Are your analytics lying to you? (ITP’s impact on UX and ROI)

Are you missing out on conversions without realizing it?

With marketers constantly under increasing pressure to deliver ROI and results, it can be difficult to work backwards and understand what can be improved.

If your campaign performance looks off, your retargeting pools are shrinking, or your analytics just aren’t adding up, there’s a good chance Intelligent Tracking Prevention (ITP) is behind it.

Originally introduced by Apple in 2017, ITP has quietly become one of the most disruptive forces in digital marketing. It’s not just a Safari thing anymore.

It affects every browser used on iOS, and it’s changing how we track, measure, and personalize experiences online.

In this blog, we’ll break down what ITP is, how it works, and, most importantly, what it means for your analytics, advertising, and user experience. Plus, we’ll share practical strategies to help you adapt and stay ahead.

• What is Intelligent Tracking Prevention (ITP)?
• It’s not just Safari impacted by ITP
• Are other browsers doing anything similar?
• The ITP impacts you need to be aware of
• Examples of what issues ITP is causing
• Strategic shifts for marketers to adapt

What is Intelligent Tracking Prevention (ITP)?

First introduced in September 2017 with Safari 12 and IOS 11, Intelligent Tracking Prevention (ITP) is a privacy feature developed by Apple and built into the Safari browser and other WebKit-based browsers.

Its main goal is to reduce cross-site tracking by limiting how websites and advertisers can use cookies and other technologies to follow users around the web.

Here’s how it works in simple terms:

• ITP uses machine learning to detect and block tracking attempts.
• It restricts the use of third-party cookies, which are often used by advertisers to track users across different websites.
• Over time, it has also started limiting first-party cookies (those set by the site you’re visiting) if they’re used for tracking purposes.

Key updates to ITP:

ITP 2.0 (2018): Removed the 24-hour grace period for first-party cookies and began partitioning them when cross-site tracking was detected.

ITP 2.1 (2019): Reduced the lifespan of JavaScript-based cookies to 7 days.

ITP 2.3 (2019): Blocked link decoration techniques and further restricted data storage by third parties.

These updates reflect Apple’s ongoing commitment to user privacy, making Safari one of the most privacy-conscious browsers available today.

It’s not just Safari impacted by ITP

Because of the way ITP is built into the WebKit, any browser or app on a device running iOS is impacted by ITP, not just Safari.

Apple requires all browsers on iOS (like Chrome, Firefox, Edge) to use WebKit under the hood. So even if someone is using Chrome on an iPhone, it’s still technically running on WebKit and therefore, ITP is still active.

When you consider 155 million people in the United States are iPhone users, that means a massive portion of your audience is already being affected by ITP whether they’re browsing in Safari, Chrome, or any other app using WebKit.

Are other browsers doing anything similar?

Mozilla Firefox Enhanced Tracking Protection (ETP)

Introduced in 2019 and enabled by default, ETP blocks known third-party trackers and fingerprinters using a blocklist maintained by Disconnect. It limits cookie-based tracking and cross-site tracking.

Microsoft Edge 3 built-in features: Basic, Balanced and Strict

Uses Microsoft’s own tracking prevention lists to block known trackers and limit third-party cookies, similar to Firefox’s ETP

Google Chrome: Privacy Sandbox

After frequent delays and setbacks, Chrome’s solution, Privacy Sandbox, is no longer going ahead as of 2025. So for now, Chrome continues to allow third-party cookies, but it’s likely they will announce a different approach in the future.

The ITP impacts you need to be aware of

Analytics disruption resulting in potential lost revenue

Cookies expire after 1 day for ad traffic or 7 days for direct traffic. When these cookies are deleted, returning users may appear as new. This makes it difficult to measure long-term user behavior and means campaign metrics are inaccurate.

For example:

1. You’re running a paid social campaign driving traffic to your website
2. A user clicks on an ad from Instagram on Monday using Safari on an iPhone
3. They browse your site but don’t convert
4. Because of ITP, the cookie that tags the user as originating from your social ad is deleted
5. The user returns on Thursday and makes a purchase but because the cookie has expired, your analytics platform (Like Meta Ads or Google Ads) doesn’t recognize them as the same person
6. As a result, the conversion is attributed to Direct or Unknown instead of your Instagram campaign

What does this mean?

Your campaign ROI looks worse than it is, you lose visibility of how long it takes a user to convert, and it becomes more difficult to optimize ad spend or justify more spend because you can’t prove conversions are coming from the campaign.

