On February 4, 2020, Google is set to release Version 80 of Chrome, which includes a slew of updates. The biggest change that you might have been hearing about relates to the SameSite attribute. Quite a few articles have been written on the topic; here we’ve condensed the info into just what you need to know.
Quick Notes About Cookies
- Many websites (likely yours) use cookies to save user data.
- Some cookies help the user, such as “first-party” or “same-site” cookies that store login information so users don’t have to re-enter it each time, or the cookie saves site preferences, like when you click “Don’t show me this again” on a pop-up.
- Some cookies help the site owner or a third party, such as tracking tags or retargeting pixels, so that they can learn a little more about your browsing behavior and serve up more relevant content or ads based on that behavior.
- Once a cookie is set, it can and does get sent to other websites you visit, which can be a good or bad thing, depending on how the cookie is used.
Further reading: Learn more about cookies.
Online Privacy
You’ve probably been hearing more and more talk about online privacy, SSL certificates, GDPR, CCPA, and the like. That’s not going to change anytime soon—in fact, everything is moving in the direction of more control over user data, both in the form of (a) users having more control over their own data and (b) regulations around how businesses are allowed to collect and use your data.
One such change relates to cookies; specifically, this latest release of Chrome aims for more transparency in what the cookies on any given site are doing. Specifically:
“Google Chrome will stop sending third-party cookies in cross-site requests unless the cookies are secure and flagged using an internet standard called SameSite.” – Ad Exchanger
If your cookies are NOT currently doing that, you’ve got some clean-up to do!
Also, this quote helps explain one of the goals of this change:
“Google said it’s getting more aggressive with SameSite to prevent insecure data sharing across domains and cross-site request forgery, which is when hackers manipulate authenticated cookies into taking unwanted actions, like generating fake clicks.” – Ad Exchanger
More transparent cookies are better for users AND your website’s reputation, but it likely requires a few coding updates to get to that point.
Further reading: Chrome to limit cross-site cookie tracking
The Technical Nitty Gritty: What’s Changing
“SameSite” is an attribute that can be set on cookies. The cookies on your site might currently be set to one of the following:
- Not set at all
- Explicitly set to “none”
- Explicitly set to “lax”
- Explicitly set to “strict”
Your site’s cookies might be behaving properly now, but once Chrome version 80 is released, their behavior could change as Chrome will change (i.e. tighten) how it handles cookies. As a quick fix, you will likely want to set all your cookies explicitly to “none,” which is better than not having them set at all. Ideally you will set some cookies to “lax” or even “strict,” where applicable. You will also want to be sure your cookies are being served over a secure connection (HTTPS).
Here’s a breakdown of what each setting will do:
- “SameSite=none” will allow third-party cookie sharing (as long as your site is secure / has a valid SSL certificate)
- “SameSite=lax” will allow your site to share cookies across any other domains owned by the same publisher
- “SameSite=Strict” will not allow any cross-site sharing, which means the cookie will only work on your site
Further reading: Get the full scoop on the SameSite cookie change.
What You Need to Do
You have a few options:
- Wait until February 4, 2020 then look at your site, and any third-party sites you work with, and see if anything is broken. If so, you’ll likely need to change how the SameSite attribute of your cookies is getting set.
- Contact a web developer (like us!) to do an audit of your site now and update any cookie attributes before they cause a problem.
Each site is different and could be using any number of cookies for any number of reasons. We’re happy to look into it for you to help avoid any problems once Chrome is released, get in touch with us!