Cookies are a double-edged sword to handle if you’re working in technical SEO or web development.
Still, they play a crucial role by keeping track of user behaviour, thus understanding what content users love and which pages they visit the most.
You got it, cookies can provide a goldmine of insights that you can elaborate to make your site structure more user-friendly or better match search intent for your content. Sweet right?
Despite unlimited functions, cookies can be mainly divided into two large glassy pots
Alas, third-party cookies have been reported to go away next year so what shall we do?
In this blog post, we’ll explore how to prepare for third-party cookies withdrawal and learn how to make the most out of your native first-party cookies.
📌 I will keep updating this blog post as everything revolving around cookies involves a steep and continuous learning curve these days.
You can learn more straight from the horse’s mouth on the Chrome for Developers blog post
Third-Party Cookies to be Removed by Q3 2024
Google announced that they will gradually stop using third-party cookies in Chrome starting from the Q3 of 2024. They started testing this with 1% of users on January 4th, 2024. As part of the plan, site owners were urged to make sure their websites can work properly without third-party cookies.
The removal of third-party cookies will have significant implications for the digital advertising industry, requiring advertisers to adopt new methods for targeting and serving relevant ads to users.
The blocking of third-party cookies has led to increased CPMs, with some reporting rates two to three times higher. Estimates suggest significant revenue losses for publishers and industries, emphasizing the impact of this transition.
On the bright side of the coin, this transition also presents an opportunity for website owners to explore alternative privacy-focused solutions.
Google is testing new Privacy Sandbox APIs and industry groups are working on developing new standards for targeted ads. The intention is to reduce cross-site tracking while helping to keep online content and services free.
From the start of 2024, you will see an increased proportion of Chrome users on your site with third-party cookies disabled as the phasing-out test period will continue through to Q3 2024.
Auditing Third-Party Cookies is a Low Priority task
Everything involving cookie removal sounds like a learning curve.
There will be those who test and those who procrastinate because they lack the required expertise or simply didn’t familiarize themselves enough with the removal.
Truth be told, the third-party cookie removal extravaganza is not meant to become a ranking factor despite involving a plethora of other side effects on the overall user experience and tracking performance.
As John Mueller recently pointed out on r/TechSEO, website owners and brands are more prone to delegate an ad-hoc audit to specialists in the field. That said if you lack the expertise, you’re better off treating the issue as a low priority and hiring a specialist to conduct a dedicated audit for you.
Comment
byu/DeepKaizen from discussion
inTechSEO
The very least you can do, though, is to familiarize yourself with the removal, and in the following paragraphs, I’ll guide you through that.
How to prepare for the Third-Party Cookies Removal
The process isn’t too long.
Even though implementing solutions may be tricky, the process itself is quite straightforward. This is thanks to the web developer team at Google not only clearly communicating changes to stakeholders, but also tirelessly working to improve the usability of the Chrome dev. tool over the years.
Here’s the process broken down into steps, including an overview of the adjustments you can make depending on the types of third-party cookies used on your website:
Solutions to Third-Party Cookies Dependencies: Use Partitioned cookies
Solutions to Third-Party Cookies Dependencies: Use Related Website Sets
Triple Up on First-Party Data Collection
Find third-party cookies on your site
Third-party cookies can be identified by their SameSite=None value. You should search your code for instances where you set the SameSite attribute to this value.
The process is pretty straightforward with the new Privacy Sandbox Tool, a Chrome extension developed by Google. All you have to do once you’ve downloaded the extension is to go on your website, open the dev.tool, and head to the newly added Privacy Sandbox tab.
The tool is an Open Source project on Github, and if you are interested in the nitty-gritty side of things, I recommend you check out the main repository: Github Repository Wiki
Another way to identify third-party cookies on your site is to blindly use the dev.tool without any Chrome extension.
You can inspect a page, select More tools > Issue and a new table will open saying
Cookies sent in cross-site context (marked as SameSite=None) will be blocked in the future.
If your site relies on some sort of third-party cookie, you will get to know it straight away by looking below in the Affected Resources section.
Right, but what if I need to expand the inspection across the entire site? Can I bulk inspect issues with cookies for my website?
Of course, another way to find out problematic third-party cookies is to run a crawl with Screaming Frog.
To get the above, you will need to:
- Enable JS rendering & error reporting via ‘Config > Spider > Rendering’
- Initiate the crawl
- Use the lower ‘Chrome Console Log’ to see ‘Cookie Issue‘.
Test your website without third-party cookies
First off, you only have to peek at your Chrome tabs and see whether you’re experiencing a login weirdness such as the one below.
If that’s the case, chances are you are in the 1% of users now blocking third-party cookies. And that could be a relief because you can sit back and wait for anything to happen on your website without further testing.
Back to testing solutions, I found that the best way to test third-party cookie dependency is to do two runs side by side.
- The first is with Chrome on the usual settings.
Settings > Privacy and Security
2. The second one with the same version of Chrome launched with the dedicated flag
chrome://flags/#test-third-party-cookie-phaseout
This will set Chrome to block third-party cookies and ensure that new functionality and mitigations are active to best simulate the state after the phase-out.
