> ## Documentation Index
> Fetch the complete documentation index at: https://docs.snitcher.com/llms.txt
> Use this file to discover all available pages before exploring further.

# First-Party Tracking

> Set up a custom proxy to send tracking data through your own domain for maximum reliability.

By default, Snitcher's tracker sends data to `radar.snitcher.com` and loads scripts from `cdn.snitcher.com`. While this works for most websites, some visitors use ad-blockers or privacy tools that may block requests to third-party tracking domains.

**First-party tracking** solves this by routing all Snitcher traffic through your own domain, making it indistinguishable from your website's regular traffic.

## Why Use First-Party Tracking?

<CardGroup cols={2}>
  <Card title="Bypass Ad-Blockers" icon="shield">
    Requests to `your-domain.com` aren't blocked by tools that target third-party trackers.
  </Card>

  <Card title="Higher Data Quality" icon="chart-line">
    Capture more pageviews, sessions, and identified users.
  </Card>

  <Card title="First-Party Cookies" icon="cookie">
    Cookies set by your domain have longer lifespans and better browser support.
  </Card>

  <Card title="Privacy Compliance" icon="lock">
    All data flows through your infrastructure, giving you full control.
  </Card>
</CardGroup>

## How It Works

Instead of:

```
Your Website → cdn.snitcher.com (script)
Your Website → radar.snitcher.com (data)
```

With first-party tracking:

```
Your Website → cdn.yoursite.com → cdn.snitcher.com
Your Website → tracking.yoursite.com → radar.snitcher.com
```

You set up a reverse proxy on your domain that forwards requests to Snitcher's servers. The tracker is configured to use your domain instead of ours.

## Setup Overview

You'll need to configure two proxies:

| Purpose              | Your Domain             | Proxies To           |
| -------------------- | ----------------------- | -------------------- |
| Tracker script (CDN) | `cdn.yoursite.com`      | `cdn.snitcher.com`   |
| Tracking API         | `tracking.yoursite.com` | `radar.snitcher.com` |

<Warning>
  Avoid subdomains containing words like `analytics`, `tracking`, or `pixel`—some ad-blockers target these patterns. Use neutral names like `api`, `cdn`, or your company abbreviation.
</Warning>

## CloudFront Setup (AWS)

CloudFront is a popular choice for proxying because it's fast, reliable, and easy to configure.

### Step 1: Create SSL Certificates

If using Route 53 for DNS, create certificates for your proxy domains:

1. Go to **AWS Certificate Manager** in `us-east-1` (required for CloudFront)
2. Request certificates for:
   * `cdn.yoursite.com`
   * `tracking.yoursite.com`
3. Validate via DNS

### Step 2: Create CloudFront Distribution for the API

1. Go to **CloudFront** → **Create Distribution**
2. Configure the origin:
   * **Origin Domain**: `radar.snitcher.com`
   * **Protocol**: HTTPS Only
3. Configure cache behavior:
   * **Viewer Protocol Policy**: Redirect HTTP to HTTPS
   * **Allowed HTTP Methods**: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
   * **Cache Policy**: CachingDisabled
4. Create an **Origin Request Policy** that forwards:
   * Headers: `Origin`, `Accept`, `User-Agent`, `Content-Type`
   * Query strings: All
   * Cookies: All
5. Under **Settings**:
   * Add alternate domain name: `tracking.yoursite.com`
   * Select your SSL certificate
6. Create the distribution

### Step 3: Create CloudFront Distribution for the CDN

Repeat the process for the CDN:

1. **Origin Domain**: `cdn.snitcher.com`
2. **Alternate Domain**: `cdn.yoursite.com`
3. Use default caching (scripts can be cached)
4. Select your SSL certificate

### Step 4: Configure DNS

Create CNAME records pointing to your CloudFront distributions:

```
cdn.yoursite.com      → d1234abcd.cloudfront.net
tracking.yoursite.com → d5678efgh.cloudfront.net
```

