Safari ITP and analytics privacy
Intelligent Tracking Prevention (ITP) is WebKit's privacy feature that partitions and limits storage to stop cross-site tracking in Safari. It blocks third-party cookies, caps script-set first-party cookie lifetimes, and constrains other client-side storage. This page summarises ITP's documented behaviours and what they mean for measuring audiences.
What ITP does
ITP uses on-device classification to identify domains with cross-site tracking capability and then restricts their storage. Over successive versions it blocked third-party cookies by default, partitioned storage by first party, capped client-side cookie lifetimes, and limited other persistence mechanisms that were being used to rebuild identifiers.
The consistent direction is that cross-site state is removed and same-site state is shortened, so identifiers cannot quietly follow users between sites or persist indefinitely.
Consequences for measurement
Third-party-cookie analytics and cross-domain attribution degrade or break in Safari. First-party measurement still works but with shorter-lived identifiers, so returning-visitor and retention numbers are conservative on Apple platforms. The practical response is to lean on first-party, aggregate measurement rather than persistent per-user identity.
- Third-party cookies blocked by default
- Storage partitioned per first party
- Client-side cookie and storage lifetimes capped
How it appears in analytics and logs
Gaps in cross-site attribution and inflated new-visitor counts concentrated on Safari/iOS usually trace back to ITP's storage partitioning and cookie caps.
Diagnostic use case
Anticipate why cross-site and long-term measurement breaks in Safari, and design first-party, consent-light analytics that survives ITP.
What WebmasterID can help detect
WebmasterID's first-party, server-classified model is built to keep working under ITP without third-party cookies or cross-site identifiers.
Common mistakes
- Blaming a tag error for Safari attribution gaps caused by ITP.
- Relying on third-party cookies for cross-domain measurement.
- Assuming iOS audiences are smaller when IDs are just resetting.
Privacy and accuracy notes
ITP exists to protect users from cross-site tracking. This page describes its documented mechanics for measurement planning and does not suggest evading it.
Related pages
- First-party cookie lifespan and caps
Even first-party cookies no longer live as long as their stated expiry. Safari's Intelligent Tracking Prevention caps script-set first-party cookies to seven days (or 24 hours in some cases), and other browsers apply their own storage limits. This page explains how those caps work and why they fragment returning-visitor and retention metrics.
- Firefox Enhanced Tracking Protection
Enhanced Tracking Protection (ETP) is Firefox's default privacy defence: it blocks resources on a known-tracker list and, through Total Cookie Protection, partitions cookies into a separate jar per website so they cannot be shared across sites. This page explains what ETP blocks and how it shapes analytics data from Firefox users.
- Cookieless analytics: how it works and its limits
Cookieless analytics records visits and events without setting cookies or persistent cross-site identifiers. It relies on first-party, server-side signals and aggregate counting. The trade-off is honest: it cannot follow an individual across sessions the way cookie-based tracking can — which is exactly the point for privacy-first measurement.
- Privacy-first analytics
First-party measurement that survives ITP.
Sources and verification notes
- WebKit — Tracking Prevention PolicyOfficial statement of what WebKit prevents and why.
- WebKit — Full third-party cookie blocking (ITP)Default third-party cookie blocking in Safari.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.