Bypassing Safari's Intelligent Tracking Prevention (ITP) control

Safari ITP

Safari Intelligent Tracking Prevention (ITP) is a privacy feature implemented by Apple in its Safari web browser. It aims to enhance user privacy by limiting cross-site tracking and controlling the use of cookies.

ITP categorizes cookies into first-party and third-party cookies, with different rules applied to each. While first-party cookies generally remain unaffected, third-party cookies face stricter limitations, including reduced lifespan and restrictions on cross-site access.

These changes have significant implications for businesses relying on cookies for tracking, targeted advertising, and analytics purposes.


How this affects the Symplify projects

Symplify uses cookies to keep information about the visitor. This information contains for example allocated projects and variations. This information is needed to be able to serve the same variation of a project to a returning visitor. If these cookies are removed a returning visitor will be seen as a new visitor and will be allocated a new randomized variation.

In Safari cookies are removed after seven days if the visitor does not revisit the website within these. In other words, a visitor that visits the website on day one and does not revisit the website until day eight will have their cookies removed and will thus be seen as a new visitor by Symplify.

However, a visitor that revisits the website within seven days will postpone this. Every time the visitor visits the website the cookie expiration date gets pushed.

If you have visitors that aren't likely to revisit the page within seven days you can implement our ITP solution to prevent the cookie removal.



In order for the Intelligent Tracking Prevention (ITP) fix to work you need to install an endpoint on your server that the Symplify script can communicate with. This endpoint will read the cookies from the requests from the Symplify script and then re-set the cookies as first-party cookies. This will make them pass the ITP control.


See the code example for your language;




Once the endpoint is up you need to add the URL for the endpoint in website settings. If you have multiple top-level domains (TLD) you need to enter each one comma separated (see placeholder for example). When all is set correctly you should see requests to this URL in the network tab in the browser's development tools. You should also see that the cookie sg_cookies is updated with a longer expiration date.




Was this article helpful?
0 out of 0 found this helpful