### Step 5: Update Your Tracking Script

Modify your Snitcher tracking script to use your proxy domains:

```html theme={null}
<script>
!function(e){"use strict";var t=e&&e.namespace;if(t&&e.profileId&&e.cdn){var i=window[t];if(i&&Array.isArray(i)||(i=window[t]=[]),!i.initialized&&!i._loaded)if(i._loaded)console&&console.warn("[Radar] Duplicate initialization attempted");else{i._loaded=!0;["track","page","identify","group","alias","ready","debug","on","off","once","trackClick","trackSubmit","trackLink","trackForm","pageview","screen","reset","register","setAnonymousId","addSourceMiddleware","addIntegrationMiddleware","addDestinationMiddleware","giveCookieConsent"].forEach((function(e){var a;i[e]=(a=e,function(){var e=window[t];if(e.initialized)return e[a].apply(e,arguments);var i=[].slice.call(arguments);return i.unshift(a),e.push(i),e})})),i.bootstrap=function(){var t,i=document.createElement("script");i.async=!0,i.type="text/javascript",i.id="__radar__",i.setAttribute("data-settings",JSON.stringify(e)),i.src="https://"+e.cdn+"/releases/latest/radar.min.js";var a=document.scripts[0];a.parentNode.insertBefore(i,a)},i.bootstrap()}}else"undefined"!=typeof console&&console.error("[Radar] Configuration incomplete")}({
  "apiEndpoint": "tracking.yoursite.com",
  "cdn": "cdn.yoursite.com",
  "namespace": "Snitcher",
  "profileId": "YOUR_PROFILE_ID"
});
</script>
```

Note the changes:

* `apiEndpoint`: Your API proxy domain
* `cdn`: Your CDN proxy domain

## Nginx Setup

If you're running your own infrastructure, nginx is a lightweight proxy option.

### Nginx Configuration

```nginx theme={null}
# API Proxy
server {
    listen 443 ssl http2;
    server_name tracking.yoursite.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass https://radar.snitcher.com;
        proxy_ssl_server_name on;
        proxy_set_header Host radar.snitcher.com;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

# CDN Proxy
server {
    listen 443 ssl http2;
    server_name cdn.yoursite.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass https://cdn.snitcher.com;
        proxy_ssl_server_name on;
        proxy_set_header Host cdn.snitcher.com;
        
        # Cache static assets
        proxy_cache_valid 200 1d;
        add_header X-Cache-Status $upstream_cache_status;
    }
}
```

## Vercel Rewrites

For Next.js sites on Vercel, use rewrites in `next.config.js`:

```javascript theme={null}
/** @type {import('next').NextConfig} */
const nextConfig = {
  async rewrites() {
    return [
      {
        source: '/sn-api/:path*',
        destination: 'https://radar.snitcher.com/:path*',
      },
      {
        source: '/sn-cdn/:path*',
        destination: 'https://cdn.snitcher.com/:path*',
      },
    ];
  },
};

module.exports = nextConfig;
```

Then update your tracking script:

```javascript theme={null}
{
  "apiEndpoint": "yoursite.com/sn-api",
  "cdn": "yoursite.com/sn-cdn",
  ...
}
```

## Netlify Redirects

Add to your `netlify.toml`:

```toml theme={null}
[[redirects]]
  from = "/sn-api/*"
  to = "https://radar.snitcher.com/:splat"
  status = 200
  force = true

[[redirects]]
  from = "/sn-cdn/*"
  to = "https://cdn.snitcher.com/:splat"
  status = 200
  force = true
```

## Testing Your Setup

After configuration, verify everything works:

### 1. Test the CDN Proxy

```bash theme={null}
curl -I https://cdn.yoursite.com/releases/latest/radar.min.js
```

You should receive a `200 OK` response with JavaScript content.

### 2. Test the API Proxy

```bash theme={null}
curl https://tracking.yoursite.com/health
```

You should receive a successful response.

### 3. Check Browser Network Tab

1. Visit your website
2. Open Developer Tools → Network
3. Look for requests to your proxy domains
4. Verify no requests go to `*.snitcher.com`

## Troubleshooting

<AccordionGroup>
  <Accordion title="Requests still going to snitcher.com">
    * Clear your browser cache
    * Verify your tracking script has the correct `apiEndpoint` and `cdn` values
    * Check that DNS has propagated: `dig cdn.yoursite.com`
  </Accordion>

  <Accordion title="CORS errors in console">
    Ensure your proxy forwards the `Origin` header and returns appropriate CORS headers. CloudFront handles this automatically with the right origin request policy.
  </Accordion>

  <Accordion title="SSL certificate errors">
    * Verify certificates are valid and not expired
    * For CloudFront, certificates must be in `us-east-1`
    * Ensure the certificate covers your proxy subdomain
  </Accordion>

  <Accordion title="Cloudflare not working">
    Cloudflare doesn't support cross-account proxying. If your main domain is on Cloudflare, use a different CDN (CloudFront, Fastly) for the proxy, or use a different subdomain not on Cloudflare.
  </Accordion>
</AccordionGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Verify Installation" icon="check" href="/product/tracker/installation#verify-installation">
    Confirm tracking is working
  </Card>

  <Card title="Cookie Consent" icon="cookie" href="/product/tracker/cookie-consent">
    GDPR-compliant setup
  </Card>
</CardGroup>
