Apple’s Intelligent Tracking Prevention 2.0 (ITP) – How Will This Impact You?
Consumer privacy enhancements are an ongoing initiative across the web today as evidenced by the recent EU General Data Protection Regulation (GDPR) which went into effect in May. Shortly following the GDPR, Apple announced their update to the Intelligent Tracking Prevention (ITP) functionality for Safari users.
This blog post will cover the following:
-Features of ITP 2.0
-How these features will impact performance marketing
-How to mitigate the impact when working with CAKE as an Advertiser or Network
Apple’s Intelligent Tracking Prevention on Safari
In September 2017, Apple released ITP 1.0 with the goal of limiting the use of cookies on Safari by tracking service providers through a default browser setting called “Prevent Cross-Site Tracking.” When this setting was enabled, cookies were present for 24-hours. When this setting was disabled, tracking service providers could read the cookies beyond the 24-hour period.
What’s changed from ITP 1.0 to ITP 2.0?
ITP 2.0 limits cookies from domains that Safari identifies as a “tracker.” In this scenario, a “tracker” indicates a third-party domain that collects information about users browsing behavior without the user knowing or agreeing.
Below is a breakdown of the features of Intelligent Tracking Prevention 2.0:
Removal of the 24-hour cookie access window
The 24-hour cookie access window from ITP 1.0 is no longer available with the release of ITP 2.0. Going forward, once a domain is detected as having tracking capabilities, any cookies associated with that domain will be blocked by Safari.
Protection against first-party bounce trackers
Apple has developed a feature to detect when a domain is used solely as a “first-party bounce tracker.” TechCrunch describes this as a domain that “is never used as a third-party content provider but tracks the user purely through navigational redirects – with Safari also purging website data in such instances.” This means that even if the tracking domain attempts to place a first-party cookie on the consumers browser, Safari will detect it as a “bounce tracker” and limit it the same way as third-party cookies.
Protection against tracker collusion
Safari will be able to detect when page redirects are used for tracking purposes only. For example, when a consumer is redirected to a tracking domain before landing on the intended destination, Safari will prevent any cookies from being dropped or read during that redirect. If one domain in the redirect path is classified as having tracking capabilities all domains that redirected to that domain will also be classified in the collusion. Apple advised that developers should avoid making unnecessary redirects to tracking domains, or risk being mistaken for a tracker and penalized by having website data purged.
Origin-Only Referrer for domains without user interaction
The Origin-Only Referrer feature will shorten the referring URLs to include just the root domain as the full URL could reveal a lot of information about the user. For example, referring reports would be limited to showing https://example.com for a user coming from https://example.com/product/shoe/blue.html. This “cloaking” of the referrer is likely familiar to performance marketers already and shouldn’t have a large impact on your program.
Recommendations for Tracking with ITP 2.0
CAKE provides multiple tracking methods that can help mitigate measurement and attribution issues caused by Safari’s ITP 2.0. Below are the recommended best practices for Networks, Publishers, and Advertisers using CAKE’s technology.
Networks and publishers
If you’re a Network or Publisher, you’ll want to switch to Server-to-Server (Postback) conversion tracking immediately. This functionality has been the recommended best practice by CAKE for many years as it provides a greater amount of accuracy for measurement and attribution by having a unique identifier outside of the cookie. For more information on cookieless tracking, please visit our Server-to-Server Tracking article.
If your Advertiser does not have the ability to implement Server-to-Server tracking with Postback URLs, you’ll want them to update the already implemented browser-based conversion or event pixel with the Request Session ID parameter (r=). For more information on cookieless tracking, please visit our Server-to-Server Tracking article.
Another available method to help alleviate the loss of tracking campaign interactions on Safari is Session Regeneration, also referred to as Fingerprinting. Session Regeneration is a probabilistic approach to attributing customer interactions. When enabled, this function will be used as a backup to cookies and/or the CAKE Request Session ID and will attempt to attribute a conversion to a recent click based off various attributes, commonly the IP, Device, Browser, etc. For more information, please visit our Session Regeneration article.
Advertisers
If you’re an Advertiser on CAKE, you’ll want to implement Server-to-Server (Postback URLs) for all of your Affiliates so they can be notified of Conversions and Events for your Campaigns.
However, Conversion and Event tracking on your site can be done one of two ways:
- Server-to-Server (Postback URLs)
- JavaScript SDK browser-pixel when used in conjunction with the Dynamic Click Tag which sets a first-party cookie on the consumers browser. This option only works with the JS SDK Conversion/Event Pixel and the Dynamic Click Tag, as the JS SDK reads the first-party cookie that is set by the Dynamic Click Tag and sends the Request Session ID in the pixel request to CAKE for cookieless tracking. If you’re using the Standard Iframe, JavaScript, or Image Pixel, you’ll need to update it to the JS SDK type.
Let’s take the next step
With nearly 20 percent of global web traffic coming from Safari browsers, there is likely to be a significant impact on the ability to measure the performance of digital campaigns if advertisers and performance networks do not implement the recommendations outlined above.
If you have questions or concerns regarding ITP 2.0 or the impact it may have on your program, please contact your Client Success Manager.
If you are an Affiliate, Network, or Advertiser that cannot support cookieless tracking today, please contact info@getcake.com to learn more about our solutions.