Intelligent Tracking Prevention (ITP) is a privacy feature in the WebKit browser engine, primarily used by Safari, that limits the ability of websites and advertisers to track users across different domains. By restricting how cookies and other website data are stored, ITP makes it harder to follow a user's journey across the web.
For marketers and SEO practitioners, ITP significantly impacts digital analytics, ad attribution, and retargeting efforts.
Entity Tracking
- WebKit: The open-source web browser engine used by Safari and other browsers that serves as the foundation for ITP.
- Machine Learning Classifier: An on-device model within ITP that uses statistics to determine if a domain has the technical ability to track users cross-site.
- Third-Party Cookie: A cookie set by a domain other than the one the user is currently visiting.
- First-Party Cookie: A cookie created by the website a user visits directly, used for session management and basic site functions.
- Storage Access API: An API that allows third-party embeds to request user consent before accessing cookies that would otherwise be blocked.
- Link Decoration: The practice of adding tracking parameters, such as click IDs or UTM strings, to the end of a URL to pass data across different origins.
- Partitioned Cookies: Cookies that are isolated into unique storage buckets per top-level domain to prevent them from being read across different websites.
- Non-Cookie Storage: Browser storage methods like localStorage that advertisers use to store data outside of traditional cookie files.
What is Intelligent Tracking Prevention (ITP)?
ITP is an evolving technology developed by Apple for its WebKit engine. It aims to protect user privacy by reducing cross-site tracking. It does this by limiting the lifespan of cookies and purging website data for domains identified as having tracking capabilities.
Unlike early privacy tools that focused mostly on third-party cookies, ITP also targets first-party cookies when they are used to mimic third-party tracking behavior.
Why Intelligent Tracking Prevention (ITP) matters
- Degraded Data Accuracy: Most web analytics tools, including Google Analytics, rely on client-side JavaScript cookies that are subject to shortened lifespans under ITP.
- Broken Attribution: Multi-touch and view-through attribution become difficult when the tracking window is shorter than the user’s actual path to conversion.
- Retargeting Limitations: ITP prevents advertisers from building long-term user profiles for retargeting if the user does not regularly interact with the advertiser's domain.
- SSO Challenges: Single Sign-On (SSO) systems that rely on centralized session domains may require more frequent user re-authentication.
How Intelligent Tracking Prevention (ITP) works
ITP uses an on-device Machine Learning Classifier to monitor resource loads and user interactions. If a domain is flagged as a tracker, ITP takes specific actions based on the user's interaction with that domain.
The Classification Process
The classifier looks for three primary tracking signals: 1. Sub-resources loaded under a high number of unique domains. 2. Sub-frames loaded under a high number of unique domains. 3. The frequency with which a domain redirects the user to other unique domains.
Data Purging and Partitioning
Based on the latest version and user behavior, ITP follows a specific logic: * No interaction in 30 days: If the user hasn't visited the domain directly within 30 days, all website data and cookies for that domain are purged. * Interaction within 24 hours: For a 24-hour window after a direct user visit, the domain can be used in a third-party context. This supports features like "Sign in with my account on this site." * Interaction within 30 days but not 24 hours: Cookies are kept but partitioned. This means the site can keep the user logged in but cannot use those cookies to track the user on other websites.
Specific Storage Limits
Apple has consistently tightened these limits across versions to block workarounds. * Client-Side Cookies: Cookies set via JavaScript (document.cookie) are [capped at a 7-day expiration date] (Avenga). * Link Decoration: If a user arrives via a link containing query strings or fragments from a classified tracker, the resulting [client-side cookies are capped at a 24-hour expiration] (WebKit). * Non-Cookie Storage: All non-cookie storage, such as localStorage, is [deleted after 7 days of no user interaction with the website] (Avenga).
Best practices
- Move to Server-Side Tracking: Set cookies via server-side HTTP responses. These cookies are currently more resistant to ITP's client-side restrictions, though they should not include the HttpOnly attribute if they need to be read by valid scripts.
- Implement the Storage Access API: If your site uses legitimate third-party embeds (like maps or social logins), use this API to ask for explicit user consent to access cookies.
- Use First-Party Data: Focus on building direct relationships with users where they log in or interact with your domain frequently, as this resets the ITP "interest" clock.
- Audit External Navigational Redirects: Avoid "bounce tracking" setups where users are rapidly redirected through multiple domains before reaching their destination. [Tests of popular websites have shown over 70 such trackers] (WebKit) can be active on a single page, which ITP is designed to block.
Common mistakes
- Mistake: Assuming first-party cookies are always safe. Fix: Recognize that cookies set via JavaScript (standard for many analytics tools) are capped at 7 days or 24 hours regardless of their "first-party" status.
- Mistake: Relying on
localStoragefor long-term tracking. Fix: Use server-side state or encourage regular user interaction, as ITP now purgeslocalStorageafter 7 days of inactivity. - Mistake: Neglecting the impact of referring URLs. Fix: Be aware that ITP may strip referring URLs to just the origin domain when passing data to third-party trackers.
ITP Evolution (Quick Reference)
| Version | Key Change |
|---|---|
| 1.0 / 1.1 | Introduced 24-hour window for third-party cookie access. |
| 2.0 | Scrapped 24-hour window; introduced Storage Access API prompts and bounce tracking protection. |
| 2.1 | Capped client-side JavaScript cookies at 7 days; removed DNT support. |
| 2.2 | Capped cookies from "decorated links" (link tracking) at 24 hours. |
| 2.3 | Capped all non-cookie storage (localStorage) at 7 days of inactivity. |
FAQ
How does ITP affect Google Analytics? By default, Google Analytics sets cookies using JavaScript. On Safari, these cookies will expire after 7 days (or 24 hours if the user arrived through a decorated link from a classified tracker). If a user returns to your site on day 8, they will be counted as a new visitor rather than a returning one, inflating your new user counts.
Can I still track conversions from ads? Yes, but the window is much shorter. If a conversion happens within 24 hours of a click from a "decorated link," it should be recorded normally. However, you will lose attribution for conversions that take longer than 24 hours unless you use server-side tracking solutions.
Does ITP affect all browsers? ITP is a feature of WebKit. This means it affects Safari on all platforms (macOS, iOS, iPadOS). Because Apple requires all iOS browsers to use WebKit, ITP also affects Chrome and Firefox when they are used on iPhones and iPads.
What is the Storage Access API? It is a way for third-party content (like a video player or a comment widget) to ask the user for permission to move out of "partitioned" storage and access their normal cookies. The user must see a prompt and click "Allow" for this to happen.
