Apple Intelligent Tracking Prevention (ITP) 2.x

Information about Adobe Target support for Apple’s ITP 2.x via the Experience Cloud ID (ECID) library 4.3.

Intelligent Tracking Prevention (ITP), is Apple’s initiative to protect Safari users’ privacy. The first release of ITP, which was in 2017, targeted the usage of third-party cookies. In fact, Apple blocked third-party cookies entirety, which in turn, caused a severe headache for ad tech and mar tech companies because third-party cookies are generally used for tracking visitors and collecting visitor data. Now, Apple is on the move to place limitations and restrictions on how first-party cookies are used within Safari.

These versions of ITP include the following restrictions:

Version Details
ITP 2.1 Capped client-side cookies that are placed on the browser using the document.cookie API to a seven-day expiry.
Released February 21, 2019.
ITP 2.2 Drastically reduced the seven-day expiry cap to one day.
Released April 24, 2019.
ITP 2.3 Eliminated several workarounds, such as employing localStorage or using the JavaScript Document.referrer property.
Released September 23, 2019.

What is the impact to me as an Adobe Target customer?

Target provides JavaScript libraries for you to deploy on your pages so that Target can deliver real-time personalization to your visitors. There are three Target JavaScript libraries (at.js 1.x, at.js 2.x, and mbox.js) that place client-side Target cookies on your visitors’ browsers via the document.cookie API. As a result, Target cookies are impacted by Apple’s ITP 2.x and will expire after seven days (with ITP 2.1) and after one day (with ITP 2.2 and ITP 2.3).

Apple ITP 2.x impacts Target in the following areas:

Impact Details
Potential increase of unique visitor counts Due to the expiration window being set to seven days (with ITP 2.1) and one day (with ITP 2.2 and ITP 2.3), you might see an increase of unique visitors coming from Safari browsers. If your visitors revisit your domain after seven days (ITP 2.1) or one day (ITP 2.2 and ITP 2.3), Target is forced to place a new Target cookie on your domain in place of the expired cookie. The new Target cookie translates to a new unique visitor even though the user is the same.
Decreased lookback periods for Target activities Visitor profiles for Target activities might have a decreased lookback period for decisioning. Target cookies are leveraged to identity a visitor and store user profile attributes for personalization. Given that Target cookies can be expired on Safari after seven days (ITP 2.1) or one day (ITP 2.2 and 2.3), the user profile data that was tied to the purged Target cookie cannot be used for decisioning.
Profile scripts based on 3rdPartyID Due to the expiration window being set to seven days (with ITP 2.1) and one day (with ITP 2.2 and ITP 2.3), profile scripts based on the 3rdPartyID cookie will stop functioning upon expiration.
QA/Preview URLs in iOS devices Due to the expiration window being set to seven days (with ITP 2.1) and one day (with ITP 2.2 and ITP 2.3), QA/Preview URLs will stop functioning upon expiration because the URLs are based on the 3rdPartyID cookie.

Is my current implementation of Target impacted?

In a Safari browser, navigate to your website on which you have a Target JavaScript library. If you see a Target cookie set in the context of a CNAME, such as, then you are not impacted by ITP 2.x.

If you are using the Experience Cloud ID (ECID) library in addition to the Target JavaScript library, your implementation will be impacted in the ways listed in this article: Safari ITP 2.1 Impact on Adobe Experience Cloud and Experience Platform Customers.

How can I mitigate the impact of future ITP 2.x releases to Target?

To mitigate the impact of future ITP 2.x releases to Target, complete the following tasks:

  1. Deploy the Experience Cloud ID (ECID) library to your pages.

    The ECID library enables the people identification framework for Experience Cloud Core solutions. The ECID library allows you to identify same site visitors and their data in different Experience Cloud solutions by assigning persistent and unique identifiers. The ECID library will be updated frequently to help you mitigate any ITP-related changes that impact your implementation.

    For ITP 2.x, ECID library 4.3.0+ must be utilized for mitigation.

  2. Use Adobe’s CNAME and Enroll in Adobe Analytics’ Managed Certificate Program.

    After installing the ECID library 4.3.0+, you can leverage Adobe Analytics’ CNAME and Managed Certificate Program. This program lets you implement a first-party certificate for first-party cookies at no charge. Leveraging CNAME will help Target customers mitigate the impact of ITP 2.x.

    If you are not leveraging CNAME, you can start the process by talking with your account representative and enrolling in the Adobe Managed Certificate Program.

After you deploy a Target JavaScript library in conjunction with the ECID library v4.3.0+ and enroll in the Adobe Managed Certificate Program to leverage CNAME, you will have a robust and long-term mitigation plan for ITP-related changes.

As the industry makes strides to create a more secure web for consumers, Adobe Target is absolutely committed to delivering personalized experiences while meeting and exceeding the privacy expectations of visitors. Adobe Target has already announced support for Google’s SameSite Chrome Policies in addition to support for Apple’s ITP 2.x.

As policies continue to evolve to protect our consumers, Adobe will also continue to support these initiatives in Target, while helping our customers provide the best-in-class personalized experiences.

On this page