The Silent Data Killer: Understanding ITP and ETP
Over the past few years, browser vendors have waged war on cross-site tracking. While this is excellent news for user privacy, it has created a significant blind spot for businesses relying on analytics data to make informed decisions.
What is ITP?
Intelligent Tracking Prevention (ITP) is Apple's privacy feature in Safari that limits the lifespan of cookies set via JavaScript to just 7 days. For users who don't return within a week, every visit appears as a "new user" — destroying your ability to track customer journeys.
Safari holds approximately 20% of global browser market share, but in premium markets like the US and UK, it can account for 35-50% of your traffic. These aren't just any users — Safari users tend to be iPhone and Mac owners with higher purchasing power.
Firefox Enhanced Tracking Protection (ETP)
Mozilla's Firefox implements similar restrictions through Enhanced Tracking Protection, which blocks third-party tracking cookies entirely and limits first-party cookie lifespans. With Firefox holding ~3-5% market share, combined with Safari, you could be losing visibility on 40% or more of your valuable traffic.
How Cookie Deletion Works
Here's the technical breakdown of what happens:
- Day 1: User visits your site. JavaScript sets an analytics cookie (e.g.,
AMCV_xxxfor Adobe). - Day 7: ITP automatically deletes the cookie if set via JavaScript (client-side).
- Day 8: User returns. Analytics sees them as a completely new visitor. Attribution is lost.
This 7-day cap was reduced from 24 hours in some cases, showing Apple's aggressive stance on tracking prevention. Third-party cookies? They're blocked entirely.
The Business Impact: More Than Just Numbers
The consequences of losing Safari and Firefox data extend far beyond inflated "new user" counts. Here's what's actually happening to your business decisions:
Lost Attribution
Marketing campaigns appear less effective because conversions can't be attributed to their original touchpoints. That Facebook ad that actually drove the sale? It looks like organic traffic now.
Inflated Acquisition Costs
When returning customers appear as new users, your Customer Acquisition Cost (CAC) becomes artificially inflated. You're counting the same customer multiple times.
Flawed Budget Decisions
If Safari users (often your highest-value segment) appear to have poor conversion rates, you might shift budget away from channels that actually perform well with this audience.
Broken Customer Journeys
Multi-touch attribution models become unreliable. A 30-day consideration cycle for a major purchase? You'll only see fragments of that journey.
The Solution: WebSDK with First-Party Server-Side Collection
Adobe's Web SDK (Alloy.js) combined with first-party server-side data collection fundamentally changes how cookies are set — and that makes all the difference.
Why Server-Set Cookies Bypass ITP
The key insight is that ITP only limits cookies set via JavaScript. When cookies are set by your own server (first-party, server-side), they're treated as legitimate first-party cookies with a lifespan of up to 2 years.
Traditional vs. WebSDK Architecture
Key Components of the Solution
- First-Party Domain: Data collection happens through your own domain (e.g.,
data.yourbrand.com), not Adobe's servers directly. - Server-Side Cookie Setting: The ECID (Experience Cloud ID) cookie is set by your server via HTTP headers, not JavaScript.
- Adobe Edge Network: Your first-party endpoint forwards data to Adobe's Edge Network, maintaining all functionality while preserving cookie longevity.
- CNAME Implementation: A CNAME record points your subdomain to Adobe's infrastructure, making the connection truly first-party from the browser's perspective.
Real Numbers: An Automotive Company Case Study
Let's walk through a concrete example to illustrate the impact. Consider an automotive company with the following profile:
The Data Loss Calculation
What This Means for Attribution
With a 21-day average consideration cycle for vehicle purchases, the majority of Safari users will have their cookies deleted before converting. This means:
- Test drives scheduled online can't be attributed to original campaigns
- Lead forms appear as "direct traffic" conversions
- Retargeting audiences are fragmented and incomplete
- Multi-touch attribution models show only the final touchpoint
After WebSDK Implementation
Full visibility restored on Safari user journeys
Marketing ROI calculations now reflect reality
Stopped counting returning customers as new acquisitions
Cost-Benefit Analysis: Lost Data vs. Migration Investment
The question isn't whether you can afford to migrate to WebSDK — it's whether you can afford not to.
$50K-200K/year in wasted budget due to wrong attribution
One-time investment, typically 4-8 weeks of work
Can't personalize for users you can't recognize
Minimal — leverages existing Adobe Edge Network
Competitors with better data make better decisions
Ready for cookieless future and further browser restrictions
For most organizations, the WebSDK migration pays for itself within the first quarter through improved attribution accuracy alone.
GDPR Compliance: Why First-Party is Legally Safer
Beyond the technical benefits, first-party data collection aligns better with privacy regulations like GDPR and CCPA.
Key Compliance Advantages
- Data Controller Status: With first-party collection, you maintain clear data controller status. Data flows through your infrastructure first, giving you complete visibility and control.
- Simplified Consent Management: First-party cookies are subject to less restrictive consent requirements in many jurisdictions compared to third-party tracking cookies.
- Data Minimization: WebSDK allows you to filter and transform data before it reaches Adobe, ensuring you only share what's necessary.
- Audit Trail: All data passes through your servers, creating a clear audit trail for compliance documentation.
- Geographic Control: You can ensure data is processed in specific regions before forwarding to Adobe's Edge Network.
Legal Perspective
While third-party cookies have faced legal challenges in multiple EU jurisdictions, first-party analytics implementations with proper consent mechanisms have consistently been upheld as legitimate business interests. The first-party approach demonstrates good faith effort toward privacy compliance.
Taking Action: Your Next Steps
The data loss from ITP and ETP isn't a future threat — it's happening right now, every day, on your website. The good news is that the solution is proven, the migration path is clear, and the ROI is compelling.
Don't let browser privacy features turn your premium Safari audience into invisible traffic. The technology to solve this exists today — the only question is how quickly you implement it.
