Note that this is a rather technical blog. If you have any questions on this topic, feel free to reach out to firstname.lastname@example.org. We are more than willing to clarify any questions you may have.
Client side cookies and ITP
Since ITP 2.1, the maximum age of all cookies set client side from a domain or script classified as tracking domains (ITP) or listed on disconnect.me (ETP) will be capped to 7 days (or even 1 day if the user landed on your site with advertising URL parameters like ?gclid=, for instance). If you are interested in a more thorough read on this, have a look at this blog on how Safari does it and this blog on Mozilla Firefox.
The result is that, as you can see in the image below, upon inspecting the _ga cookie of our website, the expiration date is reduced to 7 days.
How TraceDock extends the life-time of a cookie
The current restrictions are focussed on cookies set client-side via document.cookie. With this in mind, TraceDock initiates first-party server-side cookies (“http set-cookie”) to extend the cookie life-time.
TraceDock is initiated in parallel through a randomized subdomain of the customer, e.g. on cms.your-website.com and with a randomized script, bypassing the ITP 2.3 and ETP classification as a tracking script.
Upon retrieving the script it will read out the Google Analytics set cookie _ga. TraceDock then piggybacks on the pageview server request and asks the server to restore the cookie _ga with this value. The server will then respond with the header set-cookie _ga=1234. This response will trigger the browser to set a cookie, and because it is set using http set-cookie from a first-party subdomain, the maximum age can be extended to 180 days.
If you are interested in a technical read on how the rest of the TraceDock script runs, have a look at this blog.
As a result, you can return to the web inspector of Safari, and see that after TraceDock is enabled, the maximum age of the cookie _ga is recovered to 180 days.
With TraceDock enabled on your website you can automatically protect your digital analytics cookies against the effects of ITP 2.3 through a first-party server-side initiated action set-cookie. With this explanation, we hope to inspire you to set something up yourself or reach out if you want to install TraceDock to get it fixed without the hassle.
If you are interested, have more questions or want to see how TraceDock works, request a demo below and we can schedule in a 30-min slot.