As privacy rules tighten and third-party cookies disappear, Adobe Analytics offers privacy-first solutions like CNAME tracking and First-Party Device IDs (FPIDs) to keep data accurate and compliant. This article explains how to use these strategies with Consent Management Platforms to deliver great digital experiences while honoring user consent.

Cookies are essential in web analytics for understanding user behavior. In Adobe Analytics, they help identify visitors, track sessions, and measure actions like page views, clicks, and conversions—enabling deeper insights, better performance, and more effective marketing.

But growing privacy concerns and browser restrictions have limited cookie usage—especially third-party cookies—and shortened the lifespan of first-party cookies. These changes have challenged traditional tracking and forced a shift in strategy.

To adapt, many teams are turning to CNAME-based implementations and First-Party Device IDs (FPIDs) to maintain strong tracking while honoring user privacy.

In this article, let's explore how browser privacy changes affect Adobe Analytics, compare tracking methods, and show how to implement privacy-first solutions like CNAME and FPIDs.

Evolution of browser privacy restriction

Major browser vendors have implemented privacy-focused updates to restrict third-party cookies and even limit the functionality of first-party cookies. Notable changes include:

1. Safari (ITP): Introduced Intelligent Tracking Prevention (ITP) to block third-party cookies and limit first-party cookie expiration to as little as 7 days.
2. Firefox (ETP): Enhanced Tracking Protection (ETP) blocks third-party cookies by default and prevents cross-site tracking.
3. Chrome (Privacy sandbox): Aims to phase out third-party cookies with alternatives like FLoC (now Topics API) and protected audience targeting.
4. Edge (Tracking Prevention): Blocks third-party cookies and trackers by default, with privacy levels (Basic, Balanced, Strict) offering varying degrees of protection.

Comparison of Privacy and Tracking Protection Setups by Major Browsers

Below is a visual representation of the key privacy-related changes implemented by major browsers over the years.

Key Privacy-Related Changes by Major Browsers

Impact of browser changes on Adobe Analytics

Third-party cookies

• Cross-domain tracking:
• • Previously, cross-domain tracking with the demdex cookie allowed seamless visitor stitching across domains (For example, Domain A and B), ensuring a single visitor was accurately reported.
  • With third-party cookie restrictions, visitors are tracked as separate users across domains, leading to data fragmentation in reports and less accurate user journey insights. Ad/campaign attribution:
  • Restrictions on third-party cookies disrupt conversion attribution, making it harder for marketers to measure ad performance and track engagement accurately.
  • Campaign performance reporting can be compromised, particularly for cross-site or cross-device interactions.

First-party cookies

• Visitor identification:
• • In Safari and other browsers with strict cookie expiration policies, first-party cookies for visitor identification now expire in as little as 7 days (or even less in some scenarios).
  • This means that returning visitors who revisit a website after the cookie has expired are tracked as new visitors. Session tracking:
  • Cookie expiration policies may also impact session continuity, leading to inflated session counts or incomplete user journeys in analytics reports.

Evolving tracking approaches in response to privacy shifts

As browser restrictions on third- and first-party cookies grow, Adobe Analytics implementations must adapt to maintain data continuity and protect user privacy. These changes can fragment visitor data, disrupt sessions, and hinder attribution.

To address this, privacy-friendly tracking strategies have emerged:

• CNAME-based tracking
  By routing data collection through a subdomain (e.g., smetrics.yourdomain.com), cookies are set as first-party, bypassing many browser tracking blocks.
• First-party device IDs (FPIDs)
  FPIDs are server-generated IDs stored in the browser and sent via Web SDK to help establish the ECID, all while staying privacy-compliant.

These approaches improve data quality but require user consent to meet regulations like GDPR and CCPA, making Consent Management Platform (CMP) integration essential.

The next section explains how to integrate CMPs with Adobe Web SDK to respect user preferences while enabling methods like CNAME and FPID.

Integrating consent management into Adobe Analytics (Web SDK-based implementation)

Modern privacy laws like GDPR, CCPA, and ePrivacy require user consent before setting cookies or tracking IDs. In Adobe Analytics implementations using Web SDK, CNAME, or FPIDs, data collection must be controlled based on that consent.

