I have a website (A) example.com on which I've placed google analytics tag.
I have a second website (B) property.com on which I am loading resources from subdomain.example.com.
When I visit site A (exaple.com), google analytics drop a cookie "_ga" with id "123" and domain "example.com".
Then I go to site B (property.com), and google analytics drops a new cookie _ga with id "456", HOWEVER the same "_ga" cookie with id "123" and domain ".example.com" is kept.
This happens because some resources from "subdomain.example.com" domain are loaded on "property.com".
The question is - how do I prevent this???
I've tried so far everything possible, without luck. I'll list my attempts and failures.
Modified the google analytics script to have a specific domain
// For example.com
gtag('config', 'GA_TRACKING_ID', { 'cookie_domain': 'example.com' });
Result - nothing
- Nginx configuration file set to:
proxy_cookie_path / "/; SameSite=Strict; Secure";
Result - nothing
- Nginx configuration file set to:
add_header Set-Cookie "_ga=; Domain=.example.com; Path=/; SameSite=Strict";
Result the same cookie from .exmaple.com appears on proprty.com
4.Nginx configuration file set to:
add_header Set-Cookie "_ga=deleted; Domain=.example.com; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT";
Result: the same cookie from .exmaple.com appears on proprty.com only this time the value is "deleted"
5. Nginx configuration file set to:
proxy_set_header Set-Cookie "_ga=deleted; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT";
Result: similar to above point 4
6.Nginx configuration file set to:
proxy_cookie_flags _ga SameSite=Strict Secure;
Result: apperently my nginx version doesn't support that, but something tells me this won't work as well.
Obviously I'm trying to control this behavior from the (A) example.com domain, and offer my resources without spamming other websites with google/facebook cookies.
Please help, ChatGPT couldn't and I couldn't find an answer here.
