does safari block google tag manager

7 Best Ways to Bypass Safari ITP and Ad Blockers

August 5, 2022 // Andrew Seipp

Cookies are the standard for tracking user behavior through their journey and touchpoints. However, due to the increase in use of ad blockers, and due to Apple establishing Intelligent Tracking Prevention (ITP), as well as regulations such as GDPR and CCPR becoming the norm, many users are able to block advertisers’ attempts to track their interactions. 

       Contents

What is apple itp.

• What Are Third-Party Cookies vs First-Party Cookies?
• How Does ITP and Ad Blocking Work?
• 6 Methods for Bypassing ITPs That Work

#1 Use Google Tag Manager server-side tagging

#2 proxy analytics scripts through your own domains, #3 integrate tracking scripts into your site’s main javascript file, #4 set cookies via a web server rather than javascript, #5 use first-party data as much as possible, #6 follow gdpr and ccpa guidelines and get informed consent, #7 anonymize the user data sent to any ad platform.

• Build Your Perfect Marketing Stack

A study found that almost half (47%) of global internet users worldwide used an ad blocker. In the United States, 38.8% of internet users did the same. 

Here’s why this matters to marketers:

• 15% to 30% of your conversion data will disappear. 
• US-based businesses could miss up to 36% of data on average.
• 80% of advertisers rely on third-party cookies to reach their online prospects

With ITPs, it’s a lot more difficult for marketers to access consumer data essential to get clients along the sales funnel. Fortunately, there are ways  analytics tracking  can bypass ad blockers. 

In this article, we’ll teach you how to bypass Safari’s ITP and ad blockers. It won’t be about dirty tricks that won’t work next month anymore. We’ll show you 6 methods that we apply in our consulting practice, that are made to withstand the evolving privacy climate, and that respect the interests of the user. Let’s dive in:

• Third-party Cookies vs First-party Cookies
• How Does ITP and Ad Blocking Work
• 5 Methods for Bypassing ITP and Ad Blockers That Work

Apple’s Intelligent Tracking Prevention (ITP) is an algorithm that blocks third-party cookies. This means that the site you visited is blocked from setting cookies that could share the user’s data for advertising on another website or platform. 

Apple’s ITP also limits the use of cookies in a first-party context. Using machine learning technology, the solution can track domains users have visited in the past 24 hours. Sites without a direct relationship to  the user won’t be able to drop cookies for retargeting or attribution. 

For context, ITP was first released in September 2017 alongside Safari 12 and  iOS  11. In 2021, Apple required advertisers to get a user’s consent before they can track their activities—and major search engines like Chrome and Firefox have followed suit. 

Furthermore, Apple requires apps and websites to ask permission before they can track user activity. When refused, you won’t be able to identify the user, create analytics reports on the user’s behavior, or send advertising messages. Users also have the ability to stop tracking activity on apps they previously approved. 

Third-Party Cookies vs. First-Party Cookies

First-party cookies are stored in the domain or website you visited. They  track user data  only on the website where they were placed, and they are not used to send user information to other websites, servers, or platforms. For example, first-party cookies also collect data such as sign-in information, language settings, and  products viewed . The data will only be used within the environment of the website that sets them for the user. This type of cookies does not track user activity in other domains.  First-party cookies can be within an e-commerce website, but also within a big social network. So for instance, if Facebook cookies a user, but does not share the data with another platform for retargeting, and only uses the cookies for their own marketing, it’s still first-party.

Third-party cookies are those that are passed between websites, often for retargeting. So when you browse an ecommerce website about electric kettles, and then you see an ad about an electric kettle on Facebook, it’s because of third-party cookies. The ecommerce website passed the cookie onto an aggregating server, which then sold the data to advertising platforms, including Facebook.

Finally, here’s a how the two types of cookies affect your advertising differently:

• Privacy issues: Passing user behavior data between multiple parties makes it hard to respect privacy. This is at the core of the reason for ITP.
• Ad blocking: Majority of browsers support first-party cookies, while ad blockers often block third-party cookies. Both cookie types can be deleted by users.
• Connecting cookies: A first-party cookie is connected to a publisher’s web server or domain. Third-party cookies are set by third-party service providers like ad tech vendors and servers. 
• Availability: First-party cookies can only track user activity within the domain where the cookies were set. In comparison , third-party cookies can be accessed on multiple third-party domain. 

How Do ITP and Ad Blocking Work?

Ad blockers seek to  eliminate online advertisements in a webpage through filtering rules. As the website loads, the ad blocker evaluates the site’s scripts and finds scripts to block. The blocked ad content is replaced by alternative content or broken links, or it is left out. 

