Relevant products:
  • Optimizely X Web Experimentation
  • Optimizely X Web Personalization
  • Optimizely X Web Recommendations

THis article will help you:
  • Implement behavioral targeting across different origins (subdomains or protocols) of your site

An “origin” is a combination of a specific hostname, protocol, and port on your site. By default, events that you track in Optimizely can only be used to target changes on the same origin. So when the snippet is running on, it can access events that were generated on, but it cannot access events that were generated on:

What if you want to run an experiment on the secure origin, targeting browsing behavior on the unsecure origin Or what if you want to target based on reading activity on  

Enable cross-origin targeting to track events across origins.

Enable cross-origin targeting

  1. Navigate to Settings > Implementation. Scroll down to list the domains where you want to Optimizely to run.

  2. Enter the URL where events should be tracked. Then, use the dropdown to target specific origins or groups of origins. Note that unlike Experiment URL targeting, the value matched with the pattern is specifically the "origin" portion of the URL, not the whole URL. There are several ways to specify origin patterns:

  3. Use the URL Match Validator to check that your targeting matches the URLs you expect. Note that you can check full URLs including path, querystring, and hash, but those portions of the URL are ignored by the match pattern.

  4. Then, click Save.

If you expect visitors to cross either domains or top-level domains, consider using the waitForOriginSync API

Events are shared asynchronously across origins, so events from aren't available when Optimizely first begins to execute on  As a result, targeting may not succeed until the second page load on

There are three known ways that cross-origin targeting won't work:

  • The origin setting in your account is set incorrectly.

  • Your visitor's browser blocks all iframes or iframes specifically from *

  • The browser’s privacy settings prevent setting or retrieving localStorage keys from iframe origins.

Some browsers block cross-origin iframe localStorage if “third party cookies” are disabled. When a browser does this, Optimizely's iframe won't function when a visitor is on your website (because in this situation, the Optimizely iframe is from a separate website, i.e., a “third party” origin).

Cross-domain targeting

Events can be targeted across origins only for the current Optimizely User ID, which is stored in the optimizelyEndUserId cookie. Since browsers prevent sharing cookies across domains (e.g., and across top-level domains (e.g.,, Optimizely is unable to set consistent user IDs across such domains.

You will need to manually sync the optimizelyEndUserId cookie across domains, using other means, in order for cross-domain targeting to work.