Google to Block Insecure Third-Party Tracking Codes in Chrome
Learn how to prepare for the latest Google update.
You may have heard a lot about third-party tracking and cookies lately. Unfortunately, this news does not have to do with party hats, cake, and delicious chocolate morsels. It has to do with how Google Chrome will treat scripts from third-party vendors trying to track users across the web. Google announced its plans to block insecure third-party tracking codes in Google Chrome beginning in 2023. In this guide, you’ll learn what third-party cookies are, the consequences of Google blocking them in Google Chrome, and what your brand should do to prepare for the change.
What are third-party cookies?
Before we define what a third-party cookie is, let’s take a look at a first-party cookie.
A first-party cookie is a bit of information created by a website you visit that is stored on your computer. The data is owned and collected by the publisher of the website. For example, a website may have the capability to show multiple languages, and it learns that you prefer English. It adds a cookie with that information in your browser, so the site appears in English the next time you visit the site.
A third-party cookie is a snippet of data placed and collected on a website by someone other than the site owner. A common example is code from retargeting ads. You might be searching for a new pair of shoes across various websites. You don’t know which pair of shoes to buy, so to kill some time, you navigate to your favorite news site. To your surprise, you notice the exact pair of shoes you were just looking at in the advertising column side on the news site. The news site containing the ad used third-party cookies from the other shoe-selling websites to serve you an ad for shoes you have looked at in hopes that you might purchase them.
What changes is Google making to third-party tracking codes and why?
According to Search Engine Journal, with Google Chrome 84, Google will restrict third-party cookies that are served via the HTTP protocol and cookies that do not have a proper SameSite attribute. To ensure a third-party cookie will work, a specific attribute needs to be added to the cookie’s code:
| SameSite=None; Secure
Google has two main reasons for this change. First, users are demanding greater privacy across the internet. Second, Google wants to ensure publishers’ sites are more secure. As Google explains:
“One of the cultural properties of the web is that it’s tended to be open by default. This is part of what has made it possible for so many people to create their own content and apps there.
However, this has also brought a number of security and privacy concerns.
Cross-site request forgery (CSRF) attacks rely on the fact that cookies are attached to any request to a given origin, no matter who initiates the request.
For example, if you visit evil.example then it can trigger requests to your-blog.example, and your browser will happily attach the associated cookies.
If your blog isn’t careful with how it validates those requests then evil.example could trigger actions like deleting posts or adding their own content.”
Cookie restrictions are something advertisers have been dealing with for years. While this is new for Google, other popular web browsers like Mozilla Firefox and Apple’s Safari have been blocking third-party tracking since 2013.
What does this mean for SEO and why should you care?
Fortunately, Google’s privacy shift won’t affect much in terms of organic search presence. The only change that digital marketers may see lies within the Demographics data in Google Analytics.
The data for these charts comes from a subset of users who are signed in to Google where age and gender can be collected. In addition, Google uses third-party DoubleClick data it gathers about a user. Because the DoubleClick data is third-party, there’s a possibility that this data will be impacted, but likely not a lot. We anticipate that digital marketers will still have the ability to gather demographic data — it just may be based on a smaller data set.
What can you do today to prepare your brand for the change?
We here at GPO are all about action, and we want to enable you to take action when Google makes a change like this.
- If your organization builds third-party tracking codes, move them to HTTPS.
- If you are a vendor that uses tracking cookies, make sure to properly set the SameSite attribute to ensure cookies continue to work as usual. As a note, if you are having issues with third-party tracking codes, we recommend using Chrome 84 and Chrome Dev Tools to find the cookies that aren’t working and why.
- Ensure you monitor demographic data in Google Analytics and note any changes after Google starts blocking insecure third-party cookies.
- Research contextual advertising to mitigate any changes resulting from the lack of ability to target users using third-party cookies.
- Invest in search engine optimization! Search optimized sites show up in organic search results and reach users when they are looking for a product — without the need for third-party cookie information.
Whether it’s third-party cookie blocking information or a new algorithm update, your SEO strategy requires constant pivoting. There’s no better time than now to get a team of best-in-class search-optimized content experts in your corner! Reach out to GPO to talk about how to create (and maintain) your search-optimized content.