The strategies that govern user privacy and data collection continue to evolve. One of the major players steering this evolution is Google, the tech giant behind the popular web browser Chrome. In a groundbreaking move, Google announced its intention to deactivate third-party cookies for a limited group of Chrome users, specifically 1%, in 2024. Google remains on course to entirely eliminate third-party cookies in the second half of 2024.
⚠️UPDATE: in the April 26th report, Google informs that they will not complete third-party cookie deprecation during the second half of Q4, 2024. Which means, there's still time to prepare :)
In this article, we'll explore what the depreciation of 3rd party cookies means for online businesses, discuss its impact, and explain how server-side tracking can help to prepare for the change by transitioning to first-party cookies.
Why are third-party cookies bad?Copy link to this section
Third-party cookies are data files placed on your device by domains other than the one you visit. Unlike first-party cookies, which are set by the site you're directly interacting with, third-party cookies are often set by advertisers or analytics companies and track your behavior across multiple websites. These cookies have enabled targeted advertising and comprehensive analytics, as they can collate data on user preferences, clicks, and time spent across different sites.
However, this widespread tracking capability has also raised significant privacy concerns, making them a focal point in the ongoing debate about data security and user rights.
Why Google's Move MattersCopy link to this section
Google's decision to disable third-party cookies for 1% of Chrome users in 2024 is more than a mere technical adjustment; it's a watershed moment in the evolving narrative of online privacy and data security. While the initial impact may seem minimal, given the small percentage of users affected, the move sets a precedent that could influence the industry at large. Additionally, Google plans to turn off third-party cookies for everyone by the end of 2024.
Google has framed this step as part of a broader effort to balance the user's need for privacy with the business requirement for targeted advertising. By testing the waters with 1% of its user base, the tech giant can assess the real-world implications of this change before potentially scaling it up. The decision could serve as a catalyst for other browsers and companies to reevaluate their approach to data collection and user privacy.
Consumer ImpactCopy link to this section
The impact of Google's decision to disable third-party cookies on consumers carries both pros and cons.
| Positive | Negative |
| Enhanced privacy | Less personalized web experience |
| Reduced Data Misuse | Potential Paywalls |
| Regulatory Compliance | Need time to adapt to new technologies |
On one hand, it signifies a win for consumer privacy and aligns with global data protection trends. Conversely, it disrupts established advertising models and introduces potential complications for end-users and online services. This decision is a pivotal moment, prompting a reevaluation of how we balance privacy concerns with the conveniences of the modern digital experience.
Advertisers ImpactCopy link to this section
There are two primary purposes of third-party cookies:
- Retarget users who visited your website.
- Target new users based on their interests.
Imagine a user visiting your website using a Chrome browser with disabled third-party cookies. Your website has Google Analytics and Google Ads web pixels installed to dynamically retarget users who left a website without buying a product. To understand that this particular user visited your website, web GA and Google Ads scripts will try to set third-party cookies. Why third-party cookies? Because cookies are set by third-party domain analytics.google.com and not your website domain.
In the above scenario, Google won’t be able to reach that particular user with the retargeting ad since they could not mark the user as the one who visited your website because of a lack of 3rd party cookies. This will have a massive impact on advertising ROAS since remarketing ads have the highest return on investments.
A similar scenario applies to behavioral targeting. Imagine you want to show ads to people based on what they like or how they act online. When Chrome diabetes third-party cookies, the targeting won't be as accurate. This is because the companies that show ads can't collect as much information about what people are interested in or doing on the internet. So, the ads may not match people's interests as closely.
How Server-Side Tracking Can Help With Third-Party Cookie DeprecationCopy link to this section
Most users are used to client-side tagging. With client-side tagging, tracking scripts are executed in the user's browser.
Using server-side tagging, you add something like a middleman between your website and the tools you use for tracking visitors or showing ads. This middleman is a cloud server. With this setup, you can use 1st party cookies that come directly from your own website instead of 3rd party cookies that come from other websites. This relatively small tweek will help to set 1st party cookies.
