Server Side Storage
User data is keyed by a randomly generated UUID, which is stored in a standard web browser cookie. Read more about cookies below.
Once identified, a user's data is stored in the server side storage. All user data is keyed depending on what is stored - ad frequency counters, segments used for retargeting, conversions, etcetera. Each key-value has a time-to-live (TTL), that if not refreshed will be expired and removed.
Depending on how the user interacts with ASX, the web cookie come as first- or third party. A first party cookie is a cookie that is set from the same domain that you are currently visiting. A third party cookie is a cookie that is set by a resource located on another domain, which is usually the case with DSP cookies.
|User Interaction||Cookie Context on write|
|Ad impression||Third Party|
|Ad click||First Party (most often, depends on ad / SSP)|
|Post Click Conversion||Third Party|
|Post View Conversion||Third Party|
|Campaign & Site Unique stats||Third Party|
Browsers have different default settings in how to treat third party cookies.
Default Behaviour Read
Default Behaviour Write
|Safari||ITP, see below||ITP, see below|
|Firefox||Allow||Blocks from all sites not previously visited|
|Internet Explorer||Allow||Allows if compact cookie security policy|
Please refer to https://netmarketshare.com/browser-market-share.aspx for details on market share of internet browsers.
Intelligent Tracking Prevention (ITP)
Apple's Safari web browser has a mechanism called ITP that aims to prevent ad tech services to track users across different sites. This has implications both for first and third party cookies, see table below.
|Cookie Context||Non ITP||ITP 2.0||ITP 2.1|
|Write cookie (first party Set-Header)||Allowed||Allowed||Allowed|
|Write cookie (first party document.write)||Allowed||Allowed||7 days expiry|
|Write cookie (third party Set-Header)||Browser Setting||Partitioned immediately||Must use Storage Access API|
|Read cookie (third party Set-Header)||Allowed||Partitioned immediately||Must use Storage Access API|
When a cookie is partitioned, it will only be available within the current session.
From 2.1, using the Storage Access API will mean that consent is explicitly requested from users.
Read more about ITP here:
Summary of Tracking Capabilities
Please find a summary of the implications for ad tech tracking and features below.
|Tracking||3rd Party Allowed||3rd Party not Allowed||1st Party existing||ITP 2.0||ITP 2.1+|
|Ad Frequency||Yes, across sites||Yes, within session||Yes, across sites||Yes, within session||Yes, within session through SSP first party cookie id|
|Post Click Conversion*||Yes||Yes||Yes||Yes||Yes, with conversion tracker script v1.2|
|Post View Conversion||Yes||No||Yes||No||No|
|Campaign & Site Unique stats||Yes||No||Yes||No||No|
1st Party existing would be the scenario when a user has clicked an ad, or otherwise has a first party relationship with the ad technology vendor.
There are currently several ongoing efforts to collaborate around user identity across platforms. This is expected to significantly improve tracking and reach, while providing single point management for user consent and GDPR. BidTheatre is monitoring the development closely and expect to roll out support during the beginning of 2020.