Managed reverse proxy

Serve OakData through a subdomain of your own site with one CNAME record, so ad-blockers can't block your analytics.

Ad-blockers and privacy extensions block requests to known analytics domains, so a chunk of your real traffic never reaches your dashboard. The fix: serve OakData from a subdomain of your own site, so the browser only ever sees first-party traffic.

OakData's managed reverse proxy does this with a single DNS record. We handle SSL certificates, routing, and maintenance automatically - there's no proxy code to run, and it's included on every plan. You just need access to your domain's DNS settings.

1. Create your proxy

In your project's Settings → Managed reverse proxy, enter a subdomain of your site and press Activate. If your app runs on myapp.com, use something like t.myapp.com.

Choose a neutral subdomain

Don't use words like analytics, tracking, telemetry, stats, or oak- ad-blockers target these terms, and the proxy won't achieve its purpose. Bland names like t or go work best.

2. Create a DNS record

Go to your DNS provider and create a new CNAME record:

  • Set the Name to your chosen subdomain (just the subdomain part, like t)
  • Set the Target to proxy.oakdata.co
  • Save the record
DNS record
dns
t.myapp.com.  CNAME  proxy.oakdata.co.

Using Cloudflare for DNS?

Disable the proxy toggle (orange cloud → gray cloud) for this record. Proxying at your DNS provider interferes with SSL certificate provisioning.

3. Wait for it to go live

The settings page checks automatically and moves from Waiting for DNS to Active once the record propagates and your SSL certificate is issued. This typically takes 2-5 minutes, but can take up to 30 if DNS propagation is slow. No further action needed.

If the card asks for an extra TXT record, your domain needs a one-time ownership check - add that record the same way and the check clears on its own.

4. Update your OakData SDK

Point api_host at your new subdomain - this is the only code change:

init
ts
oak.init('oak_pub_xxxxxxxxxxxxxxxxxxxxxxxx', {
  api_host: 'https://t.myapp.com',
})

Using environment variables (the Next.js and React quickstart setups)? Update the host value instead - no code change at all:

.env
.env
# Was https://oakdata.co - now your proxy subdomain
NEXT_PUBLIC_OAK_HOST=https://t.myapp.com

5. Verify your setup

Confirm events are flowing through your proxy:

  • Open your browser's developer tools and go to the Network tab
  • Load a page on your site to trigger a pageview
  • Look for a POST request to your subdomain (e.g. t.myapp.com/api/oak/ingest) returning 200 - with your ad-blocker turned on, too
  • Check your OakData dashboard - events appear within seconds

FAQ

Do I need to forward IP addresses or location headers? No. Visitors' browsers connect directly to OakData's edge on your subdomain, so IP addresses and locations are recorded correctly with zero configuration.

Is there a ui_host or second setting to configure? No - api_hostis the only change. The OakData SDK doesn't render any UI or link back to the dashboard from your site.

Can visitors still block tracking? Projects can enable replay masking and Respect Do Not Track in settings regardless of how events reach us.

What if it stays in "Waiting for DNS"? Double-check the CNAME name and target for typos, make sure any DNS provider proxying (orange cloud) is off, and give slow DNS providers up to 30 minutes. Still stuck? Remove the proxy in settings and re-activate, or contact support.