What is ITP 2.1 and how does it affect online businesses

, Posted by Adrian Kingwell in Blog

Privacy is a fundamental human right, but is it at odds with the drive for personalised marketing? The recent release of Safari’s Intelligence Tracking Prevention (ITP) 2.1 takes a huge step in protecting users’ privacy from first-party cookies.


What is ITP?

ITP or Intelligent Tracking Prevention was first released by Apple in 2017 to prevent third-party cookies tracking users across different sites. ITP 2.1 will be the fourth version of its kind and will see first-party cookies set with client-side JavaScript capped to a seven-day expiry.

This feature will only be available for visitors using Safari as the default browser, even though Firefox is likely to follow suit shortly. It’s designed to increase the privacy and security of a user’s web navigation and improve the performance by reducing storage space on Safari.

How it affects you?

The type of cookies affected will be the ones created by the client-side called document.cookies. Google Analytics, the most widely-adopted web analytics tool, also uses these types of cookies. In addition, Apple is abandoning ‘Do Not Track’ support in Safari, making it much harder to track users across sites and build cohorts.

ITP 2.1 could potentially affect a wide range of professionals such as salespeople, marketers and publishers as they won’t be able to track their users and target audience for online advertising that easily.

How will companies adapt to this new reality?

An initial impact analysis of your site to find out what percentage of your customers are using Safari or Firefox will provide an overview of the scale of change needed. If this percentage is significant, then you should investigate potential solutions, such as:


  1. Use localStorage for same or cross-domain browsing.


  1. If same-domain: Using window.localStorage.setItem() instead of the default cookie used by your analytics tool (e.g. _ga).


  1. If cross-domain: Creating a store in one of your subdomain’s pages and then loading that page in an iFrame, using the postMessage API to get and set persistent cookie values.


  1. Setting your cookies with the HTTP response in a server-side script, where the expiration is set to two years.


  1. Use a CNAME on your data collection endpoint to allow first-party, server-side cookie identification of your visitors to persist.


  1. Use a reverse proxy, similar to the CNAME solution, where the cookie request is rewritten with a Set-Cookie response by modifying the data collection endpoint.

It’s important to note that Apple’s WebKit team moves very quickly, so some of these solutions may not be practical in the long term.


For further information

If you would like any help in implementing these solutions, please contact us, and we’ll be happy to help.