Intelligent Tracking Prevention uses machine learning to identify websites that track users through cookies . Then, it blocks them from placing tracking data in the user’s device. Apple ITP is turned on by default in Safari, allowing users to safeguard their privacy with zero effort. What’s more, Google has announced that they will join the bandwagon, and block third-party cookies in Chrome starting from 2023.

The ITP uses machine learning algorithms designed not just to block particular tags, but to block scripts with suspicious behavior patterns. It’s similar to antivirus software, and it helps Apple stay ahead of workarounds that provide a temporary solution without actually respecting user privacy.

7 Proven Methods to Bypass ITPs and Ad Blockers

The death of cookies is a good thing for the increasingly privacy-conscious consumer. As it turns out, it can be a positive sign for marketers too. Transitioning to first-party cookies offers more control to all parties involved.  It also makes advertisers care more about user relationships where the users are happy to share first-party data.

At the same time, Apple and  Google  do not offer optimal solutions that enable marketers to continue doing good advertising.

Add in ad blockers that can block scripts entirely and it is increasingly difficult for marketers to track the performance of their campaigns. But not all is lost and there are a few ways that marketers can use to limit the impact of both ITP and ad blockers, and maintain a high return on ad spend.

The common theme of creating workarounds for ITP and ad blockers is to utilize first-party tracking. Using your own servers helps a lot.

While Google Tag Manager isn’t blocked by Safari’s ITP, any third-party scripts that load through it will fall under ITP and their cookies will be blocked. Google Tag Manager is also generally blocked by most ad blockers. Fortunately, advertisers can use  Google Tag Manager server-side  to mitigate this issue.

By tagging server-side you load Google Tag Manager from a domain you control and reduce the amount of third-party JavaScript that loads in the user’s browser meaning that, in many cases, you can potentially avoid loading third-party scripts in the user’s browser entirely.

  This improves performance — by speeding up page load times due to less JavaScript being loaded, and security — by keeping tracking IDs out of the user’s browser which can prevent issues like spamming Google Analytics with fake traffic.

While using Google Tag Manager server-side can mitigate ITP tracking and some ad blockers, the tag still can be detected because it has “gtm.js” in the name of the file, which is detectable by many ad blockers. As a workaround, you can use something like a Cloudflare Worker or an AWS Lambda function to essentially transform the tag name and then modify the tag script to use the new name. The tag would go from having “gtm.js” detectable:

to something like this:

If you use  customer data platforms (CDPs)  like  Segment , you can load their analytics.js tag from their CDN (cdn.segment.com), but you can also setup a CNAME record and have it load from your own domain (e.g. cdn.mcgaw.io) which will mitigate the impact of ad blockers.

This works really well, but much like with Google Tag Manager, ad blockers can still detect the tracking because the JavaScript file is usually named something like “analytics.js”, which is still detectable by ad blockers even if served from your own domain.

You can do similar things as with Google Tag Manager with a Cloudflare Worker to change the name of the file to something an ad blocker won’t recognize, but there is an easier way to potentially do this — integrate the tracking tag directly into your main site script.

Many tracking scripts, such as Segment’s Analytics.js, have an  NPM package  that can be ingested into the main site script with a modular bundle like webpack.

This method removes the “analytics.js” script and ensures that there aren’t any subdomains serving the tag (e.g. cdn.mcgaw.io), which means the only way for ad blockers to block it would be for it to block all JavaScript  entirely .

This also has the benefit of increasing performance because the user’s browser won’t have to do another DNS lookup to load another script.

One of the biggest impacts of ITP is that it expires cookies that have been set by JavaScript after 7 days. In particular, for identifying returning users it’s important to have an anonymous or user ID that persists for as long as possible.

The solution to solving this is simple in concept: set a browser cookie via your web server. In practice, this is a bit more tricky, as there isn’t a turnkey solution to set a cookie via a web server. Also,  implementing this solution will depend on what your website is built on and how much control you have.

If you’re using a WordPress site, you could create a function in your theme that would set a cookie. If you’re using a platform that you have less control over, you have to be more creative in setting this up and you’d need to use something like a Cloudflare Worker for setting a cookie on the site.

Once this cookie has been generated it will then stay there as long as you set it and as long as the user comes back to the browser. You will be able to tie all of their sessions back together even if they come back to the site more than a week later.

Depending on which approach you take, you’ll likely need to configure each. But as we all know, users don’t use a single browser or device anymore; most users will probably view your site on more than one device or browser. This makes tying  sessions together more difficult. But there is a solution: use first-party data.