This section explains how to integrate Consent Management Platforms (CMPs) with Adobe Analytics via Web SDK to stay privacy-first and compliant.

Why consent matters in Adobe Analytics

• FPIDs used to seed the Experience Cloud ID must only be set after user consent.

• CNAME tracking must also wait for permission before sending any data.

• Web SDK includes tools to delay tracking until consent is confirmed.
  (Check with your legal team about when FPIDs can be set.)

Step-by-step CMP integration

1. Load the CMP before Web SDK
   Ensure your CMP (e.g., OneTrust, TrustArc) loads before Web SDK so consent is known before tracking begins.

2. Configure consent in the Web SDK extension
   In Adobe Tags (Launch):

   • Set the default consent state to pending to pause tracking.

   • Use a data element to read consent signals from your CMP and pass them to Web SDK.

This official guide, 'Implement consent with a consent management platform (CMP) using the Platform Web SDK extension', walks through the steps to configure consent within Adobe Tags, using either built-in consent handling or integrations with third-party CMPs.

Apply consent with setConsent() Command

Once the user accepts tracking via the CMP, trigger the following Web SDK command to apply the consent status:

This enables tracking and allows FPID and ECID values to be initialized.

Defer all tracking until consent is granted

Configure your Adobe Tags rules to:

• Delay sendEvent calls until the consent state is in.
• Prevent the Web SDK from setting any identifiers (ECID, FPID) until the CMP triggers consent.

Consent Management extension (based on your chosen CMP provider) can help simplify this setup in Launch.

With consent properly integrated into Adobe Analytics via Web SDK and CMPs, the next step is implementing privacy-first tracking. The following section dives into configuring CNAME-based tracking and FPIDs to align with browser privacy changes while maintaining compliance and data accuracy.

Browser privacy and tracking protection setups: First-party cookies tracking strategies

1. CNAME-based analytics implementation

CNAME-based Analytics Implementation allows tracking calls to be routed through your domain instead of directly using Adobe Analytics servers. This approach ensures that tracking calls are less likely to be blocked by browser-based tracking prevention mechanisms, as cookies are written under your domain (for example, smetrics.yourdomain.com).

This method is supported by both AppMeasurement.js and AEP WebSDK.

Benefits of CNAME-based tracking

• Overcomes browser restrictions that block third-party cookies.
• Ensures that analytics cookies are treated as first-party cookies.
• Improves reliability and compliance with browser privacy standards.

High-Level steps to implement CNAME tracking

Step 1: Set up first-party domain and SSL certificates

1. • Fill in the first-party domain request form (which can be downloaded from the Implementation section of the Adobe-managed certificate program documentation), listing the domains to be used. You can use the below format: smetrics.[yourdomain] for secure tracking metrics.[yourdomain] for insecure tracking.

1. • Obtain SSL certificates for these domains.

Step 2: Create subdomains

1. • Work with your IS/IT or Hosting team to create the necessary subdomains (smetrics.yourdomain.com and metrics.yourdomain.com).

Step 3: Submit a support request to Adobe

1. • Open a ticket via the Adobe Admin Console.
   • Share the domain request form created in Step 1.

Step 4: Receive SSL CNAME details from Adobe

1. • Adobe provides the necessary CNAME record details to forward data to Adobe’s servers (for example, random-10-character-string.data.adobedc.net).

Update your Domain Name Server (DNS) with this CNAME information.

Step 5: Validate hostname redirection

1. • Verify the CNAME configuration using:
     • Browser: https://smetrics.yourdomain.com/_check
     • cURL: curl -k https://smetrics.yourdomain.com/_check
     • nslookup: nslookup smetrics.yourdomain.com

Step 6: Update Adobe Analytics implementation

1. • For AppMeasurement.js: Update s.trackingServer and s.trackingSecureServer in the Adobe Analytics extension.

1. • For AEP WebSDK: Update the Edge Domain field in the Adobe Experience Platform Web SDK extension.

