Go to the profile of Commission Factory
Aug 23, 2019 · 8 min read

The ITP 2.2 Cookie War Rages On

Apple and their default browser - Safari, continue the war on first-party cookies in a bid to further protect users’ online privacy.


In what is now starting to feel much like déjà vu, the AdTech and affiliate industry is again staring down the barrel of yet another update to the infamous ITP. The original engineering of this standard can't solely be placed on the shoulders of Apple and WebKit but they are recognised as the instigators. As other browsers move to follow suit on increasing privacy it has been  done at a more reasonable and calculated pace - giving AdTech and service providers time to adjust and deploy.

Commission Factory look to address some of these changes and also give you further insight into ITP 2.2, the expected changes and also the wider impact.

What is ITP?

ITP, an initialism for Intelligent Tracking Prevention, 3 letters that have, for the last couple of years invoked a sense of dread for any company in the AdTech space and those that rely on data and attribution to successfully run their businesses.

We wrote about the first iteration, ITP 1.0 back in September 2017 and then also in August 2018 when ITP 2.0 had launched. And here we are again in what is fast becoming an annual event.

Tracking prevention was introduced as a means of further protecting users online privacy. Third-party cookies have been blocked by default for some time but it is the first-party cookie that became integral to the user experience on browsers and have traditionally been safe from forms of automatic blocking or removal.

These first-party cookies you have likely been exposed to on a regular basis and they achieve such seamless user experiences that we have come to expect such as keeping you logged into a service, the products you have added to your shopping cart, website settings such as which language or region you have selected and values that you have entered into forms.

However, it is these same cookies that have also been used to track users in much the same way as the third-party cookies, and it is for this reason Apple has taken aim at this kind of data.

The Timeline of ITP.........so far

Timeline major broswer changesITP 1.0

Read our in-depth overview of ITP 1.0

ITP 1.1

ITP 1.1 introduced changes which made it easier to use third-party services that serve embedded content such as embedded videos, or social logins. The release of ITP 1.0 defeated the entire purpose of embedded content, and required users to visit services in a first-party context before using widgets on a site. For example, being unable to like content using the social sharing icons on site.

ITP 2.0

Read our round up on ITP 2.0.

ITP 2.1

When ITP 2.0 went live, many companies gradually found workarounds to bypass the hiccup created by Apple. Released in relatively quick succession 2.1 was launched to curb these workarounds by reducing the accessibility and longevity of first-party cookies down to 7 days.

ITP 2.2

Like 2.1, 2.2 is a minor change to the previous release in that the fundamentals remain largely the same but the ramifications have become greater. Once again there is a further reduction in the accessibility and longevity of the first-party cookies down to 24 hours.

ITP 2.2 in Australia

Australia does in fact have a higher percentage of Safari users than the global average, this is due to the fact that our preference for smartphones and tablets sways far more towards the Apple ecosystem than any other brand. In fact Apple devices outnumbers even the closest competitor by more than 3 times their market share in Australia. Compared to global market share where Apple sits at just over 25% market share closely following Samsung at 29%.

Source: StatCounter Global Stats - Device Vendor Market Share

Browser Market Share in Australia

Source: StatCounter Global Stats - Browser Market Share

Browser Market Share Globally

Browser-marketshare-globalSource: StatCounter Global Stats - Browser Market Share

ITP and Commission Factory: By the Numbers

In the lead up to the release of ITP 2.2 and understanding what it fundamentally affects, we have outlined below, the ramifications of a post-2.2 world. Over the last couple of years it has become commonplace in the lead up to a launch to read many stories of doom and gloom with more clickbait than a royal wedding. So, using an actual month of data exported from our platform, we will reveal just what the damage is, followed by the fixes and the work in progress.

*All data taken from the Commission Factory platform for the month of July 2019.







Breaking down the above figures, a total 34.21% of all transactions are currently tracked through the Safari browser. The exposure to Affiliates and the network is 4.24% of that number. It is a broad indication of what the losses could equate to across the network should no Advertisers be compliant. But, in actual fact, steps have already been taken over the last few months and since the launch of ITP 1.0 to move Advertisers to both our CF MasterTag with the added redundancy of Custom Tracking Domains, consisting of the "Core Tracking Requirement" of the network going forward.

Intelligent Tracking Prevention and Beyond

Currently Commission Factory are finalising the development of new technologies and tracking capabilities that will ensure the integrity of all tracking now and into the future. Taking lessons from  what we have seen it is safe to say we have an indication of  the  path ahead of us but we also need to be prepared for the long term and whatever ITP 2.3, 3.0, 4.0 will throw at us.

We are currently in the process of working with our advertisers to implement advertiser-specific Custom Tracking Domains. By using a subdomain of the advertiser's root domain, our servers are able to set 1st party cookies in the server response headers rather than relying on JavaScript running in the browser.

By providing  Custom Tracking Domains to each user of our CF MasterTag, we can take our cross-site tracking domains out of the equation and the domain that sent the user to the page will only be used to direct users to one site. Because the resulting cookies are set by server response headers and belong to the primary domain, they are exempt.

The hoops the AdTech industry are currently jumping through, whilst frustrating, in the long term will be welcome changes to the industry and overall for the end user where privacy and consent have now become hot topics.

Did you enjoy this article? Don’t forget to share.