Intelligent Tracking Prevention or ITP has a significant impact on online data collection, because it blocks the usage of client-side first-party cookies. Harvest offers a solution to make sure online data is not affected by ITP 2.1+, while still being compliant with privacy regulations.
Online data collection relies heavily on first-party cookies to identify users. Any time a user visits the website, we can lookup a unique ID of that user in their cookies. This way we can link all interactions to that unique ID. For example, a user clicks on an ad for a product and visits the website. After contemplating his decision for two weeks, the same user returns to the website and purchases the product. We can now link the click on the ad and the purchase thanks to the unique ID.
ITP 2.1+ limits the expiration time to seven days for cookies that are set from within the browser. These are so called client-side cookies. This means that in the above scenario we are unable to link the click on the ad to the unique ID, because after two weeks the cookie has already expired and a new unique ID is generated.
In principle, there is nothing wrong with ITP 2.1+. In fact, we tend to agree with the goals it sets out to achieve, which is preventing third parties from tracking all of your behaviour across large portions of the internet. This mostly happens through pieces of javascript that get loaded along with ads, social buttons, and other third-party content. This code relies on client-side cookies. ITP 2.1+ tries to limit the reach of this kind of third-party tracking, by limiting the lifetime of the client-side cookies. However, preventing the website owner from placing cookies and blocking all kinds of website analytics and e.g. AB-testing, is not the goal of ITP. This is why it does allow for the placement of long-lived server-side cookies.
The difference between client- and server-side cookies is pretty obvious. Client-side cookies are placed by the client, e.g. by the browser, while server-side cookies are placed by request of the server that serves the website. The latter are therefore fully controlled by the website owner. The request from the server to set this cookie often comes together with the content of some html page, however, in principle it can accompany any kind of network request. It is signaled by a so-called “Set-Cookie header” that is attached to the request. However, this is only allowed (for good reasons) when the current domain of the visitor is equal to the domain from which the set-cookie request originates.
Imagine someone is visiting https://myretailwebsite.com and all the analytics data is sent to https://pipeline.harvest.graindata.com/track. With the response from the Harvest url, a request for placing a long-lived server-side cookie is issued. This request will be denied, since the domains myretailwebsite.com and graindata.com are not equal. Luckily, there is a workaround for this. We can use a so-called CNAME. A CNAME basically is a reference to another domain. You can use it by sending all tracking requests to a url with the same domain as other parts of the website, e.g. https://harvest-pipeline.myretailwebsite.com/track. Using a CNAME all these requests are forwarded to https://pipeline.harvest.graindata.com/track behind the scenes. Now the response, including the request from the server to set a cookie, will originate from the same domain as the website that the visitor is looking at, and the browser will allow the placement of the long-lived server-side cookie.
This way, it is possible to place multiple cookies at once. By default, when using Harvest, only the “harvest_user” cookie is made long-lived. This cookie contains the information that identifies the user. However, we have the option to set other cookies through this server-side method. You can think of cookies used by Google Analytics, AB-test solutions, and other software that needs to identify users. Using Harvest, you can make any of your cookies long-lived. As a bonus, we can also use the Harvest pipeline to directly push all measurements to Google Analytics, without ever using the Google Analytics cookie. You just re-use the harvest_user cookie for this purpose. All in all, Harvest enables us to circumvent the side-effects of ITP 2.1+ and ensures consistent data collection that can be used to obtain valuable insights about your website and its visitors.