Bypassing Safari's ITP
Option 1 : Reverse Proxy

Option 1 : Reverse Proxy DNS

How does this solution work?

By using a reverse proxy, you force the traffic from your tracking server to pass through the DNS of your browsing website. The IPs of your browsing website server ( and your tracking server ( will no longer appear when cookies are set on the user's browser = only the IP of your reverse proxy will be visible. Thus, when the browser checks the IP of your browsing server and the IP of your tracking server, these IPs will be exactly the same. The cookies set by your tracking server will therefore be considered first-party cookies, and their lifespan will be 13 months.

Cloudflare enabled

If you are already using a reverse proxy like Cloudflare, this is the best option to continue maintaining your cookies in the new version of Safari.

Detailed setup

  1. Go to your Cloudflare account.

  2. Select your website on the interface.

  3. Go to SSL/TLS then Overview, and make sure the encryption mode is set to Full or Full (Strict).


If not, you can create a configuration rule to be Full only on the tagging domain.

SSL/TLS Overview
  1. Go to SSL/TLS and select Origin Server.

  2. Click on Create a certificate, and leave the options as default.

  3. In the Hostname section, enter the domain defined in Addingwell, for example:

Create a certificate
  1. Click on Create.

Once you have created the certificate, Cloudflare will provide you with the certificate and the private key, keep them for later. Please note that the private key will only be given once.

Certificate details
  1. In your workspace on, under Dashboard > Domains, and on your domain, select Set reverse-proxy.
Set reverse-proxy in Addingwell
  1. Fill in the fields with your certificate and key provided by Cloudflare.
Addingwell reverse-proxy configuration
  1. Once the certificates have been registered, you should see an icon next to your domain.
Reverse-proxy icon
  1. Back on Cloudflare, in the left menu, select DNS and enable the Cloudflare proxy on the DNS record corresponding to the domain linked to Addingwell.
Activate Cloudflare proxy