Cookie lifetime / ITP

Cookie lifetime is how long a cookie actually survives in the browser. Safari's Intelligent Tracking Prevention caps it at 7 days (sometimes 24 hours) for script-set cookies, silently shortening attribution windows.

Kay Vink
Kay Vink

Cookie lifetime is how long a cookie actually survives in the browser, which is no longer what your code requested. Safari's Intelligent Tracking Prevention (ITP) caps cookies set via JavaScript at seven days, and at 24 hours in some contexts, regardless of the expiry the script asked for. Firefox and other browsers apply their own limits.

#The expiry you set is a request, not a promise

This is not a third-party-cookie story. ITP's caps hit first-party cookies written by script, which is how most analytics and ad tags store their visitor IDs. The signal impact is concrete: a Safari visitor who clicks an ad and returns to buy on day 9 looks like a brand-new visitor, so the conversion detaches from the click. Attribution windows on Safari traffic silently compress to a week, no consent banner involved. Server-set (HTTP response) cookies escape the seven-day cap, which is a large part of why server-side infrastructure became a measurement topic at all.

BrowserCookieEffective lifetime
Safari (ITP)First-party, set by JavaScript7 days
Safari (ITP)JS-set, arriving via link decoration (click IDs)24 hours
Safari (ITP)First-party, set server-side (HTTP header)Requested expiry*
Firefox (ETP)Third-partyBlocked by default
ChromeThird-partyAllowed (deprecation walked back)

Excerpt; the maintained version with per-context caveats lives on the parent page.

The cookie-lifetime table Buron maintains alongside its first-party pixel is exactly this one, kept current as browsers move.

The living table and what to do about each row is Tracking after third-party cookies: what actually still works; the durable transport that sidesteps the caps is Server-side tracking; and Conversion tracking & signal quality maps the wider territory.