Any test failures in the second run and not in the first are good candidates to investigate for third-party cookie dependencies. Make sure you report the issues you find!
Potential Solutions to Third-Party Cookies Dependencies
Third-party cookies contain the SameSite=None attribute and once Google completes the phase-out, every cookie containing that attribute will require an update.
Once you have identified the cookies with issues, you can work through the following options to pick the necessary solution.
Use Partitioned cookies
Without partitioning, third-party cookies can enable services to track users and join their information from across multiple unrelated platforms.
As highlighted in Google’s documentation, a special attribute called Partitioned; is available to support cross-site cookies that are partitioned by top-level context. All partitioned cookies must be set with Secure; to ensure they’re only set and sent with a secure protocol.
Set-Cookie: fav_store=[…]; SameSite=None; Secure; Partitioned;
What is really cool about this setup is that it efficiently prevents embedded services from sharing cookies across sites, reducing the risk of cross-site tracking.
Where A/B are top-level sites hosting embedded sites (C) through cookies.
| Which Third-Party Cookies benefit from Partitioned? |
|---|
| Third-party chat |
| Maps |
| Payment systems |
| CMS providers |
| CDNs |
| API calls needing cookies |
Use Related Website Sets
If you use a third-party cookie on a small group of connected sites, you might want to consider using Related Website Sets (RWS).
Related Website Sets (RWS) is a way for an organization to declare relationships among sites so that browsers allow limited third-party cookie access for specific purposes. It is designed to minimize disruptions to specific user-facing features as soon as Chrome limits access to third-party cookies.
RWS is particularly helpful for:
- large websites with product lines disseminated across subdomains
- country versions with different ccTLDs to reach users worldwide.
Now, imagine you’re buying a flight to the U.S. and get the option to rent a car. Using RWS ensures the browser shares only necessary information with the third-party service so you can rent the car (bits of information include those required to fill out a form, e.g).
RWS is an important milestone for these types of related websites as they often rely on cookies to keep users signed in or show personalized content.
How to integrate RWS into your website
If sites within the same set want to share cookies, they can use the Storage Access API. When sites are in the same set, the browser will automatically allow access, making cross-site cookies available.
The Storage Acces API provides a way for embedded cross-site content to check whether it has access to cookies and, alternatively, to requestStorageAccess(), which can be called up within an iframe.
RWS – Pros & Cons
Because the user doesn’t need to have visited the embedded site at the top-level, and Chrome will automatically grant permission for sites within the set, the Storage Acces API provides a smoother user experience. However, due to only being called from an iframe, this implementation can pose challenges for top-level sites that use cross-site images or script tags requiring cookies.
As a workaround, chrome has developed the requestStorageAccessFor API which is meant to be called by a top-level document and requires that the document has just received user interaction.
| When to use RWS |
|---|
| App-specific domains |
| brand-specific domains |
| country-specific domains |
| service domains for APIs |
| CDNs |
| sandbox domains for serving untrusted user content |
If you find that you need to use Storage Access API for unpartitioned cookie access across a small group of meaningfully linked websites, RWS can offer a better user experience without prompts for sites within a set and additional functionality for the top-level site, not just the iframe to grant storage access.
Migrate to Relevant web APIs
To ensure user privacy while still catering to essential cross-site functionalities, you can think of migrating from third-party cookies to Privacy Sandbox-supported web APIs like RWS.
The Privacy Sandbox provides a range of purpose-built APIs for specific use cases without a need for third-party cookies:
| Federated Credential Management (FedCM) | enables federated identity services allowing users to sign in to sites and services. |
| Private State Tokens | enable anti-fraud and anti-spam by exchanging limited, non-identifying information across sites. |
| Topics | enables interest-based advertising and content personalization |
| Protected Audience | enables remarketing and custom audiences. |
| Attribution Reporting | enables measurement of ad impressions and conversions. |
Keep in mind that the Storage Access API triggers a browser permission prompt for users. This prompt is displayed only when the site using requestStorageAccess() has interacted with the embedded page and previously visited the third-party site in a top-level context. A successful grant allows cross-site cookie access for 30 days.
| When to Migrate to Relevant web APIs |
|---|
| authenticated cross-site embeds (social network commenting widgets, e.g) |
| payment providers |
| subscribed video services |
Making the Most Out of First-Party Data Collection
As third-party cookies are fading out, now more than ever is the right time to double down on your first-party data collection.
The transition from cookies to browser tracking shows a broader trend, with major advertising platforms gaining control and advertisers leaning more on Google and Apple.
In response to the end of third-party cookies, it’s important to focus increasingly on first-party data. SEO is a great channel for gathering this type of data and helps companies understand user behaviour to show targeted ads.
This change could well lead to shifting budgets from advertising to SEO because of the increasing importance of search based on user intent.
In a nutshell, here are some actionable methods to collect first-party data
🕸️ Capture Data in Your Forms
Enhance your web forms by including a “How did you hear about us” field. This simple addition provides crucial insights into the main channels driving traffic to your site.
