By default, the Mixpanel cookies work across domains and subdomains, but Mixpanel does not automatically track across those domains.
However, if your site is hosted on a domain like Heroku (or similar - see a complete list of affected domains) with a URL like XYZ.herokuapp.com, cross-subdomain cookies are not allowed for security reasons. With Mixpanel default settings on these sites, users' distinct_ids will be reset to a new $distinct_id on each page load. This will cause issues with Mixpanel reports, namely broken Retention reports and Funnels.
To resolve the issue on sites that don't allow cross-subdomain cookies:
The default cross_subdomain_cookie config is set to true in your mixpanel.init function, which will allow your subdomain's cookie to be stored and keep the Mixpanel distinct_id consistent across the sub-domain:
Or, use a CNAME to change from yourdomain.herokuapp.com to yourdomain.com.