Cookie lifetime / ITP
Cookie lifetime is how long a cookie actually survives in the browser. Safari's Intelligent Tracking Prevention caps it at 7 days (sometimes 24 hours) for script-set cookies, silently shortening attribution windows.

Cookie lifetime is how long a cookie actually survives in the browser, which is no longer what your code requested. Safari's Intelligent Tracking Prevention (ITP) caps cookies set via JavaScript at seven days, and at 24 hours in some contexts, regardless of the expiry the script asked for. Firefox and other browsers apply their own limits.
#The expiry you set is a request, not a promise
This is not a third-party-cookie story. ITP's caps hit first-party cookies written by script, which is how most analytics and ad tags store their visitor IDs. The signal impact is concrete: a Safari visitor who clicks an ad and returns to buy on day 9 looks like a brand-new visitor, so the conversion detaches from the click. Attribution windows on Safari traffic silently compress to a week, no consent banner involved. Server-set (HTTP response) cookies escape the seven-day cap, which is a large part of why server-side infrastructure became a measurement topic at all.
| Browser | Cookie | Effective lifetime |
|---|---|---|
| Safari (ITP) | First-party, set by JavaScript | 7 days |
| Safari (ITP) | JS-set, arriving via link decoration (click IDs) | 24 hours |
| Safari (ITP) | First-party, set server-side (HTTP header) | Requested expiry* |
| Firefox (ETP) | Third-party | Blocked by default |
| Chrome | Third-party | Allowed (deprecation walked back) |
Excerpt; the maintained version with per-context caveats lives on the parent page.
The cookie-lifetime table Buron maintains alongside its first-party pixel is exactly this one, kept current as browsers move.
The living table and what to do about each row is Tracking after third-party cookies: what actually still works; the durable transport that sidesteps the caps is Server-side tracking; and Conversion tracking & signal quality maps the wider territory.
Related terms
Cookieless tracking
Cookieless tracking is the umbrella for measurement that doesn't depend on third-party cookies: first-party data, server-side event streams, hashed-identifier matching, and modeled conversions.
Server-side tracking
Server-side tracking sends conversion and analytics events from a server you control instead of the visitor's browser: a more durable transport for the same events, not a way around consent.
Third-party cookies
Third-party cookies are cookies set by a domain other than the site you're visiting: the mechanism behind cross-site ad targeting and view-through measurement, blocked by Safari and Firefox and retained by Chrome.