Learn how Optimize can work across origins on your website.
It's not uncommon for a website to have multiple origins. Each origin has an isolated localStorage, which means data stored in one origin's localStorage isn't accessible from another origin. This segregation create challenges for Optimize, which relies on localStorage to key data — like user attribution, holdout group assignments, variation selections, session info, and much more.
If Optimize can’t persist data across origins, things like variation choices and visitor tracking can get lost as visitors move between parts of your site — leading to inconsistent experiences and making it harder to connect actions to conversions.
Optimize addresses this challenge by implementing cross-origin support, but some browsers include additional measures that block this solution. We'll cover how support is implemented and the known issues that block it.
What's an origin?
An origin is a unique combination of a hostname (subdomain or TLD), protocol, and port for a given URL.
For example, the origin breakdown for https://www.mydomain.com is:
| Protocol | Domain | Port number |
|---|---|---|
| https:// | www.mydomain.com | 443 (default HTTPS port) |
Slight variations to https://www.mydomain.com will cause the new URL to become a new origin:
| URL variation | What changed? | Origin component |
|---|---|---|
| https://blog.mydomain.com |
blog instead of www
|
Hostname (subdomain) |
| https://www.mydomain.co.uk |
.co.uk instead of .com
|
Hostname (TLD) |
| http://www.mydomain.com |
http instead of https
|
Protocol |
| https://www.mydomain.com:8080 | port 8080 instead of 443 (default HTTPS port) |
Port |
Common scenarios with multiple origins
Websites often leverage subdomains to organize and differentiate content types. Some examples include:
- Content pages (e.g., blog, support, marketing)
- Process flows (e.g., signup, billing, checkout)
- Landing page (i.e. Hubspot or Unbounce)
- Lead forms (e.g.,Marketo, HubSpot)
- Payment process (e.g., Recharge)
Another common practice is to leverage an alternate URL structure for regional support (e.g., www.mydomain.com, www.mydomain.ca, and www.mydomain.co.uk).
Optimize's cross-origin tracking support
To enable cross-origin tracking, the Optimize snippet must be installed on the page, and the page's domain or subdomain must be included in the allowed domains list. When these conditions are met, the snippet injects a hidden iframe into the page.
This iframe introduces a new common origin with its own localStorage, which acts as a shared storage space across your website. Optimize can store and access data from this shared localStorage regardless of which origin a visitor is on, allowing visitor data to stay connected throughout their entire journey.
Known issues with cross-origin tracking
Popular web browsers regularly introduce security updates and protections to keep users safe from malicious activity. However, some of these changes can disrupt cross-origin tracking. As a result, it may not always be possible to persist data or accurately associate conversions with variations for certain visitors and browsers.
Storage partitioning
Chrome, Firefox, and Safari implement Storage Partitioning, which adds additional information to the localStorage partition key, keeping data segregated to the “site” of the parent page.
A “site” is defined as the protocol (e.g., https://) plus the top-level domain (e.g., mywebsite.com)::
As a result:
- Data will persist within the same “site” (e.g., across subdomains like
www.domain.comandblog.domain.com). - Data will not persist across different “sites” (e.g., from
domain.comtodomain.co.uk, orpaidservice.com).
Intelligent Tracking Prevention (ITP)
Safari and iOS browsers utilize Intelligent Tracking Prevention (ITP), which prevents cross-origin tracking by enforcing strict origin isolation for localStorage This effectively disables Optimize’s cross-origin support method for affected visitors.
While users can disable ITP at the browser level, doing so would require each visitor to manually adjust their settings:
- Mac Safari — prevent cross-site tracking settings
- iOS Safari — control privacy and security settings
To address this, you can filter out Safari and iOS users while viewing your optimization results to focus on visitors who were likely fully tracked across all origins on a site.
While viewing optimization results:
- Click Filter
- Click Browser > select all browsers except Safari
- Click Back
- Click Operating System > select all operating systems except iOS
- Click Apply