First-party cookies expire after 7 days and users that come back to the site from a different browser or device will lead to the same issue: returning users are seen as new users.

The most effective way to mitigate this issue is to collect first-party data about the user as early and as often to tie their sessions together.

For example, if you run an ecommerce business, getting a user’s email address on their first visit will not only allow you to include them in your email marketing campaign, but it will also let you identify them in an analytics platform like Amplitude or Mixpanel. The user’s mobile device will be tied to that user identity for 7 days at a minimum until the cookie expires (unless you mitigate it with server-side cookies).

If the user comes to the site on their desktop and then completes a purchase with the same email address, Amplitude will tie together the session on their phone and the session on the desktop to a single user, providing you with  accurate attribution  of where the user came from.

Collecting first-party user data and keeping it within your own analytics is not just good for your own marketing, but it provides better privacy for your users. Much of the privacy issues and the laws that address them are around sharing data with third parties rather than companies using the data internally to understand their users.

I personally don’t have any issues with my grocery store giving me discounts based on my purchase behavior, but I would have issues with them selling my information to a direct mail company or to a data broker that would potentially do something harmful.

Your advertising must follow data protection laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). In general, regulators mandate website owners to ask for web visitors’ consent first prior to tracking their data.

Consent management solutions such as the Segment Consent Manager allow you to send consent forms to meet these requirements. The solution uses the common tracking consent forms or pop-ups, so the user can tell tracking tools which data they’re allowed to receive.

Build Your Perfect Marketing Stack  

Andrew Seipp

Andrew, our director of growth marketing, has more than seven years of experience driving success for clients. He creates and implements strategies that are fully automated and scalable using tools like Hubspot, Marketo, Autopilot, and other tools of the marketing trade. In his career thus far, Andrew has helped generate hundreds of millions of dollars in company value.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

300 S Orange Ave SUITE 1000 Orlando, Florida 32801

• MarTech Stack & Marketing Automation
• Analytics and Metrics
• Funnel Optimization
• Segment Implementation
• Ventures & Tools
• Downloads & Webinars
• Case Studies
• Technology Partners
• The Stack Podcast

© Copyright 2024 McGaw · All Rights Reserved. Privacy Policy

#GTMTips: Enable Preview Mode In The Safari Browser

With Intelligent Tracking Prevention , the Safari browser is on a crusade against cross-site tracking. One of the most obvious and long-standing ways to battle cross-site tracking has been to block third-party cookies in the web browser, and this is exactly what Safari does by default.

However, Google Tag Manager’s Preview mode relies on a third-party cookies, so that it can serve you the draft version of the container while serving the regular, live container to your site visitors.

Thus, to be able to use the Preview mode in the Safari browser, you will need to relax the cross-site tracking blockers in the browser, or just not use Safari for debugging the container.

The Simmer Newsletter

Subscribe to the Simmer newsletter to get the latest news and content from Simo Ahava into your email inbox!

Tip 102: Enable Preview mode in the Safari browser

When you enter Preview mode in the Google Tag Manager UI, GTM actually sends you to the googletagmanager.com domain, where a first-party cookie is set in your browser with an authentication token and details about the container version to be previewed. Then, when you visit your site and fetch the gtm.js container from the same domain, the cookie originally set on googletagmanager.com is now used in a third-party context to serve you the correct, draft container file.

If your browser is blocking third-party cookies, the request for gtm.js will not have access to the cookies written on googletagmanager.com , and thus you get served with the live container instead.

In Safari, to enable third-party cookies and thus enable GTM’s preview mode, you need to do the following steps.

1. Enable cross-site tracking in Safari

The new “Cross-site tracking” toggle in Safari’s Privacy settings is essentially the ITP switch. By unchecking it, you are giving the browser authorization to read, write, and make use of cookies in the third-party context. If this sounds unappealing, you will need to use some other browser for previewing GTM’s containers.

To find this switch, click the Safari menu, choose Preferences , expand the Privacy tab, and uncheck the Prevent cross-site tracking checkbox.

2. Restart the browser

This is important - you need to restart the browser for the change to come into effect.

3. Go to Preview mode in Google Tag Manager

Now, browser to your container in the GTM UI, and click the PREVIEW button. Contrary to how the other browsers work, you will be taken to a page on the googletagmanager.com domain, where you will now explicitly need to click that START PREVIEW button.

If you’re wondering why that button is there, it’s a good question. Most likely it has to do with the early versions of ITP (1.x), where you could use third-party cookies as long as there was a meaningful interaction on the domain where the cookies are written. Clicking a button is interpreted as a meaningful interaction.

