Consumer privacy enhancements are an ongoing initiative across the web today as evident with the recent EU General Data Protection Regulation (GDPR) in May of this year, and now Apple’s update to the Intelligence Tracking Prevention (ITP) functionality for Safari users. 


This article will cover the features of Intelligent Tracking Prevention (ITP) 2.0, how these features will impact performance marketing, and how to mitigate the impact when working with CAKE as an Advertiser or Network.  


Apple's Intelligent Tracking Prevention on Safari


Apple released Intelligent Tracking Prevention (1.0) in September 2017 to limit the use of cookies on Safari by tracking service providers via a default browser setting called “Prevent Cross-Site Tracking.” When this setting was enabled, these cookies were present for 24-hours. When this setting was disabled, tracking service providers could read the cookies beyond the 24-hour period.


What’s New with ITP 2.0?


Intelligent Tracking Prevention (ITP) 2.0 will limit cookies from domains that Safari identifies as a tracker. Here is a breakdown of the features of Intelligent Tracking Prevention 2.0.  


Removal of the 24-Hour Cookie Access Window 


The 24-hour cookie access window from ITP 1.0 will no longer be available with the release of ITP 2.0. Going forward, once a domain is detected as having tracking capabilities, any cookies associated with that domain will be blocked by Safari.  


Protection Against First Party Bounce Trackers


Apple has developed a feature to detect when a domain is used solely as a “first party bounce tracker,”  TechCrunch describes this as a domain that “is never used as a third party content provider but tracks the user purely through navigational redirects – with Safari also purging website data in such instances.” This means that even if the tracking domain attempts to place a first-party cookie on the consumers browser, Safari will detect it as a “bounce tracker” and limit it the same way as third-party cookies.


Protection Against Tracker Collusion 


Safari will be able to detect when page redirects are used for tracking purposes only.  For example, when a consumer is redirected to a tracking domain before landing on the intended destination, Safari will prevent any cookies from being dropped or read during that redirect. If one domain in the redirect path is classified as having tracking capabilities all domains that redirected to that domain will also be classified in the collusion.

Apple advised that developers should avoid making unnecessary redirects to tracking domains, or risk being mistaken for a tracker and penalized by having website data purged.  


Origin-Only Referrer for Domains without User Interaction 


The Origin-Only Referrer feature will shorten the referring URLs to include just the root domain as the full URL could reveal a lot of information about the user. For example, referring reports would be limited to showing https://example.com  for a user coming from https://example.com/product/shoe/blue.html. This “cloaking” of the referrer is likely familiar to performance marketers already and shouldn’t have a large impact on your program.


Recommendations for Tracking with Apple's Intelligent Tracking Prevention (ITP) 2.0


CAKE provides multiple tracking methods that can help mitigate measurement and attribution issues caused by Safari’s ITP 2.0. Below are the recommended best practices for Networks, Publishers and Advertisers using the CAKE technology. 


Recommendations for Networks & Publishers


If you’re a Network or Publisher, you’ll want to switch to Server-to-Server (Postback) conversion tracking immediately. This functionality has been the recommended best practice by CAKE for many years as it does not rely on CAKE cookies for measurement and attribution, making it more accurate and also provides fraud prevention functionality. For more information on cookie-less tracking, please visit our Server-to-Server Tracking article


If your Advertiser does not have the ability to implement Server-to-Server tracking with Postback URLs, you’ll want them to update the already implemented browser-based conversion or event pixel with the Request Session ID parameter (r=). For more information on cookie-less tracking, please visit our Server-to-Server Tracking article


Another available method to help alleviate the loss of tracking campaign interactions on Safari is Session Regeneration. Also referred to as Fingerprinting, Session Regeneration is a probabilistic approach to attributing customer interactions. When enabled, this function will be used as a backup to cookies and/or the CAKE Request Session ID and will attempt to attribute a conversion to a recent click based off various attributes, commonly the IP and Device.  For more information, please visit our Session Regeneration article


Recommendations for Advertisers

If you’re an Advertiser on CAKE, you’ll want to implement Server-to-Server (Postback URLs) for all of your Affiliates so they can be notified of Conversions and Events for your Campaigns. 


However, Conversion and Event tracking on your Site can be done one of two ways:


  1. Server-to-Server (Postback URLs)

  2. JS SDK browser-pixel when used in conjunction with the Dynamic Click Tag which sets a first-party cookie on the consumers browser. 

    1. This option only works with the JS SDK Conversion/Event Pixel and the Dynamic Click Tag, as the JS SDK reads the first-party cookie that is set by the Dynamic Click Tag and sends the Request Session ID in the pixel request to CAKE for cookie-less tracking. If you’re using the Standard Iframe, JavaScript or Image Pixel, you’ll need to update it to the JS SDK type.


Let’s Take the Next Step


With nearly 20% of global web traffic coming from Safari browsers, there is likely to be a significant impact on the ability to measure the performance of digital campaigns if advertisers and performance networks do not implement the recommendations outlined above. If you have questions of concerns regarding ITP 2.0 or the affects it may have on your program, please contact your Client Success Manager. 


If you are working with an Affiliate, Network or Advertiser that cannot support cookie-less tracking today, please let you Client Success Manager know or have them contact info@getcake.com to learn more about our solutions.