• Blog
  • Jun 12, 2020
  • By Cam Sivesind
ITP Compliance – Stay Ahead of the Cookie Conundrum Curve

Apple released Intelligent Tracking Prevention (ITP) in 2017 to protect user privacy by limiting the ability of marketers and online businesses to track users across domains via its Safari browser. The focus was on third-party cookies and decreasing tracking of those cookies to 30 days. ITP 2.1 raises the bar even higher, capping the lifetime of cookies set client side to seven days, instead of the possible two years.

As a provider of marketing attribution, specifically multi-touch attribution, the goal of LeadsRx on behalf of our customers is to continue to provide rock-solid data on consumers and their journeys through the sales funnel and eventual conversions (making purchases of products and services).

want more information on itp compliance?

LeadsRx takes compliance very seriously. Learn more about how we are addressing each requirement, and helping our customers capture customer journeys more accurately.

First-Party Cookies Are Here to Stay

We want to make one thing very clear: Cookies are NOT going away. LeadsRx has always used first-party cookies, and we have the ability to place these cookies from a branded server (such as the one hosting your company’s website), in addition to the browser.

We reiterate: First-party, server-placed cookies are likely never going away. Nearly all businesses rely on their cookies to provide an exceptional user experience, including maintaining personal preferences, login credentials, etc. When you visit your bank’s website, you don’t want to have to remind them of who you are each time, re-enter your account information, and have to figure out how and where to find your current balance. Cookies make the customer experience easier, yet still with a level of necessary security.

What if browsers prevented websites like Amazon from using cookies to improve their customers’ experience on the site? We doubt the consumer would be happy with a poorer experience and they would likely revolt to prevent hinderance of their ability to shop online.

Just imagine the impact of ITP compliance on cookie tracking for analytics platforms, such as Google Analytics and Adobe Analytics – as well as other MarTech and CRM tools providers. All first-party cookies set in Safari expire in one week unless an alternate solution is put into place. Other browsers – Chrome, Firefox, and Brave – are following suit by blocking third-party trackers.

ITP Compliance – What To Do

Here’s our take on the challenges presented by the cookie conundrum created by “ITP compliance,” and what can be done about it. First, the word “compliance” is more harsh sounding than it really is.

  • Being compliant means your cookies will be preserved by Safari for a longer time.
  • Being non-compliant means cookies will only be saved for 24 hours.

ITP Has Three Requirements:

  1. Cookies must be first-party (i.e., they cannot come from a third-party domain), and they should not be placed by the browser.
  2. Destination URLs cannot contain any tracking parameters or fragment tags. Yep, no utm_source.
  3. The site hosting the advertisement, and thereby referring customer traffic to your site, can’t collect data for cross-domain tracking. (More on intermediary “click-trackers” as we dive into requirement No. 3 below.)

How LeadsRx Addresses Each Requirement

LeadsRx takes compliance very seriously, and here is how we are addressing each requirement, and helping our customers capture customer journeys more accurately:

Requirement #1: First-Party Cookie

LeadsRx has always used first-party cookies as the primary way of unifying customer journeys. While cookies are placed by default via the visitor’s browser, we have the ability to “re-brand” our Universal Conversion Tracking Pixel™ so that first-party cookies can instead be placed by your server. Unlike other marketing vendors who solely rely on third-party cookies or browser-only cookies, LeadsRx has kept first-party cookies at the core of its offering for years.

Placing cookies using Javascript from within a browser is fairly standard, but if your website is in violation of requirements Nos. 2 and 3, then ITP protocol says your cookies will only last 24 hours.

To resolve this, you can request to have your Universal Conversion Tracking Pixel configured to provide first-party cookies. It’s a simple change, and we’re happy to walk you through setup.

iOS and Browser-Based Safari Have Different Requirements

Most recently, we addressed an issue introduced by the latest version of Chrome that requires third-party cookies include the same-site and secure header settings. In doing so, we also had to account for specific iOS and Safari browser versions, as they have different requirements.

Worth noting is that certain browsers (such as Firefox) come out of the box with heightened ITP prevention. Adblockers also play a big role in preventing third-party cookies from being leveraged. Again, LeadsRx responds to this challenge by providing you our re-branded pixel, which makes your cookies first-party.

Once this quick change has been made, your first-party cookies will be placed by the server and not the browser. The result is you pass the test for requirement No. 1 – because you are using the re-branded Universal Conversion Tracking Pixel we provide. Well done!

Requirement #2: Tracking Parameters

Most marketers use tracking parameters of some sort. Of course it is not practical for you to omit UTM tracking parameters, so passing the test of requirement No. 2 is not likely. Keep in mind, not passing this parameter isn’t the end of the world, it just means that the cookies created, in the instances where tracking parameters are used, will have a shorter lifespan.

Requirement #3: Cross-Domain Tracking

This depends on the ad server, or the traffic source, and not on LeadsRx. Google and Facebook claim they are ITP-compliant, meaning they are not collecting data for cross-domain purposes (i.e., to see what different websites a person visited). However, other ad servers could have their own policies.

Click-trackers represent an intermediary step, and if it is collecting third-party data, you may want to consider another click-tracker.

There are several third-party providers of click-tracking, including the major players such as Google, Adobe and Facebook. These URLs begin with the third-party’s domain and redirect to your domain and landing page. The user’s browser will momentarily load a third-party tracking domain before loading your final landing page. Common issues are broken links and percent-encoding issues. These tools have their pros and cons, but if they are tracking cross-domain information, expect to fail the third requirement.

If you keep the consumer in mind, these tools really don’t lead to a better customer experience as they are only designed to serve marketing purposes. In the context of ITP Compliance, we consider the click-tracker methodology to be somewhat at risk.

LeadsRx Cookies: Good to the Last Bite

The bottom line is that ITP compliance must be evaluated by both LeadsRx and you, our customer. We don’t directly control requirements Nos. 2 and 3, but we will do all we can to inform you on how best to achieve compliance – and accurate attribution data. Our commitment is to always deliver the most cutting-edge, secure, and compliant technology to support the optimization of advertising campaigns.

Our goal is to keep accuracy in audience segmentation (avoid cookies being purged and return buyers not being associated with their original purchases); keep a full view of the customer journey; continue to optimize ad spend, using attribution as the impartial source to do so; and allow you to continue to provide personalized content that drives conversions and customer retention.

LeadsRx has and will continue to make iterative changes as new and different ITP obstacles arise, but all is not lost, and first-party cookies are here to stay.

If you have an ITP question or concern, schedule a demo with our Attribution Specialists to learn how LeadsRx might be able to help.