The Future of Performance Marketing: An ITP 2.0 Update and Tracking FAQ

Becky Doles

Photo by rawpixel on Unsplash

June 2021 update: Read our response to WWDC21 and Intelligent Tracking Prevention “3.0”, or jump straight to our in-depth e-book resources on ITP 2.0+ and conversion tracking methods.

If you’re in the performance marketing industry, you’ve noticed that major browsers have been making big changes to their privacy and security rules. And that means big changes for advertisers, networks, and publishers alike.

The September 2018 launch of the Intelligent Tracking Prevention (ITP) 2.0 update for Safari browsers is just one in a series of updates and announcements by Apple, Google, and Mozilla that are making it more difficult to do business on the internet. While internet users may welcome these changes, tracker blocking, decreased access to cookies, and the need for secure transport (https) have increased the barriers to entry for online commerce. These changes have also created a discrepancy gap between high and low complexity performance marketers.

In this post, we’ll review recent changes made by three major browsers, what these changes mean for performance marketers and TUNE, and how advertisers, networks, and publishers can prepare for the future of digital advertising.
[optin-monster-shortcode id=”kyarwgjnqalmy5cu” followrules=true]

Browser Updates: Safari, Chrome, and Firefox

While the browser names remain different, Safari, Chrome, and Firefox all seem to be heading the same direction when it comes to privacy and security changes. For a browser-specific breakdown, see our previous post, What Apple’s Intelligent Tracking Prevention 2.0 (ITP) Means for Performance Marketing, and these articles:

What It All Means

In essence: Unsecured, client-side session tracking is dead. (Likely due to the rampant client-side tracking of individuals as they move across the internet.) This is currently the reality on Safari browsers, and recent updates have indicated that Firefox will follow, as Mozilla makes meaningful efforts to improve user security and privacy.

At TUNE, we believe these changes are meaningful evolutions, and should be accepted with open arms. We also know these changes mean a revolution in tracking and reporting methodologies is coming — a revolution that will impact the entire performance marketing industry.

So … where does that leave performance marketers?

How Advertisers, Networks, and Publishers Should Prepare

In our previous post on ITP 2.0, we shared that the best path forward for all performance marketers is to immediately move to server-side tracking, also known as postback tracking.

For advertisers, there is still an opportunity to make use of pixels and cookies, as long as the cookies are on the same domain (or a subdomain) of the advertiser’s primary domain. Cookie access is still possible, but there are new constraints, including 30-day limits on cookie storage and increased dropped sessions.

However, the same cannot be said for network or publisher domains. Upon the release of the ITP 2.0 update on September 17th, Safari began identifying domains that are solely used as “first-party bounce trackers,” and blocking these domains from accessing cookies on user browsers. The only tracking method approved by Apple and still allowed for this use case is server-side (postback) tracking.

Postbacks: The Path Forward

For some time now, we at TUNE have recognized the power of the postback. (So much so that we named our annual conference after it, and our CEO has sung its praises.) We invented it, after all. It’s a defining feature of the TUNE platform, natively integrated and mobile-ready, and has been our recommended attribution method for years. But we also recognize not everyone in the performance space is ready to take such a bold step.

That’s why we’re happy to announce that we’re working on a JavaScript measurement SDK for performance marketers. We aim to make it compliant with Google Tag Manager, build it in such a way that Safari, Chrome, and Firefox don’t want to block it, and ensure it doesn’t negatively impact site experiences. You can expect TUNE to bring our learnings from mobile back to web to help make tracking better for everyone.

If you have questions about ITP 2.0, or a specific need you’d like addressed in the TUNE JavaScript SDK, please let us know in the comments below. To learn more about how the TUNE platform can future-proof your tracking, contact [email protected].

ITP 2.0 Tracking FAQ

As promised, our FAQs about Apple’s ITP 2.0 update:

Question Answer
What should TUNE clients who use pixels / cookie tracking do? If you are a network or publisher, and are currently utilizing pixel tracking to receive conversion information from your advertiser: Contact your advertiser and begin the process of switching to postback tracking immediately. You will lose all conversions from Safari.

If you are an advertiser: As long as your cookies are on a subdomain of your primary site (e.g., if your site is, would be a subdomain), you should be fine. However, your tracking cookies will still be subject to the 30-day activity window.

