Intelligent Tracking Prevention (ITP)

First-party cookies may already be getting blocked without you realizing it. Apple’s Intelligent Tracking Prevention has evolved from blocking obvious third-party trackers to limiting even first-party cookies when Safari’s machine learning model determines they’re being used for cross-site tracking.

What is Intelligent Tracking Prevention (ITP)?

Intelligent Tracking Prevention is a feature developed by WebKit, the engine used in Safari and other browsers, that reduces cross-site tracking by limiting cookies and other website data. It was designed to recognize and prevent domains with tracking capabilities from following users across the web, even when those domains use first-party cookies in technically compliant ways.

How ITP operates

Intelligent Tracking Prevention incorporates a machine learning model based on statistics collected by the browser. This classifier evaluates which domains can track users’ actions across different websites by analyzing patterns in how cookies are set, how redirects are structured, and how domains interact across sites.

If the machine learning classifier identifies that a particular first-party cookie can be used for cross-site tracking, the cookie faces restrictions. For some tracking patterns, cookies are limited to seven days of storage. For others, they’re deleted within 24 hours. In some cases, cookies are blocked entirely unless you use the Storage Access API to explicitly ask users for permission.

Impact on analytics implementation

The practical impact depends on how you’ve implemented tracking. Server-side analytics implementations using first-party cookies for legitimate site analytics typically aren’t affected. Client-side tracking that relies on URL parameters to pass data between domains often triggers ITP restrictions.

Common scenarios that trigger ITP:

  • Using link decoration parameters (like click IDs) passed between domains
  • Implementing cross-domain tracking through redirects
  • Using first-party cookies set by third-party scripts
  • Tracking users through multiple subdomains in ways that resemble cross-site tracking

Identifying ITP impact

Look for these indicators in your analytics: shortened session durations that don’t match user behavior patterns, attribution breaking for multi-session conversions (especially those spanning more than 7 days), and sudden drops in Safari traffic or conversion rates specifically from Safari users.

If you’re seeing these patterns, you’re likely hitting ITP restrictions. The solution typically involves moving to server-side tracking, adjusting how you handle cross-domain measurement, or reconsidering which metrics you can reliably track.

Read more about ITP and cookies on the Piwik PRO blog:


  • What is protected health information (PHI)? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…