted ABC1 premium Apple Mac users.
  6. The use of CNAME has become prevalent as a standard practice work-around to solve cookie inhibiting ITP technology. Many prominent CDP and Marketing Cloud vendors have advocated this CNAME approach to their clients.
  7. The use of CNAME is inherently risky as it leaves consumers open to fraud because the subdomains created as part of the CNAME process are vulnerable to attack if not managed properly.
  8. While CNAME has provided an effective work around to ITP for some time, at the end of 2020 Apple closed this loophole last by introducing technology to the Safari browser which detects CNAME requests and applies their 7-day cap on cookie persistence.
  9. The Brave browser goes further by completely blocking CNAME requests.
  10. This development leaves much of the MarTech and AdTech industries and their clients in search of another ITP work-around, but Apple are clearly determined to make ITP watertight…so the game of cat-and-mouse continues!
  11. While these parties are between work-arounds, they cannot be assured of complete visibility of customer behavior and are unable to accurately determine attribution from advertising.
  12. The only sure way to alleviate the challenges brought by ITP is to transition from third party tracking methodologies and solutions. Apple’s ethos is to restrict technologies that are not first party, so the only way for B2C organizations to maintain complete visibility of their customer interactions and an accurate understanding of their attribution is to manage and orchestrate this through a system which is truly first party.

Celebrus is 100% unaffected by ITP due to the fact that we are a first party solution which is installed within our clients’ controlled environment (inside the firewall, in on-premise data centers or secure private cloud infrastructures).