POC for Safari ITP mitigation

[thmsobrmlr]

Safari ITP deletes first-party cookies after 7 days of inactivity, which limits tracking the retention of users with this browser. This is important for a priority customer of us, and some competitors have implemented a workaround already. The general solution is to use server-side first-party cookies (those aren't deleted by Safari) and having a mechanism to send them to the analytics snippet.

@thmsobrmlr will create a POC for this kind of workaround.

We need to make sure is_identified is correctly set.

There is a secure_cookie option already. https://posthog.com/docs/libraries/js#tuning-autocapture

Some more details from a customer call in here: https://docs.google.com/document/d/1HcQexu3A0LJG_Vn4QyehMQezUrYB0gs-qIsa1wXLN1c

[thmsobrmlr]

Likely this is a non-issue, as Safari only classifies domains that are accessed from multiple first-party domains as "tracker". PostHog proxies are usually only accessed from one top level domain & we don't see anomalies in Safari retention in our data as well.

Note: This might be different for the PostHog hosted proxy, as Safari ITP detects CNAME cloaking by looking at the first two octets in the IP address.

More details in this ticket as well: https://posthoghelp.zendesk.com/agent/tickets/12306