Changes In The Management Of Third-party Cookies On Chrome 80

By Álex Masip , Head of Data at Labelium Spain Among the changes that the main browsers such as Safari and Firefox bring to the management of third-party cookies , Chrome is also planning significant in version 80, scheduled for February 2020. In this article, we explain the background, the changes made by Chrome and their implications. We will also see how to test if our site is ready to handle them correctly. First and third party cookies In Netherlands WhatsApp Number List general, we understand by first party data the data that belongs to us directly, without the intervention of third parties. In the context of cookies, first party cookies are those that are managed directly from the main domain of the site.

That is, all cookies in which the primary domain is the same as the site we are on. Unlike third-party cookies which are those belonging to other main areas of the site on which we are located. Cambios in the ley of cookies in Chrome The third-party cookies are useful to maintain overall consistency in the user navigation. For example, if we put a video from YouTube on our site, whether the user is logged into YouTube, has seen the video before or has tagged it to watch it after, is handled by a third-party cookie. Without this cookie, the user would have to leave our site and go to YouTube to log in again.

The Problem Is, There Are Many Not-so-trivial Uses For This Type Of Cookie

The best known is its use to track the user throughout their browsing for profiling and online advertising purposes. But there are also much more serious potential security abuses. The management of third-party cookies on the main browsers Legislative changes such as GDPR and public awareness of online privacy management have resulted in major changes in the way major browsers such as Safari or Firefox handle these third-party cookies. Safari launched this crusade against online tracking in 2017 with its ITP (Intelligent Tracking Prevention) which already prevented the use of third-party cookies.

ITP has evolved and we are already at 2.3, with which Apple also protects against some type of use of first party cookies and the use of other tactics such as local storage. Firefox opted for a similar, but less aggressive, tactic. Instead of blocking all cookies by default, it uses a blacklist method . It checks whether the cookie belongs to a domain identified in the list of advertising and tracking domains (list of disconnect.me ). So far, Chrome has opted for much less aggressive tactics. It does not block first or third party cookies by default, although it does offer this option to its users through its privacy management.

The Big Change In Chrome Version 80 Is That Changes Are Active

by default, without the user having to explicitly activate them. Managing cookies on Chrome 80 From its version 80, Chrome will start enforcing the secure use of the SameSite attribute for third-party applications. The SameSite attribute is not new, but it was not used regularly until now. The SameSite attribute offers three value options: SameSite = Strict – Purely first party use SameSite = Lax.- Intermediate point that allows certain uses in a third party context. The use of the cookie is allowed on external domains when they come from a direct link, for example to keep a user logged in.

But it does not allow the use of the cookie by other methods like POST. SameSite = None.- Use of standard third parties. The big difference in this Chrome update is that it forces you to declare the SameSite = None as safe. In other words, it will reject this: Set-Cookie: promo = abc123; SameSite = None And it will have to use this: Set-Cookie: promo = abc123; SameSite = None; Secure In the first case, Chrome will reject the cookie and if it does not declare itself SameSite, it will treat the cookie as if it were a SameSite = Lax, thus blocking its use by a third party.

Leave a Reply

Your email address will not be published.