29.01.20 – Dynamic cookie categorization
Since February 4th 2020 Google Chrome handles SameSite Cookies different than before. This means, that only cookies that fulfill certain requirements can be used for tracking.
Further reading:
This article shows the full picture: https://web.dev/samesite-cookies-explained/
Good additional read: very comprehensive article: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Also a useful read: https://web.dev/samesite-cookie-recipes/
Feature in Chrome: https://www.chromestatus.com/feature/5088147346030592
Chrome Change: https://www.chromestatus.com/feature/5088147346030592
Example:
A cookie associated with a cross-site resource at http://ui-website.ingenioustech.biz/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies
What are the changes?
Ingenious Technologies did some updates concerning the settings of cookies in Chrome and the tags that can be generated in the platform (ad media, tracking):
Dynamic cookie settings for ‘SameSite’
In order to track correctly, for Chrome 80 (+) cookies need to be flagged using the ‘SameSite’ attribute, and marked as Secure.
These attributes will be set under the following conditions:
Given Chrome browsers Version 78 or higher
And Interaction is View
And Schema of the View-Link is https
Then set cookie attribute ‘SameSite: None’
And set cookie attribute ‘Secure: true’
Given Chrome browsers Version 78 or higher
And Advertiser has 3rd Party Domain Setup
And Interaction is Click
And Schema of the Click-Link is https
Then set cookie attribute ‘SameSite: None’
And set cookie attribute ‘Secure: true’
Given Chrome browsers Version 78 or higher
And Advertiser has 1st Party Domain Setup
And Interaction is Click
And Schema of the Click-Link is https
Then do nothing and rely on Chrome defaults to set ‘SameSite: Lax’
And set cookie attribute ‘Secure: true’
As you can see, Ingenious does not have rules for HTTP-Traffic, as nearly all our customers already use HTTPS-only traffic for Views and Clicks.
https as standard
HTTPS-Schema is always applied to all tags generated from the system for tracking or as ad media/ creative that are downloaded/ fetched from the Ingenious system:
HTTPS is standard in product feed Images and Deeplinks, ad media / creatives for publishers
HTTPS is standard in tracking tags (onpage tag, conversion tag)
What needs to be done by Advertisers/ Publishers?
All Click- and Conversion-Tracking tags need to be executed via https. All Advertisers and Publishers need to take care of that task or should double check to make sure https is implemented.
In short, the following tags need to be executed via https:
Conversion-Tracking tags
Onpage tags
Click-tags (AdMedia)