However, ITP 2.x, this is no longer enough, so the button doesn’t really do anything if you have cross-site tracking prevention toggled on.

If everything worked , you should see the familiar orange preview bar in your GTM UI. If you don’t see it, make sure you actually restarted the browser.

4. Go to the website and clear the cache

Finally, you can browse to the website itself. If you don’t see the Preview panel, it’s most likely because your site is caching the non-preview version, and you need to clear the cache. To clear the cache, hit CMD + OPT + E , or choose the “Empty Caches” option in the browser’s Develop menu. If you don’t see a Develop menu, follow this link for instructions.

After clearing the cache, simply reload the page, and you should see your debug panel.

Just a quick tip this time, in response to a number of queries around this topic every since ITP really started having an impact on browsing behavior.

Let me know in the comments if you still can’t get it to work, but you should be fine by dutifully following the steps outlined above.

• Share on Facebook
• Share on Twitter
• Share on LinkedIn

• Course bundles
• Youtube channel
• E-books and Guides
• GTM Recipes
• View All Resources
• GTM Community
• GA4 community

September 4, 2023

3 ways how to turn off Google Tag Manager Preview mode

Updated: September 4th, 2023.

Google Tag Manager’s widget keeps popping up at the bottom of the screen, huh? If yes, you’ve come to the right place. In this guide, you’ll learn how to turn off Google Tag Manager debug mode (or, in other words, exit it), including some standard and not-so-common options.

Option #1. Click Finish in the preview mode’s widget

The easiest option (that works in most cases) is to click the Finish button in that widget.

However, in some cases (after you refresh the page), the widget appears again. If that’s your case, read the next tips.

Option #2. Remove the “gtm_debug=x” from the URL

There are three ways for the widget/badge to appear:

• The page URL contains the gtm_debug=x parameter, e.g.,  https://www.yourwebsite.com/?gtm_debug=x
• The referrer is tagassistant.google.com
• You have a _TAG_ASSISTANT cookie

To resolve the 1st situation, simply try to remove the gtm_debug=x from the URL (if it is present). If your URL does not contain the parameter, it means that your problem’s cause is either the referrer or a cookie. I explain how to resolve that in the following two chapters.

Option #3. Delete the _TAG_ASSISTANT cookie

The exact steps might differ depending on the browser that you use. I’m going to show how to achieve this with Google Chrome.

In the top-right corner, click three dots and then go to More Tools> Developer Tools .

Then go to Application > Cookies > [Your domain] :

And in the search field, enter _TAG_ASSISTANT. Once you find that cookie, click it and hit DELETE on your keyboard.

Refresh the page. This is the last resort, and I hope that it helps you.

How to turn off Google Tag Manager preview mode: Final words

If any of these conditions are met, the badge will appear. Usually, the “ Finish ” button handles all of that. Still, if it fails, you must manually remove the gtm_debug parameter, delete the cookie, and further navigate on your website to lose the tag assistant referrer.

If you are having issues with the GTM preview mode in general (it’s not working for some reason), take a look at the guide linked above.

11 COMMENTS

There's also a bug in google tag manager. I use GTM extensively and for the last three weeks, I haven't been able to close the preview mode of one specific container. That's also where I think the questions are coming from. Of course, I've tried all 4 option above.

Sounds like you were working on a certain environment where the debug mode is enabled by default.

• Dec 14 2019

Thanks! this was driving me crazy but I finally was able to remove the debug mode from my sites.

• Aug 10 2020

Gracias!!!!

• Oct 29 2020

i have tried the methods above, but none of them works, there is no gtm_debug=x on my url, and no such cookie in my browser.

What about the referrer?

• Nov 10 2020

Hi Julius, I found out that the Google Analytics Debugger extension could also be the culprit. In my case, whenever it's turned ON, GTM debugger widget is shown on every websites, even one that is not referred from tagassistant.

Amazing! I will update the blog post accordingly. I have been looking for a solution to that problem for quite some time now. Thanks!

• Dec 17 2020

Thanks! This helped! The debugger widget was popping up on many pages including this one.

• Aug 16 2021

Ohhh, thank you, TienAnh! It's not even the floating assistant window that was infuriating. It's the fact that clicking "Finish" was killing tabs for me, whether I was on my own pages or anywhere else on the Internet.

Leave a comment Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

  Notify me when new comments are added.

