What Is ITP and What Does It Mean for Web Cookies?

Estimated Reading Time: 3 minutes
May 15, 2019
ITP web cookies safari

With the use of third-party cookies, the ability for a business to track a user’s internet activity without their consent or knowledge has been made much easier. Intelligent Tracking Prevention, commonly referred to as ITP, is a feature in Safari and other browsers that restricts the use of cookies to track consumers/users around the web.

[Cookie break! Click here for a refresher on what web cookies are and why they matter.]

ITP Evolution

Throughout the years, there have been different versions of ITP that treat the handling of cookies differently. Let’s take a look at each version update.

ITP 1.0 (released September 2017)

The first release of ITP simply said:

  • Third-party cookies may be used for 24 hours.
  • They may remain as a cookie for first-party use for 30 days.
  • They will be purged at 30 days.

Imagine example.blog used pet.store as an ad service. pet.store may set and access the third-party cookie for use that day (to provide relevant ads to blog readers). Afterward, the cookie may remain for 30 days (but no longer) to provide information if the user visits pet.store later.

ITP 2.0 (released November 2018)

After version 1.0 was released, businesses were coming up with workarounds to set third-party cookies as first-party cookies. As a response, ITP 2.0 was born with the following features:

  • No third-party cookies allowed
  • 30-day retention for first-party cookies
  • All cookies purged after 30 days

ITP 2.1 (released February 2019)

The market adjusted yet again to 2.0, thus ITP version 2.1 emerged with a major change: Client-side cookies blocked after 7 days.

There are different ways to set cookies, and one of them is using the document.cookie API. We’ll dive into this in more detail in a future article, but basically the 7-day limitations increase privacy, security, and performance for the user.

Let’s return to example.blog to see 2.1 in practice: example.blog uses an analytics tool to identify if the visitor is new or returning. Under ITP 2.1, an existing user will appear as a new user after 7 days of visiting a site using this method.

ITP 2.2 (released April 2019)

The latest iteration of ITP is version 2.2. ITP 2.2 mainly addresses the workaround the industry took to use query strings as a means of tracking. Now, client-side cookies are to be blocked after 1 day if:

  • The user accessed the site from a cross-site link.
  • The final URL the user navigated to contains query strings and fragment id.

To break this down, tracking is starting to migrate away from cookies to using information in a URL to pass information. If this occurs with intent to track users, the cookie will expire after 1 day.

Query string example:


Fragment id example:


What’s Next for ITP?

ITP rules are continuing to grow and expand as the market changes and adapts. Don’t expect version 2.2 to be the final form of ITP.

If you’d like to learn more about how ITP could be affecting your cookies, and in turn your marketing efforts, fill out the form below to get in contact with InfoTrust.

Contact InfoTrust with ITP Questions​


Last Updated: September 28, 2023

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ option.name }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.