By default, all data in Mapp Acquire is handled by Mapp's domain - a third-party domain. However, you have the option to change it to your own, first-party domain, the same domain that includes your pixel.

Why do I need this?

  • Configure your own tracking domain in Mapp Acquire if you want to use first-party tracking pixels. Third-party tracking pixels might be blocked by newer browser versions. If a pixel is blocked, it is not receiving any responses from the browser and the user data it is supposed to collect, is not sent.

  • If you don't configure your own (first-party) domain, the Mapp Acquire domain go.flx1.com will be used. This domain will be blocked by browsers in the future.

    The new domain has no connection with the previous domain. Therefore, your historical data will not be continued. Instead, new data will be connected, as the cookies will have a new ID.

Add a tracking domain in Mapp Acquire

  1. Create a CNAME record that points to go-direct.flx1.com. This is needed so Mapp can request a TLS certificate for handling the incoming data from the pixels. 
  2. Go to Data Collection > Tracking Domains and click Add Tracking Domain.
  3. Enter your domain as the tracking domain and click Add. It is recommended that the domain name is the same as the domain where the pixel is included.

  4. The tracking domain will now be properly configured. A new TLS certificate will be requested for the tracking domain and will then be able to be used for creating new tracking pixels.

    Mapp requests the TLS certificate from Let's Encrypt CA and it is automatically renewed every thirty days. 

Select the domain for tracking pixel

  1. Go to Data Collection > Tracking Pixels.
  2. Hover over the pixel you want to change and click Edit.
  3. Select the domain from the drop down list and save.

All the domains you can select for tracking pixels have their data handled by the same server. Mapp's servers are able to properly verify the TLS certificates for those domains. An incorrectly configured domain will not appear on the drop-down list.


If you don't select a domain, go.flx1.com will be used by default.

Technical Information

ACME

Fennec-ACME will check certificate expiration for all domains everyday at 08:00. Domains with expired certificates will be refreshed using Let's Encrypt CA. Fennec-ACME is a service running separately from Fennec, but the requests are passed on by Fennec. After validating the domain, the SSL-certificate will be stored in Mapp's database. 

SSL Certificate

When the DNS record is configured properly, the Mapp system will also be able to generate an SSL certificate for the subdomain. This allows Mapp to drop secure first-party cookies. The certificates are requested from Let's Encrypt CA for the subdomain. After the tracking domain is created in Mapp Acquire, the certificate will be generated and properly served by Mapp's servers. The process of generating and serving the new pixels can take up to a day.

Fennec

The SSL-certificates are embedded in the Nginx Docker image for Mapp's Fennec. The Docker image is updated every Tuesday. 

Related Topics

Google security blog post
Mozilla security blog post