Chrome’s SameSite cookie update and what it means for ad revenue
On February 4th, 2020, Google updated its Chrome browser to version 80 with a change of how it handles third-party cookies. This update can have a significant impact on some ad setups. So I summarized the most important things you might need to know.
Summary
Contents
- Old third-party cookies might no longer work in Chrome after the update to version 80, third-party cookies with the correct settings will work
- No change happened for first-party cookies, e.g., the ones set by plugins like Advanced Ads
- The new behavior is being rolled out gradually after February 17th, so the impact might be delayed
- Make sure that your site is using HTTPS when you rely on services that use third-party cookies
- AdSense seems to handle the change automatically, no need to do anything if your site uses HTTPS
- Check if other third-party services rely on cookies and have them set up correctly
What changed?
Cookies are small text snippets stored in a browser that can contain information about the user or their browsing behavior. While the website itself can only read “first-party” cookies, e.g., they might contain the shopping items in your cart, “third-party” cookies can help external services to identify the same user on different websites. E.g., they could contain a profile with information about what the user is interested in to then show more relevant ads.
In the past, a cookie could be defined with a limited amount of information. Then, the SameSite attribute was introduced, which allowed defining if a specific cookie is meant for first- or third-party purposes. If not set, the cookie could be both. There also existed a Secure attribute saying that the cookie could only be read over HTTPS-connections to prevent external parties from reading it at all.
With Chrome 80 and the gradual rollout starting on February 17th, this SameSite attribute now has to be set explicitly to the value None. The Secure attribute needs to be set as well, or the cookie could not be read by a third-party anymore.
Third-party cookies still exist and can be used. While there is much discussion about dropping them altogether, it is not related to this recent update.
First-party cookies are working as before. This includes all cookies set by WordPress or plugins like Advanced Ads.
If you are technical and want to learn more, then check out the announcement post on the Chromium blog or this article on web.dev.
What can happen now?
With Chrome having a market share of almost two-third, the impact on your revenue can be quite significant. Firefox and Safari already had more restrictive privacy settings for a long time, which many publishers didn’t notice due to their rather small market share. From what I found, revenue from users with those browsers dropped between 15 to 40% after these restrictive default settings were introduced.
One impact of this change is that all existing third-party cookies stop working if they don’t have the attributes mentioned above set already. If you, as a publisher, are working with an ad company that gathered information about your visitors using cookies, then this information might be inaccessible now. They would need to update their ad tech to set the cookies with the correct attributes and start gathering new information. There might be a significant drop in your income if your ad revenue is depending on this information.
You could also be hit significantly if your website is using HTTP instead of HTTPS. Serving your website content through the SSL protocol is the only thing you can and have to do on your end. Otherwise, third-party cookies cannot be used even if the ad network does set them according to the new specifics. They might only be able to give you untargeted ads, which normally come with significantly lower impression prices. Ask your hosting company for further advice on how to switch your site to HTTPS.
As far as I can see, Google AdSense is using the new format already for some time, which is no surprise since the update comes from the same company. If your website is using HTTPS, then I believe that the impact on your AdSense revenue is small or even unnoticeable.
If you are selling ads directly, then there should not be any impact since no third-party cookies are involved.
The information I received from a few larger publishers and also ad networks is that the header-bidding technology is hit by this significantly. If you don’t know what header-bidding is, then you probably don’t need to worry about this Chrome update. If your revenue is down anyway, then this might just be a seasonal effect. Please take a look at our article about some ideas on how to improve your ad revenue.
If you are using an ad network that was hit by this update after the gradual rollout on February 17th, then please let me know. We might share this knowledge with other users and try to find solutions.
Feedback from other ad networks
As mentioned, AdSense is likely to keep working well after the change. I reached out to other ad networks about potential issues and will post their replies here as they come in.
Media.net
Media.net is one of the few contextual ad platforms in the industry that does not rely on 3rd party cookies to deliver targeted advertising. If you’re using Media.net, it is your content that will be crawled and analyzed, instead of your audience data. The content-driven ads that Media.net serves are contextual in nature, so they’re completely unaffected by this update and also compliant with privacy regulations like the GDPR and CCPA.
Media.net about affects of the latest Chrome update on their ads.
How to check?
If you want to check which of your cookies are now blocked, then use the developer tools in the Chrome browser. Either right-click anywhere on a website and select Inspect or check the options listed here to open them.
You can see warnings about third-party cookies that were not accepted in the Console tab or list all of them under Application > Storage > Cookies.
Warnings in the Console tab of Chrome’s developer tools.
The warnings I found about google.com in the screenshot above just came from cookies set before the changes were made. If you are using AdSense, then just ignore them or clear all cookies in your browser if these warnings irritate you.
When using ad networks, you might see a lot of warnings for advertisers to which they sold ad space. There is nothing you can really do about that.
If you see a warning from a service you are using directly then reach out to them to learn more about their progress on updating their cookies.
Starting in 2009, Thomas’ own word game website grew to 40 MM page impressions per month. He then built Advanced Ads to help his colleagues to place ads and test different ad positions and networks tests without any coding skills. Thomas now enjoys improving the product for our more than 150,000 users worldwide.