• Español – América Latina
• Português – Brasil
• Tiếng Việt
• Security & Privacy

Configure and customize cookies

This page is for developers that want to customize cookie settings with the Google tag or Google Tag Manager. If you aren't sure if you need to configure cookies, read Cookies and user identification .

By default, Google tags use automatic cookie domain configuration. Cookies are set on the highest level of domain possible. For example, if your website address is blog.example.com , cookies are set on the example.com domain. If it is detected that you're running a server locally (for example, localhost ), cookie_domain is automatically set to 'none' , and cookies will use the full domain from the document location.

If you only want to modify cookie expiration or cookie update settings, you can change default cookie settings using the Analytics interface.

For most websites and apps, cookie storage should also be controlled by user consent. User privacy overview introduces the available options for managing user consent.

Change cookie domain

When you use automatic cookie domain configuration, activity is measured across subdomains without any extra configuration.

To make changes to the cookie domain configuration, follow these steps:

To turn off automatic cookie domain configuration, update the config for your tag to specify a value for the cookie_domain parameter:

Tag Manager

For the google tag :.

• In your workspace, open the Tags menu.
• Edit an existing Google tag or create a new one.

In the Configuration settings, add a new parameter:

• Name : cookie_domain
• Value : my.example.com
• Save the tag and publish the container.

For Google Ads and Floodlight tags:

Domain settings can be modified from the Conversion Linker tag:

• In Tag Manager, open your existing Conversion Linker tag, or create one if the tag doesn't yet exist in your container.
• Under Linker Options , click Override cookie settings (advanced)
• In the Domain field, enter the highest level domain for which a cookie should be allowed to be set. You can also specify a specific path in the Path field. Only use these settings if you need to limit cookies to a lower-level subdomain or subdirectory.

For Universal Analytics tags

• In Tag Manager, open the Tags menu.
• Edit and existing Universal Analytics tag or create a new one.
• Create a new Google Analytics settings variable . Select Variable Configuration > More Settings > Fields to Set .
• When the Fields to Set section is expanded, click Add Row .
• In Field Name , enter cookieDomain .
• For Value , enter the domain value, e.g. my.example.com .
• Save the tag and publish.

Rename cookies

To avoid conflicts with other cookies, you may need to change the cookie name.

This configuration adds example to the beginning of the cookie that it sets (for example _ga becomes example_ga , or _gcl_au becomes example_gcl_au ):

• Name : cookie_prefix
• Value : example

For Universal Analytics tags:

Universal Analytics tags in Tag Manager can replace the name of the cookie with cookieName via a Google Analytics settings variable .

• In Tag Manager, open a Google Analytics settings variable and select Variable Configuration > More Settings > Fields to Set .
• For Field Name , enter enter cookieName .
• For Value , enter the name of the cookie, for example, myCookie .

Name prefix settings can be modified from the Conversion Linker tag:

• In the Name prefix field, enter the desired name prefix. Any tags that use these cookies (for example, Google Ads conversion tags) must also be configured to use the same prefix.

Cookie expiration

On each page load, the cookie expiration time is updated to be the current time plus the cookie expiration value set by the Google tag. This means that if cookie expiration is set to one week ( 604800 seconds), and a user visits using the same browser within five days, the cookie will be available for an additional week, and they will appear as the same visitor in your reports. If that same user instead visited after the original cookie had expired, a new cookie will be created, and their first and second visits will appear as coming from distinct visitors in your reports.

If you set the cookie expiration value to 0 (zero) seconds, the cookie turns into a session based cookie and expires once the current browser session ends.

• Name : cookie_expires
• Value : 2419200
• Edit an existing Universal Analytics tag.
• In Field Name , enter cookieExpires .
• For Value , enter the number of seconds before the cookie will expire, e.g. for 28 days, enter 2419200 .

Cookie update

When the cookie_update flag is set to true (the default value), Google tags may update cookies on each page load, and may update the cookie expiration to be set relative to the most recent visit to the site. For example, if cookie expiration is set to one week, and a user visits using the same browser every five days, the cookie expiration will be updated on each visit and so will effectively never expire.

When set to false , cookies are not updated on each page load. This has the effect of cookie expiration being relative to the first time a user visited the site.

• Name : cookie_update
• Value : false
• In Field Name , enter cookieUpdate .
• For Value , enter a boolean value, e.g. false .

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2023-11-28 UTC.

• Help Center
• Tag Manager
• Privacy Policy
• Terms of Service
• Submit feedback

The Google Analytics: GA4 Configuration tag is now the Google tag. GA4 Configuration tags in a web container will be automatically migrated starting in September. There are no changes to your existing measurement and there is no action required from you. Learn more