• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • 020 3330 7010
  • marketing@allresponsemedia.com
  • E-mail
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
ARM logo

All Response Media

  • Home
  • About ARM
    • About ARM
    • Meet the Team
  • Our Services
    • TV
    • Digital
      • PPC
      • SEO
      • CRO
      • Social Media
      • Programmatic
    • Offline Media
      • TV
      • TV Execution
      • Press
      • Radio
      • Inserts
      • Door to Door
      • Outdoor
      • DRTV
    • Analytics
    • ARMalytics®
  • Success Stories
    • Client Success Stories
    • TV Star Competition UK
    • TV Star Competition NL
    • Our Work With Startups
  • Content Hub
  • Careers
  • Contact Us
You are here: Home / Digital / Get ready for the Google Chrome 80 update that might change your cookies

Get ready for the Google Chrome 80 update that might change your cookies

31st January 2020 by Terry Richards

Google Chrome will be making updates to Chrome 80 on 4th February. Many website owners are starting to ask about this as it could mean that 3rd party cookies (basically all media tracking tags) can be stopped from being passed when a user visits a client’s website. However, this is not completely true.

What is the update that Chrome 80 are introducing?
Google Chrome holds 49% of the UK browser market, making them the largest player in that space. ‘Samesite’ is the update that Google is making within the new release of Chrome 80. In 2019, Safari launched a similar defence system to combat cookie dropping on Apple devices, and despite some loss in mobile traffic, the change had minimal impact on media reporting. The Chrome change is a robust defence against some of the main cross-site request forgery (CSRF) attacks. Basically, stopping fraudulent information leakage from your website. However, for this to take effect, your developer needs to setup the ‘samesite’ values (which requires coding) within your website.

As an example:
If someone is on Facebook and is reading an article that you have posted, a Facebook cookie would be dropped. Say the person then clicks on the article to navigate to your website where the blog article lives; historically the cookie would be carried over from the Facebook post to the website so that you can understand how people navigate your content across sites. However, by allowing the cookie to carry from the first site, you are also allowing any other cookies that may have been discreetly dropped to carry over as well. So, in the example above, if Facebook decided to be dodgy and drop their own cookie, as well a bunch of 3rd party cookies that want to collect your customers’ information in order to call them and sell them PPI, then this update will stop things like that from happening.

There are two different ways in which you can protect yourself against these types of “attacks”. This will require developer resource.

  • The first is to set the ‘samesite’ value on your site to ‘strict’. This prevents any 3rd party cookies from being passed over to your website. This obviously isn’t ideal for media tracking, because we/you cannot tell which channel someone came from when visiting the site, and it will prevent the chance of seeing site navigation data from within the media platform.
    • A reason where a company may want to use ‘samesite=strict’ is on transactional pages where personal information is being collected. A standard media cookie would not legally collect any of that data, but other dodgy cookies could.
  • The second is to set the ‘samesite’ value on your site to ‘lax’. This allows 3rd party cookies to be carried from external sources to your website. However, it will have restrictions, in that if a cookie has been identified as CSRF-prone then the cookie will still be stopped. So, there is some level of security that is provided to stop fraudulent data leakage.

The site can use a range of ‘lax’ and ‘strict’ values dependent on the pages you are happy to have external sources tracking, and those you are not. So, you may decide to have a ‘lax’ value for most of the website, and then have a ‘strict’ value for the card payment page.

What if I just do nothing?
If you decide to do nothing about this and do not update your website in any way, then the default will be set to ‘lax’ by Chrome.

The easiest way to manage the cookies and help Chrome to identify them as dodgy or not-dodgy, is to ensure that you have implemented a CMP (consent management platform). This is a way for a website to collect explicit consent on which cookies visitors want to accept and which they do not. If all of the cookies that are expected to be passed are included within the CMP, then Google is less likely to stop them from passing through to your site (unless they have specifically identified them as fraudulent, in which case they may still be blocked – but that is a good thing).

What does this mean for your working relationship with All Response Media?
Our Tag4ARM will not be impacted by the update. We ensured that it was updated last year to prevent any tracking gaps during the transition to Chrome 80.

Data management platforms (DMP) would be the media source that is most likely to be impacted, as they generally pass a lot of other cookies from a client’s website to other locations and vice versa. However, the All Response Media DMP, Carbon, has now entered a cookie-less environment and will function as normal. However, if you use Carbon and haven’t already done so, you will need to review the cookie privacy policy on the Carbon website, which will outline all of the cookies they drop alongside their own Carbon cookie, and make sure to update your CMP.

If you decide not to act upon this, it should have no impact on the big volume driving digital media channels we use here at All Response Media, such as Google, Facebook, etc. However, if you are using a 3rd party display media supplier, such as Quantcast, then contact All response Media so that we can make sure that they will continue to perform as normal.

  • Behavioural targeted display suppliers need to be checked to ensure that profiling and targeting are not impacted by the update.
  • The same is true of contextually targeted media suppliers, so All Response Media will get updates on the potential impacts for your media and targeting accuracy.
  • Finally, double check thoroughly with ARM before using online press-based suppliers. Although they use first party data to generate audiences, their tracking can often deliver lots of ‘dodgy’ cookies to client sites due to the nature of the organic content ads. When reading an online press site, you can have lots of cookies dropped from different companies who are tracking the performance of their own content. But many advertisers on these sites can be spammy and therefore have a higher risk of delivering fraudulent cookies through to your website, according to Google. Although it shouldn’t impact targeting and reporting, it puts you at a higher risk of CSRF attacks.

Important to note
This update is something that can be handled by your web developer. This is not something that All Response Media can support with in updating the relevant sections of your website. If you need additional support in making these web updates, we would advise reading the following link: https://web.dev/samesite-cookies-explained/ which outlines the potential changes you can make to your site to make the best use of the ‘samesite’ update. Although we will understand the issue, we cannot offer client-by-client developer support unfortunately.

Read more information on our digital services.

Subscribe For More

Newsletter Signup

Footer

ARM logo

The Leading Performance Media Agency

Building businesses and brands by providing clients with an Unfair Competitive Advantage.
ARMalytics®

Get In Touch

London: Sutton Yard, 65 Goswell Road, EC1V 7EN
Phone: +44 (0) 20 3330 7000

Leeds: Marshalls Mill, Marshall Street, LS11 9YJ
Phone: +44 (0) 20 3330 8050

Amsterdam: Koivistokade 3, 1013 AC
Phone: +31 6 3761 9020

marketing@allresponsemedia.com

Privacy Policy | Cookie Policy | Modern Slavery Policy

  • E-mail
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube

Our Newsletter

Subscribe to receive exclusive media insights straight to your inbox. We respect your privacy.

Newsletter Signup

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

ARM logo
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

These cookies are essential to provide you with services available through our website and to enable you to use certain features of our website.

If you disable this cookie, we cannot provide you certain services on our website and we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Analytical and Performance Cookies

These cookies are used to collect information to analyse the traffic to our website and how visitors are using our website.

For example, these cookies may track things such as how long you spend on the website or the pages you visit which helps us to understand how we can improve our website for you.

The information collected through these tracking and performance cookies do not identify any individual visitor.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Advertising and Targeting Cookies

These cookies are used to show advertising that is likely to be of interest to you based on your browsing habits.

These cookies, as served by our content and/or advertising providers, may combine information they collected from our website with other information they have independently collected relating to your web browser's activities across their network of websites.

If you choose to remove or disable these targeting or advertising cookies, you will still see adverts but they may not be relevant to you.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Privacy Policy and Cookie Policy