Third-party cookies: should I stay, or should I go?
A practical guide to keep performing without 3rd party cookies in browsers like Google Chrome
- Article
- Technical Web Analytics
- Data Analytics
In recent months there has been a lot to do about third-party cookies and their not-so-imminent-anymore end-of-life in the Google Chrome browser. Is this then much to do about nothing or should you brace yourself for a paradigm-changing shift? In this article we will lift the veil over this important topic. Also, we’ll share 7 hands-on tips to prepare yourself for what’s coming.
Update July 2024:
Since this blog was published, Google has revised its strategy for phasing out third-party cookies. Instead of completely blocking third-party cookies, Google will soon provide Chrome users the option to enable or disable these cookies across all their browsing activities.
Despite the longer-than-anticipated support of third-party cookies, we believe our previous recommendations remain relevant. These strategies will help organisations transition smoothly and adopt alternative approaches discussed in this article.
Third and first-party cookies: what’s in a name?
Firstly, with talk aplenty about third-party cookies, we would do well to pause and look at what third-party cookies are. The best way to start is by looking at an example. Let’s say you deploy the Facebook / Meta pixel via Google Tag Manager on your website. This pixel writes cookies in your visitors’ browsers to function. Since this is Facebook we’re talking about, these cookies must be written in third-party context, right? Well, no. For quite a while now, Facebook reads and writes cookies in a first-party context, meaning these cookies would not have been affected by Chrome’s phasing out of third-party cookies.
Where can we find third-party cookies then?
For this we need to look at applications loaded on a website that request resources from a third-party source and where said resource responds to the request by storing certain identifiers in the browser’s cookie storage. When this happens, the requested resource can read the information stored in the cookie storage both on its own domain as well as on the domain that requested the resources.
A practical example
This all sounds rather abstract so it’s best to look at a real-world example. On digital-power.com (yes, we also use third-party cookies), new visitors that have opted in to all cookies will have LinkedIn scripts loaded in their browser window. This script will trigger an http request to px.ads.linkedin.com. Digital Power does not share the same root domain as Linkedin so this is a request in a third-party context. In the image below you will find that the request to Linkedin.com results to cookies being set as a response. Since these cookies are set from the LinkedIn domain, they can both be read on linkedin.com as well as digital-power.com.
Now wait a moment, Facebook also sends http requests to Facebook.com right? True, but no cookies are being written in those requests. Cookie writing and reading for the Facebook pixel is managed through a JavaScript API which is loaded by deploying the Facebook pixel from your website. Since the pixel is loaded from your own domain, all cookies it writes are handled in a first-party context, meaning that Facebook cannot read the cookies it stored on digital-power.com on any other domain.
Third-party cookies: the good, the bad and the ugly
Why all this fuss about third-party cookies right now? They provide a very easy way for large advertisers to track consumers across websites, thus allowing them to gain a deep understanding about a consumer’s behavior and preferences. As a consumer using Google Chrome without any adblocking enabled, there is little you can do against this type of cross-site tracking.
Why the fuss about Google Chrome?
You may have noticed that the recent commotion mostly centers around Google Chrome. This is because the Chrome browser was the last of the Mohicans when it came to allowing third-party cookies. Safari and other WebKit browsers alike have had a much stricter stance towards third-party cookies from the very beginning and have outlawed them completely in 2020. This means that in terms of the technical perspective, there is nothing new under the sun.
The impact on consumer privacy
To summarise, from a consumer’s perspective, their privacy initially appears to be better secured by phasing out third-party cookies. However, many large advertisers still rely heavily on this form of cross-site tracking and Google’s recent announcement has triggered a panicked response to capture individual information through other means, thus potentially exposing consumer privacy in ways that can be more harmful than third-party cookies were.
What you can do to optimise your marketing performance without third-party cookies
Despite the Q4-scheduled third-party cookie-pocalypse having been narrowly averted, it is still worthwhile to investigate the alternatives out there and how they affect advertising performance.
Even though third-party cookies will eventually go away, there are still many ways to keep your digital marketing strong. Here are 7 themes to focus on:
1. Figure out your reliance
First, see how much you're currently depending on third-party cookies. Knowing this will help you identify which parts of your advertising might be most affected. You can follow these instructions by Google or you can contact us if you need a hand.
2. Be ready for changes in campaign effectiveness
As the digital marketing industry adjusts, the effectiveness of your campaigns might not be as strong as you're used to. Planning for this possibility will help you manage your expectations and budget.
3. Investigate Google’s best practices
Google has introduced several tools and best practices designed to help advertisers transition away from third-party cookies. Consent Mode, for instance, influences how your Google tags operate, depending on the consent given by users. And features like Optimized Targeting and Performance Max use machine learning to help advertisers identify the most effective audiences for their campaigns.
You should remain critical though on how these features impact the privacy of your audience. Some features, such as the feature of automatic scraping of email addresses by Google Tag Manager, are in direct conflict with Google’s own privacy initiative.
4. Stay in the loop
Google’s effort on new ways to do advertising that respects user privacy is still ongoing. There are regular updates to their roadmap, tools and features. Keeping up with these updates is crucial for adapting your strategies in time.
5. Keep things under one roof
If you can, try to keep all your websites under a single main domain. When customer journeys cross different domains, information needs to be transferred from one to another domain, for example using third-party cookies, to connect these sessions together.With a single main domain, it becomes much easier to manage user, session, and permission data.
Migrating your data collection server-side is also a great way to keep working in a first-party environment, thus mitigating issues with cross-domain tracking and cookies expiration.
6. Broaden your marketing mix
Now's the time to dive deeper into other marketing strategies that don't need third-party cookies. Invest in contextual marketing (choose specific platforms and content that align with your ad’s theme), improve efforts in channels such as social media and email marketing, and work on improving your content. These areas let you connect directly with your audience and are a solid alternative to cookie-dependent ads.
7. Invest in your customer relationships
The relationship you build with your customers is fundamental regardless of the (im)possibilities of technology. Focus on improving your service and communication supported by the careful use of first-party data collection. Be clear about how and what data from your users is being used and give them control over their privacy.
Alongside a server-side implementation, building a customer data platform can help you reach that goal.
Look ahead to make the most of your digital advertising without third-party cookies
Losing third-party cookies is a big shift, but it's also a chance to build a more transparent and trusted digital advertising world. By focusing on direct relationships with your audience and making the most of first-party data, you can prepare for the changes ahead and continue to reach your marketing goals.
For digital marketers and managers, especially here in Europe, now is the time to come together, share experiences, and navigate these changes as a team. The future of digital advertising is still bright—it's just going to look a little different.
Need help dealing with the end of third-party cookies?
With our vast experience in integrating the latest Digital Analytics, Business Intelligence, and Marketing Solutions with Web and Mobile applications, our data consultants can be your data partner in this transition. Continue making an impact with your analytics and digital marketing with our tailor-made solutions.
We can work together on:
- Improving your website and mobile apps to optimize the collection of first-party data.
- Shaping your data strategy to comply with evolving privacy standards.
- Integrating innovative technologies that prioritize user privacy while delivering actionable insights.
- Consolidating your insights by implementing server-side tracking and work in a first party environment
This is an article by Koen Crommentuin
Koen works as a Senior Technical Web Analyst at Digital Power. He specializes in designing and implementing digital analytics solutions for large and complex projects. Koen co-created the Digital Event Queue, an open-source data layer standard, and developed Tagbird, a handy Chrome extension for visualizing website data collection. His focus is on making digital integrations more robust, transparent, and effective.
Receive data insights, use cases and behind-the-scenes peeks once a month?
Sign up for our email list and stay 'up to data':