ITP 2.1

Impact and considerations


In March 2019, Apple released version 2.1 of ITP as a part of Safari 12.1 and iOS 12.2. Besides an update to the use of Storage Access API, ITP 2.1 comes with a game-changing update in how cookies can be used in analytics and marketing tools. The update targets first-party cookies set client-side using JavaScript. Here’s an example of how it works:

Day 1: A user visits your website at resulting in a number of cookies being written on, potentially including:

  • Google Analytics
  • Facebook
  • Cookie Consent
  • Advertisement click cookies (Google Ads, Facebook, Criteo, etc.)
  • And many more

The cookies are per default set to expire between 90 and 720 days after, however, ITP 2.1 automatically limits expiry to only 7 days.

Day 2: The same user visits again. All cookies from day 1 are found and the user is recognized. Any action that the user does is added to the correct user id, click id, etc. Additionally, the 7 days expiry is reset for selected cookies.

Day 10: The same user visits again. As we are past the 7 days expiry period, the previous cookies no longer exist, resulting in:

  • A new Google Analytics client ID is generated, treating the user as a new user;
  • Facebook analytics and click cookie is gone, treating the user as a new user and break attribution for the ad click;
  • User will need to grant consent to cookies again, as the stored consent is missing;
  • Any advertisement platform that user click-ids for attribution will not be able to attribute subsequent conversions.
Make your cookies last longer