When you’re a global brand, this is potentially impacting millions of transactions and resulting in potentially millions of wasted ad spend.

Advertising effectiveness causing poor ROI

When cookies are deleted, audience targeting becomes less precises and it’s harder to build accurate user profiles or retarget users across sites.

• Retargeting pools shrink because users can’t be tracked across sessions or sites.
• Lookalike audiences degrade in quality due to less reliable behavioral data.
• Frequency capping fails, leading to overexposure or underexposure to ads.

For example:

1. A user browses your product page (on an ITP-impacted browser) but doesn’t buy.
2. You want to retarget them with a discount ad, but ITP has already deleted the cookie that identified them.
3. You waste ad spend pushing discounts to a broader audience without knowing if anyone has purchased or not.

What does this mean?

Your retargeting campaigns reach fewer people, and you miss out on high-intent users who were close to converting. Your ads are shown to less relevant users, reducing engagement and increasing cost per acquisition. Some users see your ad too often (wasting budget), while others don’t see it enough to take action.

Use our calculator to see exactly how much revenue you might be losing and where you might recover costs with Cassie’s Identity Service module.

Poor user experience leading to less engagement and lower opt-ins

Cookies are a huge part of how marketers can understand user behavior. So, when these cookies no longer exist or are unreliable, there are multiple negative impacts on the user experience.

• Personalization suffers as returning users are not recognized beyond the cookie lifespan
• A/B testing and UX optimization tools may deliver inconsistent experiences due to cookie resets
• Consent fatigue may increase as users are repeatedly asked to re-consent due to cookie expiration

What does this mean?

Experiences feel generic and less relevant, which can reduce engagement and conversions and you risk rolling out changes based on flawed data. Some users may abandon the site or refuse consent altogether, reducing your usable data pool.

Examples of what issues ITP is causing

1. Retargeting an engaged user

Without ITP:

A user visits your product page on Monday. On Thursday, they see a retargeting ad for that exact product on Instagram and return to purchase.

With ITP:

The cookie identifying that user is deleted after 24 hours. By Thursday, they’re no longer in your retargeting pool. They don’t see the ad, and you lose a potential sale.

2. Attributing a conversion to a paid campaign

Without ITP:

A user clicks a Google ad, browses your site, and converts 3 days later. Your analytics platform attributes the conversion to the ad, showing a clear ROI.

With ITP:

The cookie expires after 24 hours. When the user returns and converts, the sale is attributed to “Direct” or “Unknown,” making your campaign look ineffective.

3. Running an A/B test

Without ITP:

A user is placed in Group A and sees Version A of your homepage consistently across multiple visits. Your test results are clean and reliable.

With ITP:

The user’s cookie expires after a day. On their next visit, they’re randomly placed in Group B and see Version B. This pollutes your test data and makes it hard to draw conclusions.

4. Managing consent and preferences

Without ITP:

A user accepts your cookie policy and selects their preferences. On future visits, they’re remembered and not prompted again.

With ITP:

The consent cookie expires quickly. The user is asked to re-consent every time they return, leading to frustration and possibly higher bounce rates.

Strategic shifts for marketers to adapt

As ITP and other privacy measures reshape marketing, it’s essential to rethink how you collect, manage, and activate data.

3 strategic shifts to consider:

1. Investing in first-party data strategies

With third-party cookies at risk, first-party data is the new gold standard: information collected directly from owned channels like websites, forms, email and surveys.

First-party data is more accurate, more compliant when collected with consent, and more valuable. It enables personalized experiences at scale, better segmentation and stronger customer relationships.

2. Re-evaluating martech stacks for compliance and resilience

Legacy marketing tools weren’t built for today’s privacy-first environment. That’s why many organizations are auditing their martech stacks to ensure:

• Consent is captured and honored across all platforms
• Identity resolution works without relying on third-party cookies
• Systems are interoperable and future-proof

A resilient stack should support centralized consent management, flexible data governance, and the ability to activate insights across channels, even when user data is limited.

3. Exploring privacy-first personalization

Personalization doesn’t have to mean invasive tracking. Marketers are now using contextual signals (like time of day, device type, or on-site behavior) and consented data (like quiz responses or preference centers) to deliver relevant experiences without compromising privacy.

Tactics include:

• Progressive profiling: collecting data gradually over time
• Zero-party data: asking users directly for their preferences
• Consent-aware journeys: adapting content based on what users have agreed to share

This approach not only respects user boundaries but also builds trust, turning privacy into a competitive advantage.