Apple Turns the Screw on User Tracking with Fresh ITP Changes

June 5, 2019

Apple continues to increase restrictions on user tracking in Safari, including on mobile, where it captures 58% of overall traffic and 66% on iOS devices. These restrictions mean that your current online conversion tracking setup is probably going to be missing a significant chunk of conversions, especially if you have a longer purchase cycle (Travel, Auto, Financial Services, etc). But there are ways to ensure you aren’t losing this valuable data while respecting user privacy. Read on for the full story and how we can help.

What is the context for ITP?


Imagine if every time you saw an ad on a bus, on a billboard, on TV, or in a magazine, you placed a Post-itⓇ note with the ad info on your wall. After a few days it would look something like this:

apple itp


Photo by Wanda Lotus


Now imagine every website you visit could take a look at that wall, and even some of their partners could see what you’ve been up to. They can use this information to track your purchases and target you with new ads. This is basically the online reality that Google, Facebook, and other ad-driven businesses operate within today.

Apple, perhaps seeing an opportunity for differentiation compared to Google’s Android, has started to portray itself as a safer choice for privacy-conscious users:

apple itp


Safari ITP: Getting tough with cookies


Safari, Apple’s built-in browser, has a market share approaching 50% on mobile devices. In 2017, Safari released the first version of Intelligent Tracking Prevention (ITP), which limited certain third-party cookie usage to 24 hours, reducing ad retargeting ability and some user tracking methods (i.e., tracking via URL redirection). (Check out our blog post The Winds of Change Are Chilling for Some in AdTech for a look-back on the impact of the original ITP release.)

Perhaps an unintended consequence, these initial limitations on third-party cookies actually reinforced the advantage held by large, established publishers such as Google and Facebook. Because consumers regularly visit those sites directly, they continually receive new cookies in a first-party context, which can be read later on a visit to an advertiser’s website and used to retarget or track the user. (Note: This workflow assumes a Google or Facebook tag is installed on the advertiser’s website, which is commonplace.)

By comparison, virtually nobody visits criteo.com or doubleclick.net directly, so those sites are forever stuck in third-party limbo, and subsequently their cookies are removed by Safari ITP. The ITP crew went on to flag the practice of reading first-party cookies in third-party context as a loophole, and that loophole was closed with ITP 2.0 in September 2018.

Apple didn’t stop there. In March 2019, the ITP team turned their attention to genuine first-party cookies being set or accessed by on-site tracking tags (i.e., set using JavaScript). So we can see that the Safari ITP 2.1 (announced in March) and ITP 2.2 (announced in May) releases are forcing the expiration of these first-party cookies first to 7 days, and then to 1 day respectively.


What are the implications of ITP in Safari 2.1
and Safari 2.2?


  1. Measurement. Going forward, Safari will look at how the cookie is being set (via redirect, JavaScript or from the web server). Measurement systems which rely on discouraged approaches will increasingly show purchases as “direct to site” or attribute the entire purchase to the last ad click. You can evaluate the relative conversion rates by browser (i.e., Chrome vs. Safari) to monitor impact. For example, users researching a big ticket purchase like a car or vacation may browse over weeks, but Safari will no longer track these users over subsequent weeks. As you can see below, Marin is providing our customers with actual impact analysis to help marketers understand the issue.
  2. Redirects. Measurement systems that use redirects, or third-party cookies, have seen a decline in Safari visitors since last fall with ITP 2.0. Marin has been very active over the past two years in moving our customers over to first-party tracking to ensure that campaign measurement remains intact.
  3. Retargeting. Expect retargeting spend on Safari to continue to decline slowly (as the targeting information provided by cookies disappears). These additional ITP releases extend the retargeting prevention to the big publishers like Google and Facebook (previous releases impact focused on third parties).


Sizing the impact


Marin has an ITP Impact Analysis Tool that calculates conversion losses on Safari. These reports show your attributed conversions by time of click, broken out by key browsers and Safari ITP versions, and will showcase a trendline for the conversion lag associated with Safari ITP 2.1.

apple itp


apple itp


So what should I be doing?


There are several options to address the reporting gaps exposed by Safari ITP, but we believe the best option is to upgrade your measurement solution.

  • Move away from tracking via redirects. Redirects have been considered third-party by Safari for years, but now they’ve moved to close all the tracking/redirecting loopholes. Do not use redirects for new programs and be sure to move to a more modern approach for existing programs.
  • Estimate Safari conversions based on Chrome users. This is an easy and low-touch option but raises some accuracy questions. This approach is used by Google, but it often performs differently for mobile users because Safari reaches a younger, more mobile, and more affluent demographic than Chrome.
  • Upgrade your measurement source. With the latest iteration of Safari ITP, it’s clear that measurement solutions purely relying on client-side logic (i.e., standard website tracking tags) will no longer work. Marin is able to offer its customers a range of solutions, which require very little implementation from the advertiser. With one of these solutions deployed, you’re guaranteed no impact from the changes in ITP 2.1. (and we can prove it with our monitoring suite).
  • Hybrid server/client cookies. First-party cookies are set on the server side but sent from the client side. This is a lower-effort approach for advertisers that addresses ITP requirements by moving cookie setting to the advertiser HTTP requests rather than Marin JavaScript. Advertisers without the resources or time to set up the server-side cookies on their own can request that Marin set these via administration (CNAME) and SSL certificate.
  • Full server-to-server. This option requires the most effort but is free of all Javascript. Under server-to-server, the advertiser’s web server captures browser data and sends it to a Marin API behind the scenes. Marin processes this data to build and apply the correct attribution model. Marin will provide the logic to be coded.


Marin Tracker measures ad effectiveness for each advertiser by looking only at that advertiser’s results. We don’t look at the behavior of a visitor across domains. Given Marin's same-site, first-party design, we couldn't even if we wanted to. We operate within both the spirit (and the rules) of what the ITP team is trying to encourage.


Let’s find the right solution for you and your valued customers. Contact us or ask your Marin account manager how Marin can ensure accurate measurement with the growth of Apple ITP.

Wister Walcott

Marin Software
By submitting this form, I am agreeing to Marin’s privacy policy.

See why brands have relied on Marin to manage over $48 billion in spend