Introduction 🚀
In the dynamic world of digital advertising and online privacy, one of the most significant developments in recent times has been the deprecation of third-party cookies. These small pieces of data have played a crucial role in the functioning of the internet, but concerns over privacy and user tracking have led to their impending demise.
In this article, we will explore what third-party cookies are, their various uses, the issues that have prompted their deprecation and how to audit your website on third-party cookies.
Understanding third-party cookies 🤔
Cookies are small text files stored on a user's device by a website they visit. They serve various purposes, such as remembering user preferences, tracking session information, and providing a personalized browsing experience. Cookies can be categorized into first-party and third-party cookies based on the domain that sets them.
First-party cookies are set by the website that the user is directly interacting with, while third-party cookies are set by domains other than the one the user is currently visiting. Third-party cookies enable cross-site tracking, allowing advertisers and marketers to collect data about a user's online behavior across different websites.
Use cases of third-party cookies 🔛
Third-party cookies are widely used mainly in :
- Statistics tools : For example, Google Analytics can aggregate your behavior across multiple websites. For this purpose, you are assigned a unique identification number so that you can be recognized on several websites.
- Advertising : Advertising networks such as Google Ads have an interest in displaying advertising that is as appropriate as possible to your interests and your current goal. For example, if you are actively searching for new slippers on the internet, you will certainly have experienced that you are displayed ads for slippers on different websites.
- Disguised advertising networks : Advertising networks do not always act obviously as such. For example, the Facebook Like button that you find on some websites collects precise data about your behavior on the internet. In this way, targeted advertising can later be played on Facebook on topics that you have previously searched for on the internet.
Issues leading to deprecation ⛔
- Privacy Concerns : One of the primary drivers behind the deprecation of third-party cookies is growing concerns over user privacy
- User Tracking and Profiling : Advertisers and tech companies could create detailed profiles of individuals based on their online behavior, potentially leading to the misuse of personal information.
- Legislative Changes : Various regions, including the European Union with the General Data Protection Regulation (GDPR) and California with the California Consumer Privacy Act (CCPA), have implemented or proposed regulations to enhance user privacy.
- Browser Changes : Major web browsers, such as Google Chrome, Mozilla Firefox, and Apple Safari, have started phasing out support for third-party cookies.
Audit your third-party cookie usage 💡
If your site uses third-party cookies it's time to take action as we approach their deprecation. Chrome plans to disable third-party cookies for 1% of users from January 4th, 2024 to facilitate testing, and then ramp up to 100% of users from Q3 2024.
Cookies marked for third-party usage can be identified by their SameSite=None value. You should search your code to look for instances where you set the SameSite attribute to this value. If you previously made changes to add SameSite=None to your cookies around 2020, then those changes may provide a good starting point.
The Chrome DevTools Network panel shows cookies set and sent on requests. In the Application panel you can see the Cookies heading under Storage. You can browse the cookies stored for each site accessed as part of the page load. You can sort by the SameSite column to group all the None cookies.
Make sure to review your cookies and have a list of those set with the SameSite=None. These are the cookies for which you will need to take action to ensure they keep functioning properly.
Test for breakage 🚧
You can launch Chrome using the --test-third-party-cookie-phaseout command-line flag or from Chrome 118, enable chrome://flags/#test-third-party-cookie-phaseout. This will set Chrome to block third-party cookies and ensure that new functionality and mitigations are active in order to best simulate the state after the phase out.
Once you have identified the cookies with issues and understand the use cases for them, you can work through the following options to pick the necessary solution.
Conclusion ✅
If you found that those properties are valuable and useful, start using them in your next projects and share the post. 🙏♻