Looking for the #1 Tag Manager Helper?Go to GTMSPY

Race Condition
Google Analytics ITP 2.1 Prevention — HTTP Set-Cookie /snippet/
Google Analytics

February 26, 2019

Google Analytics ITP 2.1 Prevention — HTTP Set-Cookie /snippet/

Here’s the small Cloudflare Workers snippet needed to set the _ga Cookie via HTTP in order to circumvent Webkit’s ITP 2.1

Here’s the small Cloudflare Workers snippet needed to set the _ga Cookie via HTTP in order to circumvent Webkit’s ITP 2.1

Recently, the team at Webkit announced that as per ITP 2.1 first-party cookies that were not set via HTTP header (i.e., cookies created using the document.cookie API) will be limited to a 7-day expiry.

Web analysts know that this is a major threat to tracking quality as first-party cookies with a 2-year expiry is exactly how, for example, Google Analytics is designed.

In his second-to-none manner, Simo Ahava already posted a solution which moves the Client Id storage to the browser’s local storage. Not without caveats, though.

I’m a big fan of not moving everything to the client but rather implement certain stuff server-side.

But only since I came across Cloudflare Workers, the performant proxy layer between the client and the actual origin (server).

Why is such a proxy beneficial? Because it especially helps you when you have no control over web-servers since you love cloud providers (think Medium, Shopify, etc.).

Certainly, Google and the other major players will take measures to cope with ITP 2.1. Nonetheless, it seems like the digital analytics world is making more steps towards a server-side tracking world.

Generating Google Analytics Client Id in Cloudflare Workers

So, assuming you have a Cloudflare Workers setup, here’s what you need to add to deal with ITP 2.1:

  • Find the appropriate position in your script to check for already set _ga Cookie, e.g.
    const cookies = event.request.headers.get('Cookie');

    if(cookies.indexOf('_ga=GA') === -1)) {...}
  • Add a global constant with your desired tracking domain, e.g.
    const trackingDomain = 'yourdomain.com';
  • And now the needed line to set the GA Cookie via HTTP header, where response is the response you are going to return to the client
response.headers.append('Set-Cookie', `_ga=${["GA1", trackingDomain.split('.').length, crypto.getRandomValues(new Uint32Array(1))[0] & 2147483647, Math.round((new Date).getTime() / 1E3)].join(".")}; Domain=.${trackingDomain}; Max-Age=63072000;`);

What happens now is that for all users without _ga cookie in the first place you will set the _ga Cookie manually — so to speak. The GA tracker can then pick up the Client Id from your _ga cookie and ITP 2.1 browsers will not touch this cookie.

Warning: This is just an inspirational post and doesn’t cover issues such as allowLinker and tracker settings (i.e. different cookie ids, etc.)