ITP workaround: Set Raptor tracking cookies server side

 

In 2019 Apple introduced its Intelligent Tracking Protection version 2.1 (ITP) procedure that removes 3rd party cookies entirely and sets 1st party cookies to an expiry of only 7 days in Safari browsers both on Mac and iOS.

 

So far, the cookie that keeps track of your returning visitors is set client side. As the other browser vendors have also announced similar procedures, you should set (or re-set) your Raptor tracking cookies server side. This way you will still be able to recognize your returning visitors beyond 7 days. 

 

How to set the Raptor tracking cookies server side

 

You need to find one specific cookie depending on which version of the Raptor tracking script you have implemented on your website:

Tracking script version 2 (V2): {customerid}rsa
Tracking script version 3 (V3): rsa    

 

To make the cookie persistent towards the ITP, read it on the server and write it again in the http header with a 1 year expiry. Do NOT use httponly as this will make it invisible to the Raptor tracking script. You can use the secure flag if needed. It should look like this:

Set-Cookie: rsa=<value>; expires=<date>; path=”/”; secure; samesite=lax

 

When the cookie is set serverside, and the Raptor script runs on the client, the script needs to know which cookies are being set serverside.

This is done by setting the following option before loading main script:

raptor.serverSideCookies = [”rsa”];

 

Special case for iOS

 

We have experienced that the cookie can be removed in Safari on iPhones and iPads, even though it is set server side. If you experience this problem, you can do the following: 

Set an httponly cookie as an addition to the rsa cookie above:

Set-Cookie: someId=<value>; expires=<date>; path=”/”; secure; httponly; samesite=lax

 

And syncronise the value from the someId field into the rsa value field, meaning that the someId value should overwrite the rsa value. 

 

Please reach out to Raptor if you have questions regarding ITP and the cookie workaround.