Step 7: Request a migration period

1. • Contact Adobe Support to enable a migration period (30/60/90 days).
   • This allows existing visitor identification cookies to retrieve the same Visitor IDs during the transition to the new CNAME-based implementation.

2. First-party device ID (FPID)

First-Party Device IDs (FPIDs) offer a powerful mechanism for visitor identification, data collection, and data management without relying on third-party cookies.  Adobe Experience Platform (AEP) WebSDK enables this through its integration with Adobe’s Edge Network, providing future-proof and privacy-compliant first-party tracking.

This section walks through the full process of setting up FPIDs using a Flask app example—including DNS configuration, Adobe WebSDK integration, and configuring Adobe Launch for data collection.

Demo setup

We have set up a test domain for this implementation. This environment allows us to demonstrate the configuration of First-Party Device IDs (FPIDs) with Adobe Experience Platform Web SDK.

Architecture

DNS configuration

To implement FPID-based tracking, update the domain’s DNS record to use A/AAAA records that point to your web server or load balancer.

You can refer to the screenshots below related to the DNS record and Web Server/Load Balancer IP.

DNS Record

Web Server Load Balancer IP

Below are the key points to note:

• Unlike CNAME records, A/AAAA records ensure that first-party cookies are set directly by your web server, which improves tracking reliability and privacy compliance.
• FPID-enabled cookies are sent to Adobe’s Edge Network, where they are used to generate Experience Cloud IDs (ECIDs) - the primary identifier across Adobe Experience Cloud applications .

Setting up the Flask application to generate FPIDs

FPIDs use first-party cookies best set via a server with DNS A (IPv4) or AAAA (IPv6) records, not CNAME or JavaScript. Once set, FPIDs are sent to Adobe as event data to generate ECIDs, the main identifiers in Adobe Experience Cloud.

Below is a sample Python Flask application that generates FPIDs using UUIDv4:

GitHub: https://github.com/appuriabhi/fpid_flaskapp/

The Platform Edge Network only accepts IDs in UUIDv4 format, and any other formats are rejected. UUIDv4 creates unique, random IDs that are very unlikely to repeat and cannot use personal information like IP addresses.

There are libraries for generating UUIDs in almost every programming language, In the above example we’ve used Python package 'uuid' to generate identifier.

Updating implementation to use FPID cookie value to seed ECID value

There are two ways that we can update our WebSDK implementation to use the FPID Cookie value (uuid) to seed Experience Cloud ID value, which is explained below:

1. Using FPIDs in   identityMap

Update XDM IdentityMap to set ‘FPID’ values in the below format to include in /interact tracking calls

XDM IdentityMap Data Element in Adobe Launch

2. Update CookieName in Data-Stream

Specify the FPID Cookie Name in Data Stream UI, rather than reading the cookie value and setting it up in IdentityMap.

Data Stream Setup for FPID

Validate FPID in network calls

You can check the /interact tracking call in the browser’s network tab to ensure that the FPID is included in the payload as highlighted in the screenshot below.

Validate “/interact” Network Tracking Call

Analytics report validation

We can see that since the FPID Cookie Value remains persistent in the visitor’s browser, it can seed the same Experience Cloud ID (ECID) across Visits.

Analytics Report Validation

Conclusion and best practices

Incorporating privacy-focused strategies for managing cookies in Adobe Analytics is crucial in today’s evolving digital landscape. As browser privacy restrictions tighten and users demand more control over their data, adapting to these changes is essential for maintaining accurate analytics and respecting user privacy.

• Implement a CNAME-based analytics tracking implementation to overcome browser restrictions on Martech Cookies.
• Adopt FPIDs for visitor identification and tracking. FPIDs are a robust solution that helps overcome major browser tracking restrictions and is fully compliant with privacy regulations.
• Stay informed on the privacy regulations and the latest browser tracking prevention updates.

References

• https://experienceleague.adobe.com/en/docs/experience-platform/web-sdk/identity/first-party-device-ids#migrating-to-first-party-device-ids
• https://experienceleague.adobe.com/en/docs/platform-learn/data-collection/edge-network/generate-first-party-device-ids