For many brands, their media targeting, digital analytics, optimisation and personalisation are in the balance. As Apple, Google and other web browsers work to improve consumer privacy and security, accepted practices must change.

At Loop Horizon, we’re all about helping you leverage your first-party data, so this is an important issue for us. We hope this short article helps build a wider understanding about Safari Intelligent Tracking Prevention (ITP); the impacts and how to fix them.

“Across the board brands are realising the primacy of first-party data and that ITP and cookies represent an immediate and high value focus to reassert the need for a direct and accountable set of methodologies for identifying & recognising customers and prospects, collecting and acting upon their data in a responsible and effective manner”

Rob McLaughlin, Co-founder, Loop Horizon

Why is this important?

Most people have heard of ITP, and the eventual demise of third-party cookies. What you might not know is, Safari is limiting the lifespan of your first-party cookies too – capping them at 7 days. Further, all “script-writable website data” is capped at 7 days too , so you can’t get round this using local storage either.

May, 2020 via

Lastly and crucially – Safari ITP gives your analytics, optimisation, and personalisation tools a kind of 7-day amnesia – if a user leaves your site and returns after 7 days, these tools won’t remember them. The implications of this are quite wide ranging, for example:

  • Inflated visitor numbers in your analytics tools, as users are double-counted when they return after 7 days due to the cookie identifying the visitor being removed
  • Inability to attribute sales to marketing spend; if your analytics tool forgets that user A (who just completed a purchase) is the same user A who visited the site over a week ago via a display ad
  • Broken a/b tests and inconsistent user experiences, as the user who was in experiment group X a couple of weeks earlier now falls into experiment group Y, because the testing tool forgets which group they were in
  • Inability to personalise content and a poorer user experience, as the personalisation tool forgets that user A is a known user

And all of that results in a poorer user experience, less efficient marketing spend, and lost revenue and a limited ability to improve or optimise.

So what can I do about it?

It’s important to first understand why Safari adds this cap to first-party cookies, and more importantly, to which type of first party cookie.

Cookies can either be set in http responses (http or server-side cookies) from the website’s servers, or through the document.cookie API using client-side script (client-side cookies).

Client-side cookies are less secure because they can be read and altered by script on the page. Among other reasons, that’s why Safari ITP caps them at 7 days.

Server-side cookies on the other hand, can have an attribute called “http only” added, which means they cannot be read or altered by script. Safari ITP does not cap server-side cookies with the http only attribute added, so they will persist correctly as before.

Unfortunately, analytics, optimisation and personalisation tools set client-side cookies via the document.cookie API. However all that is required is to turn these into http / server-side cookies.

The move toward a new web, of improved browser security and customer privacy, is a good thing. Brands that embrace this change early, and adopt strategies which place security and privacy at their heart, will benefit from leveraging rich, high-quality first-party data, that is compliant and created with their customers’ consent.

Matt Bentley, Head of Data Architecture & Analytics, Loop Horizon

Some good news

If you’re an Adobe Experience Cloud customer, they have a process in place to turn their cookies into http /server sidecookies. This uses a CNAME. Loop Horizon has been helping many brands navigate these topics.

If you use other providers, there are further options available to turn your client-side cookies into server-side http only cookies, and again, Loop Horizon can help you understand these and choose the one that’s right for you.