I was forced to support ITP at work, and I needed to understand the specifications to a certain extent when implementing it, so I decided to write this article.
What is ITP?
This is an abbreviation for Intelligent Tracking Prevention, a feature built into Apple's Safari browser.
The ITP function has been updated several times, but as of now (July 10, 2021), the following restrictions are roughly in place.
- All third-party cookies cannot be used
- js-generated first-party cookie has a lifespan of 1 week
- tracker certification(Whether the domain tracks multiple domains. Determined by AI) From the domainInflow with URL parameters (UTM parameters, etc. → information about “where” and “who” the inflow came from)death,The second person given the right to live is 24 hours.
What is tracker certification?
"Tracker certification" means that Safari will not recognize your device according to the following criteria (among others):This domain seems to be used for advertising and measurement!” to be recognized as such.
- The number of times the referring domain was loaded as a script from another domain
- The number of times the linking domain was loaded as an iframe from another domain
- Number of redirects from linking domains
The list is not managed centrally on the server, but rather each device's Safari decides which list to use, but it seems more efficient to manage it centrally on the server. (I'd like to investigate this further.)
Lifespan on Chrome (2 years)
Now, let's look at GA cookies.
If you access it with Chrome, which currently has no restrictions,
GA cookies are set to last for 2 years by defaultYou can see that it is.
Next, let's look at Safari settings.
Lifespan in Safari (24 hours to 7 days)
I tried clicking on a Yahoo ad in Safari.
The image below is the link URL"Where did they come from and what advertising campaign did they come from?"Such information is provided as UTM parameters.
“What is ITP?”We were able to confirm that the third UTM parameter was added.
This timeWhen you click on an ad, javascript starts, and for a moment it redirects you to adservice.google.com and then to salonpas.it was done. (Probably because the salonpas advertisements have stopped appearing again...)
GA cookies are first-party cookies, but they are generated by js.
This is an easy place to make a mistake,The GA cookie is issued by the domain where the js is called, not by the GA server, so it is a first-party cookie.It will be.
Here, the GA cookie meets the following conditions, so its lifespan is set to 24 hours by the ITP function.
- js-generated first-party cookies
- UTM parameter assignment
- Tracker certified domain (adservice.google.com)
To be honest, the only way to judge whether or not a tracker is certified is to look at the results.However, in ITP, it appears that the lifespan of a cookie is determined through the above-mentioned judgment.
So, how can we avoid this ITP?
I will explain how to avoid this in the next issue.
English 
Japanese
comment