TrackingConsulting

Cookie ITP & 3P Block Checker

Paste a Set-Cookie list — see which cookies survive Safari ITP, which Chrome will cap, and which are flat-out third-party blocked.

Set-Cookie lines (one per line)

Your site domain

Used to decide first- vs third-party.

Healthy

ITP-limited

3P blocked

_ga

ITP-limited (1P JS)

_ga=GA1.2.123456789.1700000000; Domain=.example.com; Path=/; Max-Age=63072000; SameSite=Lax

· First-party but client-side (no HttpOnly) — Safari ITP caps lifetime to 7 days regardless of Max-Age.
· Lifetime > 400 days — Chrome (since 100) caps to 400 days for first-party cookies set via Set-Cookie.

_fbp

ITP-limited (1P JS)

_fbp=fb.1.1700000000.123456789; Domain=.example.com; Path=/; Max-Age=7776000; SameSite=Lax

· First-party but client-side (no HttpOnly) — Safari ITP caps lifetime to 7 days regardless of Max-Age.

ads_session

Blocked / restricted

ads_session=abc123; Domain=.advertiser.com; Path=/; Max-Age=2592000; Secure; SameSite=None

· Third-party cookie — blocked by Safari ITP and most ad blockers; partially restricted in Chrome.

session

Short-lived 1P

session=opaque; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax

_gcl_au

ITP-limited (1P JS)

_gcl_au=1.1.123.987; Domain=.example.com; Path=/; Max-Age=7776000

· First-party but client-side (no HttpOnly) — Safari ITP caps lifetime to 7 days regardless of Max-Age.
· No SameSite attribute — defaults to Lax in modern browsers.

Long-lived 1P cookies are non-negotiable in 2026

We migrate ad-platform tracking off client-side cookies into HttpOnly server-set first-party cookies via a custom subdomain — making attribution survive Safari ITP and Chrome's 400-day cap.