Chrome 80 – new cookie management
On the 4th of February, Google will release Chrome 80. This will culminate a number of changes to how Cookies are managed that have been phased in over the past few months. For publishers, advertisers and affiliate networks this has centered around a feature called sameSite which states whether cookies are available to access from third party requests. Given Chrome’s market share (64% of the overall browser market, according to Statcounter) there has been obvious concern around the impact of this Chrome update.
Tradedoubler has been aware of the Chrome updates and we made changes to our tracking to ensure we are compliant both with the latest version of Chrome but also ensure we are compatible with older browser versions which cannot support the new cookie functionality. Our approach means our publishers and advertisers should not have to make changes to their websites. We are also aware that Microsoft and Firefox will likely follow with their updates to cookies support later this year.
What is changing in Chrome 80
Google first announced in May 2019 they would change the scope of cookies accessed third party (I.e. when a Tradedoubler impression tag is loaded from a publisher’s website). At present, unless explicitly set, all cookies are assumed to be available third party.
From Tuesday, 4th of February, Chrome will assume any cookie not having explicitly set as available third party is only available 1st party. This would be an issue for post-view/post impression sales and legacy third party tracking setups.
If cookies are configured to allow access third party (i.e. from Tradedoubler.com script on a client’s site) then they are only available over HTTPS. The way a cookie’s scope (if it’s available third party) is controlled using a flag in the cookie called sameSite – for third party access the setting is sameSite=none.
Google have generally been pushing the web towards move all traffic to HTTPS, for instance in 2018 when Google launched Parallel tracking they automatically redirected Adwords URLs to HTTPS which explains why they are now forcing networks and ad tech providers to use HTTPS to access cookies third party.
What we have done in response
We have been investigating the impact and testing the impact on our tracking servers. We will release an update that will set all tracking related cookies to use the flag sameSite=none to support our post-view tracking as well as clients yet to migrate to first party tracking. As this setting only works over HTTPS we will also force all traffic to our servers to HTTPS using a server-side redirect.
We advise all publishers to use HTTPS impression and click URLs, however, we will force this redirect just in case they don’t have time or are unable to update.
Additionally, we also take into account browsers that are not compatible with the SameSite functionality (such as Android WebView and have implemented a browser filter based on the known clients that do not support sameSite.
If you have any further concerns please reach to your local Tradedoubler account manager. More technical details on the upcoming Chrome change can be found on the Chromium blog.