Server Side cookies

Safari has recently introduced Intelligent Tracking Prevention (ITP) 2.1, 2.2, and 2.3 which reduces trackers’ ability to establish user identities across sites. 

  • In ITP version 2.1, a cookie created on a visitor’s browser expires after 7 days. 
  • With ITP version 2.2, if a user comes from a decorated URL, i.e., a domain classified with cross-domain tracking capabilities with has a query string or a fragment, the cookies on the website expire within 24 hours. 
  • With ITP version 2.3, if a user comes from a domain classified with cross-domain tracking capabilities and has a query string or a fragment, the first-party non-cookie website data expires after 7 days of the user not interacting with the website. 

How ITP Impacts Triggerbee 

Although Triggerbee doesn't support cross tracking capabilities nor uses 3rd party cookies, the severe and broad limitations of cookies in ITP will affect Triggerbee negatively, including - but not limited to: 

Reduced identification rates 

Users identified in Triggerbee during one visit, that comes back after ITP has removed the cookie, will be unidentified again. Unidentified users will not be served the personalized campaigns that identified visitors get. 

Less accurate A/B test 

The same visitor visiting the website after 7 days may be served a different variation of the same A/B test than what was previously shown. This can create inconsistent experiences and impact campaign accuracy. This is because the information about which variation was shown to the user is stored in cookies.

Incorrect Returning visitor metrics

In Triggerbee you have audiences for new and returning visitors. These metrics are also reported under the "Analytics" section. With ITP Safari users will more often count as "new visitors", even though they recently visited the website. 


To avoid ITP-related side effects, you must set the Triggerbee cookie on your server. Below is an example of how to achieve this in C#. 

C# snippet for .NET websites

using System;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.Http;

namespace YourApplication.Controllers {

public class CookiesController: Controller {


public IActionResult UpdateCookies() {

string[] cookies = { "_mtruid", "_smtruid"};

foreach(string cookieName in Request.Cookies.AllKeys) {

if (Array.Exists(cookies, x => x == cookieName)) {

HttpCookie cookie = Request.Cookies[cookieName];

// Adds a year to the expiry date of the cookie

cookie.Expires = DateTime.Now.AddYears(1);

// The domain should be your top domain with a ‘.’

// before it, e.g. for the domain

// entered here should be

cookie.Domain = "";




Response.Headers.Add("Access-Control-Allow-Origin", "*");

return Ok();




To then call this endpoint you can implement the following Javascript snippet either after our tracking script on your site or in the client script in your account settings. This snippet will listen to one of our events and then send a request to the endpoint.

document.addEventListener('afterTriggerbeeReady', function() {



Still need help? Contact Us Contact Us