Custom Domains

A custom domain serves the Ours Privacy SDK from a subdomain you own (e.g. metrics.yourdomain.com) instead of from oursprivacy.com. This unlocks the most important property a tracking setup can have: cookies set server-side, on your own domain.

Why this matters: server-side first-party cookies

When the SDK runs on oursprivacy.com, the browser treats its cookies as third-party — and modern browsers aggressively limit those.

With a custom domain, the cookie is written by the server in the HTTP Set-Cookie header from your own domain. That single change means the cookie is:

• First-party. Cookies live on your own server, not on a different company's URL — improving the security posture of the data and avoiding tracking-prevention rules that target third-party hosts, including Safari's ITP 7-day cap on JavaScript-written cookies.
• Resilient. Fewer requests blocked by content blockers and ad-blocker DNS lists, less tracker interference on page load.
• Persistent. Visitor identity sticks around the way you'd expect across sessions, instead of looking like a new anonymous visitor every week or two.

In practice this is the difference between a visitor who looks like a returning user three weeks later and one who looks like a brand new anonymous session.

Other benefits

• Stricter CSP. A Content Security Policy is the browser-level allow-list that controls which hosts your site is permitted to load scripts and make requests to — it's one of the most effective defenses against XSS and supply-chain attacks. With a custom domain you can lock your CSP down to your own host instead of allow-listing a third-party one.
• Performance. First-party requests aren't slowed or blocked by tracker-interference heuristics.
• Compliance posture. Data is collected on infrastructure you point to, under your domain's privacy policy.

Setup

Setup happens in the dashboard, not in docs — the app generates a CNAME value that's specific to your account and watches DNS + certificate status as it propagates.

1. In the Ours Privacy dashboard, open Custom Domains and click Get Started.
2. Add the CNAME record shown to your DNS provider. There's only one — metrics.yourdomain.com → the value displayed in the app.
3. Wait a few minutes. The page auto-refreshes through Awaiting DNS → Validating → Ready.
4. Once Ready, copy the install snippet from the app and add it to your site's <head>.

That's the full setup. If you're using the Web SDK directly, pass your custom domain when initializing:

ours('init', '<your token>', {
  custom_domain: 'https://metrics.yourdomain.com',
});

See the Web SDK reference for the full init API.

Also works with

Once your custom domain is live, it serves more than the Web SDK:

• 1-pixel image tracking — pixel URLs work on your custom domain.
• Redirect tracking — redirect URLs work on your custom domain.

Same host, same cookies, same identity.