Chrome Finally Blocks Non-Secure 3rd Party Cookies

Update: This article has been updated on Oct. 30, 2020 to include the latest developments in the rollout schedule of the Chrome cookie block.

Cookies are bad for your health. Your girlfriend knows that, and now, Chrome knows it too. It decided to make everyone’s lives better and block all third-party cookies that were placed by non-secure domains.

Release date: The change first came into effect on Feb. 4th 2020 but then the release was stopped during the COVID pandemic. The rollout has been resumed on Jul 14th, 2020 and as of Aug. 11, 2020, it has reach 100% of users. 

Ok, the semi-clever diet allegory aside, will this update affect your campaign or is it nothing to worry about? 

Let’s look into this topic more closely and start by asking, what are cookies or non-secure domains anyway?

Cookies matter

Thanks to the EU regulations and the growing emphasis on the privacy issue, many people have discovered that such a thing as ‘cookies’ exists, and they are used by all websites. Yes, all of them. Voluum blog uses them as well.

Cookies are small text files that are stored locally, on your computer’s hard drive. They are created by your web browser, Chrome and others alike.

Cookies contain information about your preferences. They can save your login and password; items that you have added to the shopping basket; products, you have viewed recently. 

Generally, they’ve been designed to make everyone’s life better. (Hey, it’s the same as with regular cookies!) Embrace cookies.

X-party cookies

Beneath that rather simplified explanation of what cookies are there is an important distinction between first-party cookies and third-party cookies:

• First-party cookies are set by a web server with the same domain as the page you are currently on. They are mainly designed to make your browsing experience more comfortable in ways that were hinted above.
• Third-party cookies are set by other web servers. This usually means various analytical or tracking solutions. They store information on the referer, time spent on a website, buttons clicked, etc. They mainly serve web owners to make their pages more attractive.

What’s new?

Most of the third-party cookies are innocent. But Google, along with the two remaining biggest web browsers on the Internet, decided that those third-party cookies that were placed by non-secure domains may be a threat to a user. They are all on the path to phase them out.

Google took a step towards the world with no third-party cookies and decided to block those that were placed by non-secure domains.

Ok, but what are non-secure domains?

SSL also matters (HTTPS)

Look at the top-left corner of your web browser, just left of the web page address. Do you see the small lock icon? This means that our domain, as most on the Internet, uses an encrypted protocol (HTTPS) to ensure user’s safety. 

If you currently use Chrome, the protocol type has been hidden from you. But if you double- click the address bar, you will see that Voluum actually uses the HTTPS connection. 

HTTPS connection uses SSL certificates to:

• Identify that a web page that you visit is a web page it says it is.
• Encrypt communication between your computer and a web page that you visit.

These SSL certificates bind a digital cryptographic key with the details of a company’s identity.

In short, with the HTTPS connection, you get to the web page you wanted, not to a fake one, and you send secure information.

Want to know how Chrome cookie block may affect you? Look for answers to the questions below:

What if I weren’t using SSL before the Chrome 80 update in my affiliate campaigns?

Most probably you have lost some clients. Since July 2018 and Chrome 68 update, all users that visit web pages that don’t have SSL installed see a warning message. This message says that the connection they use is not secure.

In your case, many clients may have chosen not to click any further not because your offer was not attractive but because they were deterred. 

In contrast, some of our clients noticed a significant conversion boosts when they’ve implemented a secure connection throughout their campaigns.

What if I still don’t use SSL after the Chrome 80 update in my affiliate campaigns?

If you track your campaigns with Voluum and you don’t use SSL, several things will be affected:

• Impression tracking pixel: An impression will still be counted in Voluum, however, there will be no connection between it and a visit. All information from custom variables will be lost. It will be as if two completely separate people made two actions: one generated an impression, and the other clicked on the ad.
• The redirect method of tracking clicks relies on having a certain parameter stored in a cookie. When no cookie with this parameter is found, a failsafe mechanism launches and searches for this parameter in a referrer. This means that in a typical scenario, click-tracking should still work. However, if any additional redirects, re-routes or page reloads between an ad and a landing page take place, this parameter may be lost and the click tracking will not work.
• Conversion tracking pixel: this solution will stop working at all.

What won’t be affected:

• Tracking with a Direct Tracking Pixel or Redirectless methods;
• Postback URL

What if I already use SSL in my affiliate campaigns?

We’ve already introduced important changes to how Voluum handles cookies. These changes mean that all Voluum features and solutions will work without interruptions and no action from your side is required.

What if I want to be on the safe side and be sure that everything will work? 

Firstly and most importantly, make sure that you use an SSL certificate throughout the whole funnel. This means that you need to have it enabled on:

• Your tracking domain – either on a dedicated domain or on a custom domain.
• Your landing page.
• Offer page. If you get your offers from an affiliate network, make sure that it supports a secure connection.

If you don’t use HTTPS connection consequently throughout the whole funnel (for example, you won’t enable SSL on your landing page), this will be seen as a conflict by all modern browsers and a warning message will be displayed.

More information is available in Voluum knowledge-base articles on secure domains.

Once you go with the secure connection, make sure that you have updated your tracking links with HTTPS.

For those of you that have been using HTTPS for some time – make sure that the SSL certificate did not expire.

Secondly, we recommend switching to direct methods of tracking. In Voluum, there are two features that do this:

• Direct Tracking Pixel
• Redirectless Tracking

Direct tracking is future-proof, as it is also in-line with Google’s and Facebook’s growing dislike towards redirects.

The world after

The situation post-Chrome cookie block will not last forever. In a year, Google will block all third-party cookies, no matter if they were placed by secure or non-secure domains.

There will still be an option to use a redirect method of tracking for some cases, but a direct method of tracking will be a recommended one.

Get Voluum with the direct method of tracking and stay safe.