Currently in the API for navigation sources, we have a restriction that a user must land on the destination site for the source to be valid. Otherwise, the source registration is ignored.

We are hearing cases of legitimate use-cases where this restriction is difficult to conform to, e.g.

• Landing pages that are managed by third parties with different domains than the advertiser site
• Conversion pages that are managed by third parties (e.g. purchase flows) on a different domain than the advertiser site or landing page

Additionally, the restriction in the API is no longer fully “load bearing” because event sources already have the capability to leak some amount of browsing history, which we protect with noise that is also present on navigation sources. Therefore it doesn’t feel as necessary to add additional protections on clicks which are already rate-limited by user interaction.

Note: this doesn’t fully solve the use cases detailed in #549 but it does partially solve the case where only a single domain is required to register conversions. Note that this also partially fixes #44.