5 Questions about the Safari Intelligent Tracking Prevention (ITP) Code

Don Don | October 30, 2020 | data privacy

To keep users safe, Apple has placed stringent measures on the data publishers can store from web visitors. Publishers should understand Safari Intelligent Tracking Prevention to know how these restrictions will impact marketing attribution and UX.

Safari accounts for nearly a third of browser users  (32.25%), largely because of its share of mobile users. This means millions of your visitors are being impacted by ITP restrictions.

What is Safari Intelligent Tracking Prevention (ITP)?

In 2017, Apple released Intelligent Tracking Prevention (ITP) to protect the privacy of Safari users. Initially, ITP targeted third-party cookies, blocking them completely. Cookies are small files on user data that store preferences and visits. Users can block cookies if they do not want their information stored by sites. They help with page customization and save important data to track, identify, or authenticate a returning user to a website.

This was a huge problem for marketing and tech companies, since cookies helped them determine visitor flow and patterns. It largely limited cross-site tracking to make it harder for publishers to see user activity across multiple sites. Apple has now moved to restrict certain cookie uses with limitations and restrictions in Safari for its fifth version of ITP.

What is the Purpose of Safari ITP?

According to Apple, the goal of Safari Intelligent Tracking Prevention is to limit the ability of publishers and advertisers to track website visitors, while still enabling websites to function normally.  Safari ITP identifies domains being used to track a user, then purges any tracking data they wish to store on the user's device.  The EU recently came out with a GDPR requirement that brands must treat cookies as personal information and inform visitors on use. Web publishers have had to include cookie opt-ins since that change went into effect and follow new restrictions to align with that GDPR requirement.

Following a similar line of reasoning, Apple put ITP into place for their Safari users. ITP only impacts Safari users, but this means:

  • 3rd party cookie blocking for cross-site tracking
  • Expires first-party cookies within seven days unless the cookies are accessed within the seven days (at which time the clock restarts)
  • The tracking domain and link decoration for first-party cookies will expire within 24 hours unless the cookies are accessed within that timeframe (at which time the clock is extended for 24 hours)
  • Local storage and non-cookie data stored by Safari expires within seven days unless accessed during that timeframe (at which time the clock will be extended for another seven days)
  • Google, Facebook and other big companies will be required to get consent for storing data and cookies (like passwords) through the Storage Access API.

Every release has brought more rules to restrict cross-site tracking and data storage, which has posed several complications for publishers.

How Does ITP Affect Web Publishers?

Publishers, programmers, marketers, advertisers, and IT could once use cookies to understand their traffic and adjust their strategies accordingly. ITP has changed how a lot of companies must approach their analytics and UX. Customers’ information isn’t exchanged across sites and will not be stored within the company website long. When the cookie information expires, your chance to target users or track their future activity is gone as well.

The 24-hour cookie expiration may play havoc with the attribution models of marketing teams. If they are wanting to track "first touch" attribution for a sales cycle longer than 24 hours, the original cookie info for ITP users will be expired. Whatever channel brought them back to the site, such as an email newsletter, would receive the first-touch attribution that should have done to the original ad/channel. This can distort the conversion performance of channels and drive misinformed channel investment decisions.

Intelligent Tracking Prevention can also affect the accuracy of digital tools such as Google Analytics, Segment, or Salesforce Interaction. The ITP cookie expiration limitations for Safari users can affect segments created and tracking historical behavior.

The user experience, closely tied to time on site, loyalty, and conversions can also be affected by ITP. Best practices for site and UX testing are to run a test for longer than a week, often 2 weeks. However, ITP's 7-day cap on first-party cookies will affect the data from Safari users that hit any page being tested by popular tools like Optimizely or Adobe Target. It can lead to miscounts on tests, and Safari users not receiving the intended test experience if their return visit is after 7 days.

Advertisers are not able to clearly pinpoint their audience as easily with Intelligent Tracking Protection, so companies won’t pay as much for ad inventory. This cuts into ad revenue because it is harder to improve the CPA to target the right visitors.

Are Safari Users Still Able to See Ads?

Yes, publishers can still get ads in front of their visitors, they just can not target with third-party cookies. Safari users can access ad blockers that stop the ad tags from even loading. In these cases, ads would not be displayed because of the additional plugin the user installed.

Are There Ways to Get Around ITP Impact?

WebKit (creators of the ITP) recommends: “server-side storage for attribution of ad impressions on your website” and “link decoration to pass on attribution information in navigations”. Optimizely suggests using a CDN to configure cookie creation, but these approaches require development work.

Click-through attribution is one way to skirt some of the limits of ITP. Using a unique visitor ID (or click ID), a web publisher could track the ID with their JavaScript tag to inform the ad server. The window for measuring conversion rates will be limited to 24 hours in most cases.

Some companies have set up ID storage in Safari LocalStorage, but this will be deleted after seven days as non-cookie data. Other companies will utilize partner sites or multiple domains from the same owner to track between sites with the same ID. The websites can use a first-party cookie to pass IDs through the differing URLs. This can be an issue because it limits the traffic able to be tracked to the next step.


The importance of building on first-party relationships with visitors increases with every digital publishing industry trend report. Admiral's Visitor Relationship Management platform gives publishers a toolset to build those relationships along the visitor's journey. From immediate revenue generation with adblock recovery, to registration walls, user authentication, metered paywalls, digital subscriptions, email and social signups, and even a certified CMP consent management module. Get started with Admiral's advanced revenue analytics tracking for free, in less than 24 hours. 

Request a demo today.

Schedule a Demo

Get a Free Account Now with Revenue Analytics Dashboard

Get Admiral Free