Apple’s Intelligent Tracking Prevention 2.0 (ITP) – How will this impact you?
Consumer privacy enhancements are an ongoing initiative across the web today as evidenced by the recent EU General Data Protection Regulation (GDPR) which went into effect in May. Shortly following the GDPR, Apple announced their update to the Intelligent Tracking Prevention (ITP) functionality for Safari users.
This blog post will cover the following:
-Features of Intelligent Tracking Prevention (ITP) 2.0
-How these features will impact performance marketing
-How to mitigate the impact when working with CAKE as an Advertiser or Network
Apple’s Intelligent Tracking Prevention on Safari
What’s changed from ITP 1.0 to ITP 2.0?
Intelligent Tracking Prevention (ITP) 2.0 limits cookies from domains that Safari identifies as a “tracker.” In this scenario, a “tracker” indicates a third-party domain that collects information about users browsing behavior without the user knowing or agreeing.
Below is a breakdown of the features of Intelligent Tracking Prevention 2.0:
Removal of the 24-Hour Cookie Access Window
The 24-hour cookie access window from ITP 1.0 is no longer available with the release of ITP 2.0. Going forward, once a domain is detected as having tracking capabilities, any cookies associated with that domain will be blocked by Safari.
Protection Against First Party Bounce Trackers
Apple has developed a feature to detect when a domain is used solely as a “first-party bounce tracker.” TechCrunch describes this as a domain that “is never used as a third-party content provider but tracks the user purely through navigational redirects – with Safari also purging website data in such instances.” This means that even if the tracking domain attempts to place a first-party cookie on the consumers browser, Safari will detect it as a “bounce tracker” and limit it the same way as third-party cookies.
Protection Against Tracker Collusion
Safari will be able to detect when page redirects are used for tracking purposes only. For example, when a consumer is redirected to a tracking domain before landing on the intended destination, Safari will prevent any cookies from being dropped or read during that redirect. If one domain in the redirect path is classified as having tracking capabilities all domains that redirected to that domain will also be classified in the collusion. Apple advised that developers should avoid making unnecessary redirects to tracking domains, or risk being mistaken for a tracker and penalized by having website data purged.
Origin-Only Referrer for Domains without User Interaction
The Origin-Only Referrer feature will shorten the referring URLs to include just the root domain as the full URL could reveal a lot of information about the user. For example, referring reports would be limited to showing https://example.com for a user coming from https://example.com/product/shoe/blue.html. This “cloaking” of the referrer is likely familiar to performance marketers already and shouldn’t have a large impact on your program.
Recommendations for Tracking with ITP 2.0
CAKE provides multiple tracking methods that can help mitigate measurement and attribution issues caused by Safari’s ITP 2.0. Below are the recommended best practices for Networks, Publishers and Advertisers using CAKE’s technology.
Networks & Publishers
If you’re a Network or Publisher, you’ll want to switch to Server-to-Server (Postback) conversion tracking immediately. This functionality has been the recommended best practice by CAKE for many years as it provides a greater amount of accuracy for measurement and attribution by having a unique identifier outside of the cookie. For more information on cookie-less tracking, please visit our Server-to-Server Tracking article.
If your Advertiser does not have the ability to implement Server-to-Server tracking with Postback URLs, you’ll want them to update the already implemented browser-based conversion or event pixel with the Request Session ID parameter (r=). For more information on cookie-less tracking, please visit our Server-to-Server Tracking article.
Another available method to help alleviate the loss of tracking campaign interactions on Safari is Session Regeneration, also referred to as Fingerprinting. Session Regeneration is a probabilistic approach to attributing customer interactions. When enabled, this function will be used as a backup to cookies and/or the CAKE Request Session ID and will attempt to attribute a conversion to a recent click based off various attributes, commonly the IP, Device, Browser, etc. For more information, please visit our Session Regeneration article.
If you’re an Advertiser on CAKE, you’ll want to implement Server-to-Server (Postback URLs) for all of your Affiliates so they can be notified of Conversions and Events for your Campaigns.
However, Conversion and Event tracking on your Site can be done one of two ways:
- Server-to-Server (Postback URLs)
Let’s Take the Next Step
With nearly 20% of global web traffic coming from Safari browsers, there is likely to be a significant impact on the ability to measure the performance of digital campaigns if advertisers and performance networks do not implement the recommendations outlined above.
If you have questions or concerns regarding ITP 2.0 or the affects it may have on your program, please contact your Client Success Manager.
If you are an Affiliate, Network or Advertiser that cannot support cookie-less tracking today, please contact firstname.lastname@example.org to learn more about our solutions.