single php

Understanding Safari’s Intelligent Tracking Prevention (ITP) and Its Impact

·

·

What is Intelligent Tracking Prevention (ITP)

Intelligent Tracking Prevention (ITP) is a crucial privacy feature introduced by Apple in Safari to limit third-party tracking across websites. By minimizing the data that websites and advertisers can collect, ITP helps users maintain privacy and control over their online activities. The feature is enabled by default in Safari, meaning users don’t need to adjust any settings to benefit from this enhanced protection.

ITP uses advanced machine learning algorithms to classify and block tracking data directly on the user’s device. This prevents sensitive browsing history from being sent to Apple and reduces cross-site tracking. Additionally, Safari limits the data shared with third parties, ensuring that only essential information is sent to search engines during user searches. These features empower users to browse without being tracked by multiple parties.

Development by Webkit, Safari’s engine

ITP was developed by WebKit, the open-source engine used by Safari and other applications on macOS, iOS, and Linux. WebKit’s focus on security and privacy extended to ITP, making Safari one of the leading browsers in user privacy protection.

Evolution of ITP:

Launched in 2017, ITP initially aimed to block third-party cookies. Over time, it has evolved to address newer tracking methods:

  • ITP 2.0: Removed the 24-hour window for first-party cookies and partitioned them when cross-site tracking was detected.
  • ITP 2.1: Restricted JavaScript-based cookies, reducing their lifespan to 7 days.
  • ITP 2.3: Prevented link decoration and further limited data storage by third parties, blocking workarounds.

These changes reflect Apple’s ongoing commitment to protecting user privacy and ensuring a secure online experience.

As privacy regulations continue to evolve, marketers are challenged to find solutions that respect these new privacy measures. Marketers should take a privacy-first approach by adopting first-party data to build their marketing strategy. Incorporating 1PD Ops (First-party data Operations) platforms such as CustomerLabs can help. By focusing on first-party data, CustomerLabs enables businesses to capture direct user interactions while ensuring full compliance with privacy standards like ITP. The platform helps marketers optimize campaigns through secure, privacy-compliant strategies—without relying on third-party cookies. With tools that allow for personalized marketing, CustomerLabs is at the forefront of helping businesses adapt to the future of data privacy.

Let’s deep dive into the mechanisms and functionality of ITP.

Mechanisms and Functionality of ITP

Intelligent Tracking Prevention (ITP) uses a combination of machine learning and privacy-focused limitations to block cross-site tracking and protect user data. The following are key mechanisms that drive ITP’s functionality:

Machine-Learning Classifier for Cross-Site Tracking Detection:

  • A machine-learning classifier analyzes user behavior and statistics to determine which domains can track users across different websites.
  • If the classifier identifies a first-party cookie used for cross-site tracking, it blocks the cookie unless the site requests permission via the Storage Access API.
  • This feature is particularly relevant for major AdTech players like Facebook and Google, who rely on cross-site tracking.

Limitations on Third-Party and First-Party Cookies:

  • Third-Party Cookies: Blocked by default in Safari to prevent tracking across different websites.
  • First-Party Cookies:
    • If set by JavaScript’s document.cookie, these cookies expire after 7 days unless accessed within that time, in which case the expiration is extended by another 7 days.
    • First-party cookies set with link decoration (i.e., when URLs are appended with query parameters) expire in 24 hours. If accessed during this time, the expiration is extended by 24 hours.
  • Non-Cookie Storage Data: Storage types such as LocalStorage, which do not have an expiration date, are capped at 7 days in Safari.
  • If data in LocalStorage is accessed within the 7-day period, its expiration date is extended by another 7 days.
  • This ensures that even non-cookie data used for tracking is limited in duration, further enhancing user privacy.

These mechanisms work together to limit the ability of advertisers and tracking technologies to monitor users across different websites, reinforcing Safari’s commitment to user privacy.

CustomerLabs helps businesses adapt to ITP by emphasizing first-party data collection. With ITP limiting third-party tracking, the platform enables marketers to gather valuable insights from user interactions while respecting privacy, ensuring better targeting and campaign effectiveness. 

Read More About How CustomerLabs Can Help You Adapt to ITP

Key Updates in ITP Versions 1.0 to 2.3

Safari’s Intelligent Tracking Prevention (ITP) has evolved to enhance user privacy by blocking cross-site tracking. ITP 1.0, introduced in 2017, used machine learning to partition cookies based on whether users visited a site within the past 24 hours, but this caused issues with embedded social plugins and third-party services. ITP 1.1 introduced the Storage Access API to address these concerns.

