Safari ITP 2.2 Attempts to Crumble the Cookie

In early May, Safari once again hit the advertising industry with another iteration of its Intelligent Tracking Prevention (ITP). Safari’s ITP 2.2 update occurred just a few months after ITP 2.1 and runs parallel to other major privacy-related industry announcements from Google and Facebook.

While Safari’s ITP 2.2 update is relatively harsher as it directly affects how publishers collect data, Google and Facebook are aiming for a seemingly “subtler” privacy update. Yet, because of Google’s and Facebook’s place within the advertising industry, their updates feature increased user control over how their data is being tracked could potentially have a bigger influence on marketing.

What We Understand

ITP updates exclusively affect Safari browsers. The quantity of Safari users on a particular site or device is variable and can change depending on the sites and devices. ITP 2.1 originally prevented cookies from storing data beyond seven days, however, the new iteration escalates this barrier by capping it at 24 hours.

According to Webkit, Safari’s web browser engine, the ITP 2.2 update targets persistent cookies that meet the following requirements:

  1. “A domain classified with cross-site tracking capabilities was responsible for navigating the user to the current webpage.”
  2. “The final URL of the navigation mentioned above has a query string and/or a fragment identifier.”

Both Facebook and Google are considered cross-site tracking domains and are major players within most marketing strategies. The impact of this new ITP iteration will be influential and should be something marketers consider when looking at their strategies.

Why Do We Care?

  1. Website analytics data will be affected
  2. Publisher conversion data will see a hit for those channels that depend on view-through conversions (think Facebook and display)
  3. Multi-attribution tools will not contain the full picture

Take the following scenario as an example:

On Monday, a user begins research on finding a full-service marketing agency that could help her/him with a marketing initiative. The user finds REQ via search and while engaged with the site, the user leaves the site. On Wednesday, the user is targeted by a Facebook ad and once again visits the REQ site, however, they leave the site without converting. It is only until Friday that the user decides to go directly to the REQ website and submit a lead. Let’s assume that the user is using a Safari browser affected by ITP 2.2, the following would happen:

  1. Google Analytics would capture this visit on Monday, Wednesday and Friday in which the user would be consecutively labeled a new user rather than a returning user
  2. Facebook would get an impression and click, but no credit for its view-through conversion
  3. In a Multi-attribution tool the user would not have the expected path to conversion of “Google Search > Facebook Ad > Direct = Conversion” instead it would look as “direct = conversion”. SEO and Facebook would receive no credit for this lead.

In the long run, data integrity will decline. Analytics tools will see a continuous increase of new users and a decrease in returning users.  Multi-attribution tools will have incomplete paths to conversion. Publishers will also see a dip on view-through conversions, unless they come up with a solution. Yet, with Google and Facebook’s new privacy setting updates, it is difficult to determine if a solution will come our way.  

Solutions Being Discussed in the Industry

1. Using same-domain localStorage to persist these anonymous identifiers used by Google Analytics

Instead of setting a cookie named _ga via document.cookie, use localStorage to save user identifiers. The main issue here is that localStorage does not work across subdomains–much less different domains altogether! An example would be the storage for will not be available on

2. Creating a tracker page on your main domain that keeps track of a user’s client ID, and calling out to that page across all of your subdomains via an iframe.

For example, if a user navigates to your main site (, your site saves client ID data to The user information is saved and can be used across If a user then proceeds to, the site can call out to via an iframe and access the saved client ID information. This allows the client data to be accessed in a 1st party context through the use of iframes, although it is a fairly complex solution that will require some serious effort to execute and align analytics platforms with.

3. Setting cookies with server-side script

This solution involved setting cookies with an HTTP response. Potentially a good solution that is fairly straightforward for a developer to make, but it does require access to the web server.

All these potential solutions are very technical, require developer work and might not work in the long run as we continued to see new rules by browsers in an attempt to give users more power on their privacy

Identifying the Impact on Your Website

Using Google Analytics segments is an initial step to proactively identifying the magnitude of Safari’s ITP update on a website. Creating a segment for Safari mobile users and a segment for Safari non-mobile users will let you differentiate the percentage of Safari users and the differences between mobile and non-mobile. This is crucial because mobile devices tend to have a greater number of Safari users compared to non-mobile.

By utilizing the multi-channel time lag report within Google Analytics, insights on the overall time it takes users between their 1st website visit and a conversion can be discovered. If you find that most users convert within 24 hours, you can feel confident that ITP 2.2 would impact a smaller percentage of your site users.

However, if overall time lag tends to be above 24 hours, you could determine that the number of users affected by ITP 2.2 will be greater. For example, if your website receives 25% of its users from Safari browser, but 80% of conversions tend to happen within 24 hours, you can estimate that ~5% of your Safari users will be affected by Safari’s Internet Tracking Prevention.

Let’s talk.