-
Expand/CollapseMenu
- TLC Home Home
- Discussions & Ideas Discussions & Ideas
- Product Guides Product Guides
- Developer Docs Developer Docs
- Education Education
- Blog TLC Blog
- Support Desk Support Desk
-
Expand/CollapseMenu
The goal of this solution is to set the Tealium TAPID as a first-party cookie using a reverse proxy. The TAPID cookie is normally set as a third-party cookie, but due to new restrictions in browsers, these cookies are becoming more difficult to rely on. Using a reverse proxy is one way to have requests to Tealium Collect directed through your own subdomain to ensure that the resulting cookie remains in the first-party context.
Related Topics
- How Tealium Uses Cookies
- Chrome’s SameSite Feature Updates Could Be More Significant than Apple’s ITP
- What you can do about ITP and Third-Party Cookie Blocking
In this article:
How It Works
If you're using the Tealium Collect tag to collect data in Tealium EventStream or AudienceStream then you might be familiar with the endpoint collect.tealiumiq.com . This endpoint that collects all incoming requests to the Tealium Customer Data Hub and it sets a third-party cookie called TAPID that is used for identity resolution in AudienceStream. The cookie is set in the domain .tealiumiq.com. If you want the TAPID to be set as a first-party cookie, then requests to Tealium Collect must use an endpoint that matches your domain.
One way to accomplish this is by using a reverse proxy. A reverse proxy solution requires the following:
- Reverse Proxy: a server that can run a reverse proxy configuration.
- Tealium Collect: an instance of the Tealium Collect tag in Tealium iQ Tag Management or the Collect module in a Tealium for Mobile installation.
Reverse Proxy
A reverse proxy allows you to effectively serve requests from your domain while continuing to benefit from the enterprise scale of the Tealium Customer Data Hub. Instead of sending requests to collect.tealiumiq.com, you would send them to an endpoint of your own, such as collect.example.com .
A reverse proxy can be implemented in several ways, but they all require the following:
- A web server that can handle the network traffic generated by your Tealium installations.
- DNS entry for your new endpoint, such as
collect.example.com - SSL Certificate for the new subdomain
Region Hostnames
If your data collection is restricted to a specific geographic region, then your reverse proxy configuration should direct traffic to one of the following regional endpoints:
| REGION | COLLECT HOSTNAME |
|---|---|
| Global | collect.tealiumiq.com |
| Germany | collect-eu-central-1.tealiumiq.com |
| Ireland | collect-eu-west-1.tealiumiq.com |
| Tokyo | collect-ap-northeast-1.tealiumiq.com |
| Sydney | collect-ap-southeast-2.tealiumiq.com |
Tealium Collect
After your new endpoint and reverse proxy is in place, you must change the URL that Tealium Collect uses. The default endpoint has your Tealium account and profile in the pathname. Your new endpoint will be the same except for the hostname.
Default Endpoint: https://collect.tealiumiq.com/ACCOUNT/PROFILE/2/i.gif
Reverse Proxy Endpoint: https://collect.example.com/ACCOUNT/PROFILE/2/i.gif
Tealium Collect Tag
Your new reverse proxy endpoint must be set in the Tealium Collect configuration. Set the Server field to your new URL:
References:
- Tealium for Android: Collect URL Override
- Tealium for iOS/Swift: Collect URL Override
- Tealium Collect Tag Setup Guide
Example: Nginx
Nginx is a light-weight server that is ideal to use as a reverse proxy. It can handle large amounts of network traffic and, with a simple configuration, can pass those requests onto the Tealium endpoints for processing.
This solution would take all traffic coming to your new endpoint (collect.example.com) and forward it to the Tealium collect endpoint (collect*.tealiumiq.com). It will also set header cookies in your domain, ensuring that they remain first-party.
Sample Nginx server block configuration:
server {
listen 443 ssl;
# TODO: Your subdomain
server_name collect.example.com;
ssl on;
# TODO: Your SSL certificates
ssl_certificate <path_to_fullchain>.pem;
ssl_certificate_key <path_to_privatekey>.pem;
location / {
# TODO: Only change this if you use a regional Tealium Collect hostname
proxy_pass https://collect.tealiumiq.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
# TODO: Your cookie domain for Set-Cookie header
proxy_cookie_domain $http_host example.com;
}
}
Copyright All Rights Reserved © 2008-2020