ITP 2.0, launched in 2018, eliminated the 24-hour window for first-party cookies, partitioning cookies as soon as cross-site tracking was detected. It also blocked fingerprinting and first-party bouncers. ITP 2.1, 2.2, and 2.3 further tightened restrictions, requiring companies like Facebook, Google, and Amazon to obtain user approval for cookies and data access. ITP 2.2 limited conversion attribution to 24 hours, while ITP 2.3 extended this to 7 days, significantly impacting digital advertising.

ITP 2.1’s Impact on Cookies via JavaScript

The ITP 2.1 update, introduced in late 2018, aimed to counteract workarounds implemented by advertisers. Previously, third-party trackers were storing cookies as first-party cookies to bypass ITP’s restrictions. To address this, ITP 2.1 tightened the rules for first-party cookies. One key change was the reduction in the lifespan of client-side cookies to just 7 days, even if the cookie did not track users. For many marketing tools, like Google Analytics, this short lifespan had a significant impact on their ability to track user behavior over a longer period. Additionally, ITP 2.1 also required the use of the Storage Access API for any cookies set by third parties, even if those cookies did not involve tracking.

Despite the progress made by ITP 2.1, advertisers continued to find workarounds, especially with link decoration—a technique used by companies like Google and Facebook to track users via the URLs they click. To combat this, ITP 2.3, introduced in 2019, introduced stricter controls. This version introduced two key measures to limit the effectiveness of link decoration:

  1. LocalStorage Capping and Deletion: If a site marked for cross-site tracking uses link decoration to track users and no interaction occurs within 7 days, any associated non-cookie data stored in the LocalStorage is permanently deleted.
  2. Document.referrer Modification: Instead of using decorated URLs to track users, some companies relied on the document.referrer property to pass tracking information. ITP 2.3 restricted this by returning only the eTLD+1 of the referrer, effectively removing tracking identifiers from URLs passed between sites.

As privacy protection evolves, CustomerLabs helps businesses adapt to ITP by focusing on first-party data collection. By capturing direct customer interactions, CustomerLabs enables accurate tracking and insights while ensuring privacy compliance. This approach overcomes third party cookie and cross-site tracking restrictions, offering a sustainable, privacy-respecting solution for digital marketing.

Up next, we’ll learn more about how the key changes are impacting the advertising and marketing industries.

Impact on Advertising and Marketing Industries

The advertising technology (AdTech) sector has faced significant hurdles due to ITP’s restrictions on third-party cookies and cross-site tracking. Many ad platforms, reliant on tracking users across multiple websites, have seen their ability to deliver personalized ads and measure campaign effectiveness diminish. These changes have also disrupted long-standing practices in retargeting and behavioral advertising.

Implications for advertisers and their ability to reach audiences

Advertisers now struggle with reduced access to granular user data, limiting their ability to create highly targeted campaigns. Additionally, the diminished use of third-party cookies has led to a lack of visibility into user journeys, complicating audience segmentation and personalization efforts.

Effects on targeting and performance measurement

The limitations on tracking and attribution have directly impacted performance metrics, making it difficult for marketers to evaluate the effectiveness of their campaigns. Metrics such as conversion rates and return on ad spend (ROAS) have become less reliable, prompting the need for alternative measurement tools and methodologies.

CustomerLabs empowers advertisers to adapt to these changes by focusing on first-party data strategies. By capturing user interactions directly from owned channels, businesses can maintain targeting precision and performance measurement without violating privacy standards.

Now that you know the impacts, let’s look at the strategies on how to mitigate the ITP.

Workarounds and Strategies to Mitigate ITP

With the rise of Intelligent Tracking Prevention (ITP) and its impact on traditional tracking methods, marketers have had to adopt new strategies to continue optimizing their marketing efforts while maintaining compliance with privacy regulations. Here are some effective workarounds and strategies to mitigate ITP’s restrictions:

  1. Click-through attribution and URL-based tracking

In response to ITP, many advertisers have shifted to click-through attribution and URL-based tracking, which rely on user interactions rather than cookies. While these methods are compliant, their reliance on shorter attribution windows presents new challenges for tracking long-term user behavior.

