You might have noticed something weird in your analytics starting in March 2019.
Its partially because your website visitors from Safari browsers on both mobile and desktop had the expiration of their _ga cookie — changed from 2 years to 7 days.
Why is this, and why does it matter to Safari users, specifically?
What is ITP?
Safari (and a few other platforms) use Intelligent Tracking Prevention (ITP) which is a part of WebKit — the web browser engine used by most iOS devices. ITP made major changes to the expiration of the _ga cookie (the one that stores the Client ID and is used to recognize individual website users). These changes, if they haven’t already, will make a noticeable impact your analytics.
Why does that matter?
It all comes down to the expiration date of that _ga cookie. Prior to the ITP update, if a user were to visit wostrategies.com for the first time on Sunday, April 1st, 2019, each subsequent visit/session to the site during a two year period from that visitor would register as a returning user, expiring on April 1st, 2021.
With this change, if a user were to visit wostrategies.com for the first time on Sunday 1st (from Safari) then revisit the site on Friday 6th, they would be recognized as two sessions from the same user. One being a new session and one being a returning session. So far, so good.
However, if that user returns a week later on the 14th, this third visit will be treated as a new user, and that’s huge for using your analytics to make marketing decisions.
Here’s the bigger part: If you have cross domain tracking across different subdomains, cookies set with document.cookie will also be targeted if they are fired on a different subdomains than the one on which they were set.
Here is the impact:
- All first party cookies, including many analytics platforms and much split testing software, are now capped to 7 days of storage.
- The level of direct traffic in non multi-channel reports is likely to rise because there will no longer be a cookie to join those different visits into one user session.
- The number of ‘users’ and proportion of new sessions is also likely to go up for the same reason.
- Your split testing software won’t correctly measure return sessions if the user returns after the 7-day mark.
Paid Promotion in cross-hairs:
If you run PPC or Facebook ads or run remarketing, those cookie expiration will also be set to one day for Safari users.
Looks like Safari will start reducing 1st party cookie expiry to 1 day when cookie is set on landing page from a tracking domain (https://t.co/IF1xPWIlQr, https://t.co/iqJnHVp6EN) and url has non-empty query string or hash (fbclid, gclid). https://t.co/bLckI75iho#measure #ppc
— Simo Ahava (@SimoAhava) March 27, 2019
Why this update?
The WebKit developers have made clear on Twitter that their key motivation is to move towards eliminating cross-domain tracking. Their focus is breaking the ability for ad networks to track you cross domain and build a profile of you, but this also impacts legitimate cross domain tracking across the same business.
@johnwilander hi John, just a quick clarification re: ITP 2.1 – 7-day expiration is just for document.cookie and not localStorage? I’m guessing storing the 1st party cookie data in LS instead isn’t a “workaround” because LS is same-origin? Thanks for being so transparent on ITP!
— Simo Ahava (@SimoAhava) February 27, 2019
Do I need to make adjustments to analytics implementation?
Here’s what you need to check:
- What is your proportion of traffic coming from Safari or Firefox? Is it a third of your visitors or more?
- Do your users tend to visit your site with more than 7 days between visits?
- Are you currently (or want to) model your user journeys in Google Analytics or use multi-channel funnel attribution?
- Do you regularly track return visitors?
- Do you use your demographic data for your Safari users?
If you answered yes to all the above, you’re going to want to take action.
Recommended action (if necessary)
Simo Ahava walks through multiple solutions in this blog post, but at a high level the solutions include:
Using localStorage to maintain a unique identifier:
Using localStorage to persist the unique identifier (i.e. the client ID) instead of relying solely on the _ga cookie. You need to implement this via Google Tag Manager, and it will only work if you only have a www.domain.com, and won’t work if you also have blog.domain.com.
If you don’t have these things in place, that means the second solution is for you:
Use HTTP cookies:
In this option, you’re going to move your analytics to HTTP cookies instead of client-side cookies. This requires access to your server and an understanding of how to configure it. Implementation of this option will depend on your server setup.
Here are some solutions that folks have tested to explore:
- Tech demo from Peter Nikolow
- Cloudflare Workers snippet from Dustin Recko for inspiration.
Unfortunately at the moment there are not official solutions from the analytics vendors. Google hasn’t made a statement yet about a Google Analytics solution, and Adobe has simply stated that it is “assessing the impact of ITP 2.1” on data collection.
What have you noticed in your web analytics reporting since this update? I’d love to hear about your experience in the comments!
P.S. Thanks for taking the time to read my post and geek out about SEO with me!
I get my inspiration for post topics from other SEOs and in-house marketers struggling with SEO strategy and implementation questions, so if you like this post, please…
- Leave a comment
- Share it with your network
- Follow me for future posts
Leave a Reply