Skip to main content

Stape subdomains β€” DNS configuration

The agency hosts the GTM Server container on Stape. To send events first-party (instead of through googletagmanager.com), point 2 subdomains to Stape.

Subdomains to create​

SubdomainDNS TypeValue (provided by agency)TTL
analytics.biosphereskincare.comCNAME<container-id>.stape.io3600
load.analytics.biosphereskincare.comCNAME<container-id>.stape.io3600

Why 2 subdomains?​

  • analytics.biosphereskincare.com β€” the server endpoint where GTM Web POSTs events.
  • load.analytics.biosphereskincare.com β€” serves gtm.js (and ns.html) first-party. Without it, the browser calls www.googletagmanager.com β†’ blocked by ad blockers (uBlock, AdGuard, Brave shields…).

Procedure​

Step 1 β€” Agency sends you the CNAME values​

After creating the Stape container, the agency hands over values like:

load.analytics.biosphereskincare.com  β†’  abc123xyz.stape.io
analytics.biosphereskincare.com       β†’  abc123xyz.stape.io

Step 2 β€” Create the CNAMEs​

In your DNS registrar (Cloudflare, OVH, Gandi, IONOS…):

Cloudflare​

  1. Dashboard β†’ biosphereskincare.com β†’ DNS β†’ Records
  2. Add record:
    • Type: CNAME
    • Name: load.analytics
    • Target: abc123xyz.stape.io
    • Proxy status: DNS only (grey, not orange) ⚠️ important
  3. Repeat for analytics.

⚠️ Cloudflare proxy must be OFF (grey). Orange proxy breaks Stape's SSL validation.

OVH​

  1. Customer space β†’ Domains β†’ biosphereskincare.com β†’ DNS Zone
  2. Add record:
    • Subdomain: load.analytics
    • Type: CNAME
    • Target: abc123xyz.stape.io. (trailing dot required)
  3. Repeat for analytics.

Other registrars​

Same principle: create 2 CNAME records.

Step 3 β€” Notify the agency​

Once the CNAMEs are live, ping the agency so Stape SSL validation kicks in.

Propagation delay: 5 min to 24h depending on the registrar. Quick check:

dig load.analytics.biosphereskincare.com CNAME +short
# Expected: abc123xyz.stape.io.

dig analytics.biosphereskincare.com CNAME +short
# Expected: abc123xyz.stape.io.

Step 4 β€” Stape validates SSL automatically​

Stape automatically requests a Let's Encrypt cert for each subdomain. Once issued, the agency activates the mapping in the container.

Final check​

Once active, in a browser:

https://load.analytics.biosphereskincare.com/gtm.js?id=GTM-XXXXXX

Should return the gtm.js content (JavaScript). SSL error or 404 β†’ one subdomain is misconfigured.

CSP (Content-Security-Policy)​

If your site has a strict CSP, add these directives:

script-src  'self' https://load.analytics.biosphereskincare.com
connect-src 'self' https://analytics.biosphereskincare.com
img-src     'self' https://analytics.biosphereskincare.com data:

Pitfalls​

  • ❌ Cloudflare proxy in orange mode β†’ Stape SSL fails to validate.
  • ❌ Using an A record instead of CNAME.
  • ❌ Missing trailing dot on OVH (abc123xyz.stape.io. vs abc123xyz.stape.io).
  • ❌ Creating only analytics without load.analytics β†’ server hits work, but gtm.js stays blocked.