  1. Utilizing server-side cookies and localStorage with caution

Server-side cookies and localStorage have emerged as alternatives to traditional client-side cookies. However, these methods must be used cautiously, as ITP continues to evolve, targeting such techniques to close potential loopholes.

  1. Collaborative efforts between industry players for adaptation

The industry has witnessed collaboration among platforms, marketers, and developers to adapt to ITP. Many have adopted privacy-first tools and frameworks, fostering a collective shift toward sustainable tracking methods that prioritize compliance and user trust.

By offering tools to leverage server-side tagging and direct user data collection, CustomerLabs ensures businesses can navigate ITP restrictions while staying privacy-compliant.

How Does ITP Restrict Cookies and Other Web Storage in Safari?

Intelligent Tracking Prevention (ITP) enforces strict privacy measures on cookies and other types of web storage in Safari to protect user privacy. These restrictions affect how websites and advertisers can track user behavior across sessions and sites. Here’s a breakdown of how ITP impacts cookies and other web browser storage:

Blocking Third-Party Cookies by Default
ITP blocks third-party cookies outright, preventing advertisers from tracking users across different websites without their consent. This limits the ability to gather detailed user behavior data for cross-site tracking.

Limiting First-Party Cookies’ Lifespan

  • Standard First-Party Cookies: Cookies set by JavaScript’s document.cookie without cross-site tracking are set to expire after 7 days. However, if the cookie is accessed within this period, the expiration time is extended by another 7 days.
  • Cookies from Tracking Domains: First-party cookies that are set by tracking domains (e.g., those containing parameters like fbclid from Facebook) and use link decoration are restricted to just 24 hours. If accessed within 24 hours, their expiration is extended for another 24 hours.

Expiration of Non-Cookie Data in Local Storage

Non-cookie storage, such as data stored in Safari’s local storage, is also limited by ITP. If the data is not accessed within 7 days, it is deleted. However, if the data is accessed within that time, its expiration is extended by another 7 days.

User Consent for Cookie Access

Companies like Google and Facebook must obtain explicit user consent through the Storage Access API to set cookies and access data for certain features, such as login widgets. This ensures that users have control over their privacy and what data is shared across sites.

These restrictions significantly impact how businesses and marketers track user behavior, especially for cross-site conversions, retargeting, and performance analysis. The emphasis on user consent and limiting cookie lifespan forces a shift towards privacy-first tracking solutions.

With CustomerLabs’ focus on first-party data collection, businesses can bypass the limitations of walled-garden ecosystems, maintaining accurate attribution while respecting privacy requirements.

What Are the Current Limitations of Intelligent Tracking Prevention (ITP)?

Intelligent Tracking Prevention (ITP) has evolved significantly over the years, with its latest iterations imposing strict restrictions on tracking and cookie usage to protect user privacy. These limitations, especially since the release of iOS 14, extend beyond Safari to include all browsers running on Apple’s WebKit engine, such as those on iPhones and iPads. Here’s a detailed look at the key limitations of ITP:

Complete Blocking of Third-Party Cookies

ITP now fully blocks third-party cookies by default, unless the user provides explicit permission via the Storage Access API. This restriction is particularly significant for advertisers who rely on cross-site tracking to monitor user behavior across different platforms.

First-Party Cookies

  • Without Cross-Domain Tracking: First-party cookies, if not used for cross-domain tracking, are limited to a maximum lifespan of 7 days. Only the days when the browser is actively used count towards this period.
  • With Cross-Domain Tracking: If a first-party cookie is used for cross-domain tracking (e.g., a user visiting a website via a Facebook link containing tracking parameters like fbclid), its lifespan is restricted to just 1 day.

Subdomain Cloaking

Cookies set via subdomains that have a different first half of the IP address from the main website are limited to a maximum lifespan of 7 days. This includes scenarios where tools like Google Tag Manager are hosted on third-party cloud services.

Deletion of Script Writable Storage

All script-writable storage types (such as IndexedDB, LocalStorage, SessionStorage, Media Keys, and Service Worker records) are cleared after 7 days of browser inactivity, further restricting long-term tracking capabilities.

Partitioned Storage

LocalStorage and sessionStorage are partitioned by domain, meaning that separate storage is used when a user interacts with the same third-party resource from different websites. Additionally, this storage is cleared when the browser is relaunched.

Stripping Cross-Site Referrals

Cross-site referral data, including page paths and query parameters from referring websites, is stripped down to just the main domain, eliminating detailed tracking of the referring URL.

