You discovered a new feature🥳… This page is a work in progress.
What is Intelligent Tracking Prevention?
Intelligent Tracking Prevention is a feature of WebKit (the browser engine that powers Safari on macOS, and all mobile browsers on iOS and iPadOS), which protects users’ privacy by placing technical restrictions on tracking methods websites can use.ITP aims at “blocking practices that are harmful to users because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them.”
— WebKit’s Tracking Prevention Policy
What does ITP block?
This section outlines the restrictions that impact marketing teams the most, and how OneView achieves compliance with them. For the full list of restrictions, please check WebKit’s technical documentation.
Cookies
| Restriction | Impact |
|---|---|
| Third-Party Cookies: Full Third-Party Cookie Blocking | All third-party HTTP cookies are blocked by default. |
| Restricted cookie lifetime: 7-Day Cap on All Script-Writeable Storage | All regular cookies are deleted after 7 days of no user interaction. |
| Tracking subdomains CNAME and Third-Party IP Address Cloaking Defense | All first-party HTTP Cookies set by your subdomains (e.g. api.domain.example) are capped to 7 days, unless its IP address is basically the same of your website. |
- blocks all third-party cookies
- restricts first-party cookies to a 7-day lifetime, unless they are set by the webserver
data.example.com) is not enough to comply with Apple® ITP. This technique is called CNAME Cloaking and is explicitly targeted by ITP.
OneView achieves full ITP compliance when using a or setup. With these configurations, you have full control over the OneView master cookie, ensuring client_id persistence beyond the 7-day ITP limit.
How do I implement traffic mirroring with OneView?
How do I implement traffic mirroring with OneView?
Check out the implementation guides.
What is the difference between first-party and third-party cookies?
What is the difference between first-party and third-party cookies?
What is the difference between regular and HTTP cookies?
What is the difference between regular and HTTP cookies?
Link Decorators
When using OneView ensures full attribution accuracy across all browsers with link decoration redaction:
- Safari (with Intelligent Tracking Prevention)
- Firefox (with Enhanced Tracking Protection)
- Brave (with Query Stripping)
- all browsers on iOS and iPadOS (as those run on WebKit)
utm_source parameters, and turn on Enhanced Conversions| Restriction | Impact |
|---|---|
| Click ID redaction: Detection of Cross-Site Tracking Via Link Decoration | ➡️ Regular cookies are capped to 24 hours when a third-party link decoration (e.g. gclid, fbclid, msclkid, etc…) is detected.➡️ In Private Browsing mode, the decorator is stripped altogether. UTMs are not affected. |
gclid(Google Ads)fbclid(Meta/Facebook)msclkid(Microsoft Ads)ttclid(TikTok)
How does OneView achieve LTP compliance?
How does OneView achieve LTP compliance?
OneView solves LTP compliance through two complementary methods that work even when the browser or a plugin strips all tracking parameters:See which platforms support this dual attribution approach in our integrations overview.
1
UTM-First Attribution
OneView uses a UTM-first attribution model that remains fully functional across Safari, Brave, Firefox, and all high-privacy scenarios. Instead of relying on platform-specific click IDs, OneView attributes conversions using UTM parameters that are LTP-compliant.
Configure custom UTM fallback values for each integration in OneView
utm_source fallback value for each Media Partner, ensuring accurate attribution even when click IDs are removed.2
Enhanced Conversions Recovery
When consent is granted and the Media Partner supports it, OneView automatically sends Enhanced Conversions via each platform’s Conversion API. This allows ad networks to recover attribution data using:
- First-party customer data (hashed emails, phone numbers)
- Browser and device information
- Conversion event details and timing
Can I use tracking templates to bypass LTP?
Can I use tracking templates to bypass LTP?
Circumventing browser privacy protections is not recommended. OneView does not support workarounds like parameter renaming. These techniques:
- Violate your users’ privacy expectations through active circumvention
- Are trivial for browsers to block in future updates anyway
gclid to mygclid or gcl), to then rewrite the URL with the original parameters before sending it to OneView.Why this is fragile:Browsers currently block parameters primarily by name, but extending this to value-based detection is trivial. A click ID like 123456789.987654321 follows a distinctive, recognizable format regardless of whether it’s named gclid, mygclid, or my_tracking_param.Browser vendors already maintain blocklists of known tracking domains and parameters. Applying pattern matching to detect renamed click IDs—especially from known advertising referers—requires minimal additional effort.