29.01.20 – Dynamic cookie categorization

Since February 4th 2020 Google Chrome handles SameSite Cookies different than before. This means, that only cookies that fulfill certain requirements can be used for tracking.

Further reading:

Example:

A cookie associated with a cross-site resource at http://ui-website.ingenioustech.biz/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies

What are the changes?

Ingenious Technologies did some updates concerning the settings of cookies in Chrome and the codes that can be generated in the platform (ad media, tracking):

In order to track correctly, for Chrome 80 (+) cookies need to be flagged using the ‘SameSite’ attribute, and marked as Secure.

These attributes will be set under the following conditions:

  • Given Chrome browsers Version 78 or higher

  • And Interaction is View

  • And Schema of the View-Link is https

  • Then set cookie attribute ‘SameSite: None’

  • And set cookie attribute ‘Secure: true’

  • Given Chrome browsers Version 78 or higher

  • And Advertiser has 3rd Party Domain Setup

  • And Interaction is Click

  • And Schema of the Click-Link is https

  • Then set cookie attribute ‘SameSite: None’

  • And set cookie attribute ‘Secure: true’

  • Given Chrome browsers Version 78 or higher

  • And Advertiser has 1st Party Domain Setup

  • And Interaction is Click

  • And Schema of the Click-Link is https

  • Then do nothing and rely on Chrome defaults to set ‘SameSite: Lax’

  • And set cookie attribute ‘Secure: true’

As you can see, Ingenious does not have rules for HTTP-Traffic, as nearly all our customers already use HTTPS-only traffic for Views and Clicks.

https as standard

HTTPS-Schema is always applied to all codes generated from the system for tracking or as ad media/ creative that are downloaded/ fetched from the Ingenious system:

  • HTTPS is standard in product feed Images and Deeplinks, ad media / creatives for publishers

  • HTTPS is standard in tracking codes (onpage code, conversion code)

What needs to be done by Advertisers/ Publishers?

All Click- and Conversion-Tracking Codes need to be executed via https. All Advertisers and Publishers need to take care of that task or should double check to make sure https is implemented.

In short, the following codes need to be executed via https:

  • Conversion-Tracking Codes

  • Onpage Codes

  • Click-Codes (AdMedia)