Will TUNE be developing a JavaScript SDK? Yes. TUNE is currently working on a JavaScript SDK. We see this as a stopgap measure and not future proof in any way. Postback (server-side tracking) is the most acceptable method going forward. It is specifically mentioned by both Apple and Mozilla as the best way to track conversion information.
Are there any limitations to using TUNE “cookieless” pixel tracking? Yes. Cookieless pixels rely on the transaction_id (the TUNE session identifier) to function. As cookies will be constrained by ITP, and one of the key arguments in favor of cookie tracking is the development effort of implementing storage for third-party identifiers like the transaction_id, cookieless pixels are likely to confine conversion tracking to the immediate session on the advertiser’s website. (This makes a 30-day cookie window more like a three-minute cookie window.)
What about TUNE clients who use Google Tag Manager? Google Tag Manager does not solve for this problem. Google Tag Manager is a client-side JavaScript SDK for managing measurement pixels. It does not have a server-side tracking function, and is therefore unable to send notifications to downstream systems.
Do TUNE clients need a custom domain in response to ITP? What about SSL certificates? Yes. Advertisers need a custom tracking domain on the same domain as the primary website to allow for pixel tracking. If no pixel tracking is present, there is no specific need for a custom domain. However, it is best practice to use a custom domain to insulate your tracking from the issues of shared domains.

With regard to the SSL certificates: If you are an advertiser and want to use cookie-based tracking, and your conversion/thank you page is secure (i.e., https), you will need an SSL certificate on the domain you use for tracking purposes. Additionally, we expect Chrome and Safari to block unsecured domains. While it is not a requirement at the moment, it would be prudent to support secure tracking on your domain to future-proof your tracking.

If you are a network or publisher, a secure tracking domain is not required. However, with https becoming the norm across the internet, it would be prudent to make use of it. If any third party (not a user) attempts to capture traffic, they will be unable to view the query string because https encrypts the query string parameters of the link while in transit.

I am an advertiser who works with multiple networks as publishers. How will ITP change how I work with them? Working with multiple networks as an advertiser can be a challenge, especially with a number of different tracking technologies working behind the scenes. Apple and Mozilla have specifically said that server-side (postback) tracking is the ideal standard for sharing data between tracking platforms. However, not all platforms can currently support server-side notifications. If you encounter a network platform that is unable to accept server-side notifications, there are two options:

1) If you have a custom domain and are using a pixel that works in accordance with the ITP requirements we have previously listed, you could allow the networks to use their pixel or JavaScript SDK. This will require that you have an iframe pixel placed. However, be prepared for discrepancies in your reporting for both Safari and Firefox users.

2) If you do not have an ITP-compliant pixel set up for your site, your network must either use server-side conversion notifications (postbacks) or will need to receive statistics from your Affiliate interface.

Interested in learning more about the TUNE platform, postback tracking, and how we solve for Apple’s ITP and other cookie-blocking measures? Contact us at [email protected]. To learn more about TUNE and user privacy under the General Data Protection Regulation, visit our GDPR page.

For in-depth guides to performance marketing measurement you can use right now, download TUNE’s e-books on online tracking in a post-ITP world and the 4 most popular conversion tracking methods

September 2019 update: Read our point of view on ITP 2.2.

June 2019 update: The February update to ITP 2.1 and the April release of ITP 2.2 target a specific workaround used by companies like Facebook and Google to bypass the third-party cookie restrictions introduced in ITP 2.0. This workaround drops on sites a first-party cookie that acts as a third-party cookie for tracking purposes; ITP 2.2 now deletes these first-party cookies after 24 hours. TUNE’s recommended method of conversion tracking, server-side postback tracking, remains unaffected by these updates, as it does not rely on cookies to work.

November 2018 update: The release of Intelligent Tracking Prevention 2.0 on Safari for iOS 12 and macOS Mojave has severely impacted the tracking capabilities of traditional performance and affiliate marketing platforms. Not so for the TUNE Partner Marketing Platform. Server-side postback tracking is natively built into our platform, and therefore tracking on TUNE using this method has not been affected by ITP 2.0.

Becky Doles

Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she handled content strategy and marketing communications at several tech startups in the Bay Area. Becky received her bachelor's degree in English from Wake Forest University. After a decade in San Francisco and Seattle, she has returned home to Charleston, SC, where you can find her strolling through Hampton Park with her pup and enjoying the simple things between adventures with friends and family.

Leave a Reply