Cookie Apocalypse Countdown: Understanding the Chrome 80 Changes
What changes happened with Chrome 80?
Chrome 80 has a few major pieces:
- Everything needs to move over to SSL, meaning everything should run via HTTPS going forward.
- Third party cookies need to return “SameSite=None” inside the cookie.
The cookie requirement goes live on Feb 17 (even though the v80 updates comes out on Feb 4th)
What is a third party cookie?
It’s any cookie fired by a tracker not associated with the website that your visiting right now.
Third party cookie = outside cookies
First party cookie = your internal cookies
What does SameSite=None mean?
For now it just requires updating the cookie call a bit (nothing needed on your side), and it should be considered as a first compliance check towards Chrome making harsher requirements for these calls.
Mozilla’s Firefox and Microsoft’s Edge say they will also adopt this format, so expect all cookies to need to switch over to including this.
Do I need to freak out?
Nope. You should have already moved to using HTTPs through an SSL certificate, and that is pretty much it.
Anything that is from your own website doesn’t need changing, and any external resource should be handling this small adjustment from their side to the cookie response.
What should you do?
Make sure to switch every website and landing page over to use HTTPS. With every new browser release, we continue to see more and more rules restricting HTTP websites and tracking. The sooner you move over, the sooner you’ll have one less thing to worry about.
How is Everflow handling this?
We already provide every client with one free domain and SSL certificate. We’ve also made sure to test that we’re in compliance, and we don’t see any issues that would cause problems.
This should be considered an opening move, and we still urge all clients to switch to either Direct Linking or Postbacks tracking for resolving all cookie related issues.
How does this compare to ITP 2.2?
ITP 2.2 is significantly more stringent towards tracking cookies, whereas this is just include a confirmation of third party cookie status currently. You can read more about those requirements here - [our ITP 2.2 explanation]