Bounce Tracking and Tracker Collusion Detection

ITP detects and prevents methods used for bounce tracking and tracker collusion, where a user is redirected through intermediate domains to collect data, by deleting data on those domains.

Additional Privacy Measures Beyond ITP

Safari has introduced other privacy features, such as hiding IP addresses when users visit known trackers, and Advanced Privacy Protection (APP) for enhanced anti-tracking measures in private browsing mode.

These limitations reflect Apple’s commitment to enhancing user privacy but also present challenges for advertisers and marketers who rely on long-term, detailed tracking for conversion attribution and performance optimization.

CustomerLabs enables businesses to future-proof their marketing efforts by providing adaptive, privacy-first data solutions. By prioritizing user consent and transparency, CustomerLabs supports sustainable digital marketing practices in the evolving privacy landscape.

Conclusion

Intelligent Tracking Prevention (ITP) has significantly raised the bar for online privacy by curbing invasive tracking mechanisms and giving users greater control over their data. As a default feature in Safari, ITP aligns with the growing demand for transparency and respect for user privacy, pushing the industry toward more ethical data practices.

While ITP has created challenges for traditional tracking and advertising methods, it has spurred innovation in privacy-centric technologies. The need for alternative strategies, such as first-party data collection and privacy-compliant tools, has reshaped how businesses approach digital marketing and user engagement.

As privacy concerns continue to take center stage, the industry will evolve with new technologies that balance user protection with marketing effectiveness. ITP will remain a pivotal player in shaping the future of online privacy, driving ongoing changes in how data is collected and used in the advertising ecosystem. By helping businesses adapt to the privacy-first era, CustomerLabs positions its clients for long-term success. Leveraging first-party data strategies, CustomerLabs ensures compliance with evolving standards while driving impactful marketing outcomes.

Play the privacy-first marketing game. Book a demo.

Frequently Asked Questions (FAQs)

ITP is a privacy feature implemented by Apple in Safari to limit cross-site tracking by blocking third-party cookies. It plays a crucial role in enhancing user privacy by restricting the collection of data across multiple websites. This has significant implications for online advertising and data tracking practices.
ITP affects online tracking by reducing the ability of advertisers to use cookies for cross-site tracking, making it harder to follow users across websites. This disruption requires marketers to adjust their tracking methods and focus more on first-party data for customer insights.
ITP 2.3, released by Apple, introduced more stringent measures, including limiting the lifespan of cookies and reducing the attribution window to just 7 days. This update severely impacts advertisers relying on long-term tracking for conversions, requiring them to rethink their tracking and attribution strategies.
ITP significantly limits the ability of marketers to use traditional attribution models, especially for long-term conversions. With shorter attribution windows, marketers must rely on first-party data and shorter attribution models, which can impact how conversions are measured and optimized.
Businesses can adapt to ITP by prioritizing first-party data collection and adopting privacy-compliant tools. Platforms like CustomerLabs enable businesses to track customer behavior while staying within privacy guidelines, ensuring both effective marketing strategies and compliance with ITP restrictions.

Seasoned content marketer, creating impactful content in a wide range of topics relating to Digital marketing, SEO, Food and Cosmetics industry and lately into SaaS technology. Optimizing brands amplify their online presence through strategic storytelling and technical precision. Additionally, has interest into drawing and occasionally poses as a motivational speaker.

The latest news, perspectives, and insights from CustomerLabs

More Blogs

View all
first-party-data
What is First-party Data? | Comprehensive Guide

First-party data is the data collected by organizations from the user directly in compliance with GDPR, CCPA etc. for your marketing needs

Read more
Blog banner titled, "Understanding the Difference Between First and Third-Party Cookies" What are third party cookies
Understanding the Difference Between First and Third-Party Cookies

Third-party cookies, unlike first-party, track browsing activities across sites for personalized ads and data retention.

Read more
Server-side 1P domain tracking for your WooCommerce store

Implement server-side 1P domain tracking for your WooCommerce store to improve attribution in this privacy-centric era

Read more

Get started with
CustomerLabs CDP

Schedule a 1-1 Demo

E-commerce icon
Ecommerce

Unified data to boost ecommerce growth

B2B icon
B2B

Engage your customers across the funnel with a unified martech stack

SaaS
Saas

Increase product metrics with a unified martech stack

Agency
Agency

Scale your customers quickly with the right data