🪮 Collect Visitor Data with GA4
Leverage the capabilities of Google Analytics 4 (GA4) to obtain a comprehensive understanding of your website visitors. Analyse age, gender, location, industry, purchasing behaviour, and device usage to inform your marketing strategy.
🔴🔴 Try Multi-Touch Attribution Tools
Implement marketing attribution tools like Ruler Analytics to track individual touchpoints and map out customer journeys. This enables a nuanced understanding of the customer’s interactions with your brand.
🧑🏻💼👩🏼💼 Prompt People to Create Accounts
Encourage users to create accounts on your platform. This not only fosters a sense of engagement but also provides you with valuable information about their preferences and behaviours.
📈Conduct Surveys
Embed surveys directly on your website or distribute them through email campaigns. These surveys can be tailored to extract specific data, offering a direct line to understanding customer preferences and expectations.
📞 Ask for Customer Feedback
Actively seek and analyse customer feedback. By understanding what customers are saying about your products and services, you can identify common trends and topics, allowing for strategic improvements. If possible, you should also delve into customer service inquiries to identify prevalent issues and concerns. This data serves as a valuable resource for refining your messaging and overall business strategy.
🤖Collect Data Through Chatbots
Use chatbots equipped with targeted questions to gather demographic and behavioural data. This automated interaction not only engages users but also provides you with valuable insights.
📝 Run Lead Generation Campaigns on Social
Leverage lead generation features on social media platforms like Facebook and LinkedIn. This allows you to capture valuable first-party data from your target audience in a structured manner.
💾 Use Your CRM Data
Explore the wealth of data within your Customer Relationship Management (CRM) platform. Identify patterns and leverage this data to create highly targeted and personalised campaigns.
✨ Offer Value in Exchange for Data
Encourage data sharing by offering tangible value in return. For instance, entice users to share their email addresses in exchange for something valuable, like a weekly newsletter or exclusive content.
💞 Set Up Loyalty and Retention Programs
Implement loyalty programs that incentivise customers to sign up. This not only fosters customer loyalty but also provides you with key demographic information, such as names, ages, and email addresses.
By adopting these strategies, businesses can not only collect first-party data but also gain great insights into their audience. This knowledge, in turn, empowers businesses to refine their marketing efforts, creating more personalised and targeted campaigns.
Getting Away with the Third-Party Cookies Removal
We learned that cookies are crucial for tracking user behaviour and improving website functionality. However, the removal of third-party cookies, announced by Google for Q3 2024, poses challenges for targeted advertising. This post suggested a simple process for prepping:
- Identify third-party cookies on your site. In other words, get familiar with the cross-site cookies deprecation timeline.
- Test your website without third-party cookies and test for breakage.
- Explore solutions like partitioned cookies and Privacy Sandbox-supported web APIs.
- If required, apply for the deprecation trial.
We also stressed the importance of doubling down on first-party data collection by serving your website visitors enhanced forms, and leveraging GA4 analytics as well as surveys, and loyalty programs.
I don’t have a crystal ball but this process will help you adapt to changing privacy measures and refine your marketing efforts.
🍪 TL;DR
-
What is Privacy Sandbox API?
The Privacy Sandbox has two core aims: Phase out support for third-party cookies when new solutions are in place. Reduce cross-site and cross-app tracking while helping to keep online content and services free for all.
-
What is Related Website Sets (RWS)?
RWS is a tool browsers use to understand connections between different websites. It helps browsers make decisions, like allowing access to cookies between these sites. This information is also presented to users.
-
Why are third-party cookies significant in SEO?
Third-party cookies play a crucial role in tracking user behavior and understanding content preferences.
-
What’s the impact of Google’s decision to remove third-party cookies?
Google has already tested removal to 1% of all websites worldwide, and it’s going to disable 100% of third-party cookies in Chrome by Q3 2024. This will have a considerable impact on digital advertising, requiring a shift in targeting methods.
-
How can I prepare for the removal of third-party cookies on my website?
You can identify third-party cookies using tools like the Privacy Sandbox Tool extension, test your site without these cookies, and explore solutions like partitioned cookies and web APIs.
-
Is auditing third-party cookies a high-priority task?
The removal of third-party cookies is not a ranking factor, but website owners are encouraged to delegate audits to specialists to ensure a smooth transition.
-
What alternatives are available for website owners after the removal of third-party cookies?
Website owners can focus on enhancing first-party data collection through methods like capturing data in forms, leveraging GA4 analytics, and using surveys and loyalty programs.
Simone De Palma
Technical SEO Executive
Simone De Palma is a Technical SEO Executive at iProspect UK and the founder of SEO Depths.
He graduated in Marketing and Management from Università IULM before completing a degree in Digital Marketing and Data Science at Leeds Beckett University.
Simone has worked as an SEO Specialist in digital agencies in Italy and the United Kingdom and he’s a contributor for the Search Engine Land.
When he’s away from his double screens, he enjoys cooling down with a refreshing swim at the pool. You could find him exploring art museums or enjoying the company of a classic romance.