Skip to content

How does TraceDock extend the cookie lifetime to 180 days?

Ever since the release of Intelligent Tracking Prevention 2.1 (ITP) all third party cookies have a reduced lifetime of 1 to 7 days within Safari. The consequences for digital marketeers are immense as any customer journey longer than 7 days cannot be attributed to the responsible traffic sources anymore. We solved this with TraceDock by implementing first-party server-side cookies to extend their lifetime to 180 days. After reading this blog, you will understand how Google Analytics set its cookies and how Tracedock is able to extend them.

This is a rather technical blog

Note that this is a rather technical blog. If you have any questions on this topic, feel free to reach out to [email protected]. We are more than willing to clarify any questions you may have.

Client side cookies and ITP

Cookies are small pieces of code that are stored in the clients browser to store various data. Google Analytics stores the client-id in a cookie called _ga. This is done client side; with JavaScript via the function document.cookie. The stored client-id is sent over with each event and allows Google Analytics to combine all events of a user and track with which campaign a certain sale has been made. More information on the cookies of Google Analytics can be found in this guide.

Since ITP 2.1, the maximum age of all cookies set client side from a domain or script classified as tracking domains (ITP) will be capped to 7 days (or even 1 day if the user landed on your site from an advertising location). If you are interested in a more thorough read on this, have a look at this blog on how Safari does it.

The result is that, as you can see in the image below, upon inspecting the _ga cookie of our website, the expiration date is reduced to 7 days.


Web inspector: inspect the _ga cookie in Safari

The current restrictions are focussed on cookies set client-side via document.cookie. With this in mind, TraceDock initiates first-party server-side cookies (“http set-cookie”) to extend the cookie life-time.

How this works technically is explained in the following diagram. To start with, Google Analytics is loaded from, upon which a cookie is initiated with the JavaScript function document.cookie. As such, this cookie is flagged by ITP, and the maximum lifetime is set to 7 days. If you are using Google Tag Manager, the same process occurs, but it is initiated from within the Google Tag Manager script.


How TraceDock extends the cookie lifetime

TraceDock is initiated in parallel through a randomized subdomain of the customer, e.g. on and with a randomized script.

Upon retrieving the script it will read out the Google Analytics set cookie _ga. TraceDock then piggybacks on the pageview server request and asks the server to restore the cookie _ga with this value. The server will then respond with the header set-cookie. This response will trigger the browser to set a cookie, and because it is set using http set-cookie from a first-party subdomain, the maximum age can be extended to 180 days.

As a result, you can return to the web inspector of Safari, and see that after TraceDock is enabled, the maximum age of the cookie _ga is recovered to 180 days.


Web inspector: the _ga cookie in Safari is recovered to 180 days

In conclusion

With TraceDock enabled on your website you can automatically protect your digital analytics cookies against the effects of ITP 2.3 through a first-party server-side initiated action set-cookie. With this explanation, we hope to inspire you to set something up yourself or reach out if you want to install TraceDock to get it fixed without the hassle.

If you are interested, have more questions or want to see how TraceDock works, reach out to our support team on [email protected]. We love to help.