To enable the ability of server-side tagging to set 1st party cookies, you need to use a tagging server URL located under your primary website domain. For example, if your website domain is example.com, the tagging server URL should look like ss.example.com.
Let’s use server-side Google Ads/Google Analytics as an example of how to set first-party cookies instead of third-party cookies using server-side tracking. For this purpose, we will use Google Tag Manager.
1. Create an account in the server Google Tag Manager. To do so, open the Admin tab and click + in the Container column. Add the container name, and in the target platform, select Server. Click Create.
2. Select Manually provision tagging server and copy container config.
3. Create a stape.io account and click Create container. Add the Container Name and Container Config you created in the previous step, and Select the server location. You should choose a location that is closer to your website visitors. It will make the gtm.js script load faster. We also offer a Global CDN power-up that allows you to load GTM scripts from locations closer to each of your visitors. Click Create. Once done, we will create a cloud tagging server for you.
4. This step is crucial if you want to set up first-party cookies. Inside your stape.io account, scroll down to the Domains section. There, you will see a default URL under the stape.io domain. To gain the ability to set up first-party cookies, you should add a custom domain that is located under your site domain. Click Add Domain and write the subdomain you want for the tagging server.
In the screenshot below, I’ve also enabled Stape Global CDN, which will make the gtm.js script load faster to website visitors.
5. After you’ve added domains, you will see DNS records that need to be added to verify the domain settings.
Adding custom subdomain with A and AAAA records:
You must set A and AAAA records if you do not use Global CDN.
You must set A, AAAA and CNAME records, if you use Global CDN.
Adding custom subdomain with a CNAME record:
This can be useful when DNS providers restrict adding duplicate records. A common situation is with domains hosted on Shopify or Wix.
Let's say your tagging server URL is sgtm.example.com. You should create A and AAAA DNS records to verify the domain on Stape. If Shopify manages your domain, creating both A and AAAA records for the same subdomain is impossible. Thus, you can't verify a custom domain on Stape.
To handle this issue, enable the checkbox Use CNAME record instead of A records, and instead of two A records, you will be asked to add one CNAME record to verify the domain.
You must set CNAME record if you do not use Global CDN.
You must set two CNAME records, if you use Global CDN.
Log in to your DNS provider and add those records. The screenshot below is an example of configuring DNS records in Cloudflare.
To verify that DNS records were added correctly, you can use this tool and confirm public DNS settings.
6. Once a custom domain has the status Ready in stape admin, you can set up server-side tracking. It may take up to 72 hours to verify the domain. If you need help verifying the custom domain, please check this article.
7. Copy the tagging server URL in the stape account. Open the server Google Tag Manager container, go to server container settings and paste the URL into the Server container URL.
8. Open the WEB Google Tag Manager container, go to the tag section and create a new tag of the tag Type Google Tag. Add your Google Tag ID. In the section Configuration Settings, add the following parameters:
- Name: server_container_url
- Value: Enter the URL we’ve used in the previous step.
Add trigger to GA4 tag. Typically, it should trigger on all page views.
9. Open the server GTM container, go to the Clients section, and create a new GA4 client.
10. Inside the server Google Tag Manager container, go to the tags section and create a new GA4 tag. Add your GA4 measurement ID, and select Event Name (to trigger the same events as you have in the web GTM container, just use the {{Event Name}} variable. Add a trigger (if you want the GA4 tag to be triggered every time the GA4 client is claimed, use the same tag you see on the screenshot below).
11. Open the web and server Google Tag Manager container preview and test the setup. You should see that GA4 tags are triggered in web and server Google Tag Manager containers.
Besides that, open the developer console in Google Chrome, open the Chrome Menu in the upper-right-hand corner of the browser window, and select More Tools > Developer Tools. You can also use Option + ⌘ + J (on macOS), or Shift + CTRL + J (on Windows/Linux)—to open network tab filter requests by your GA4 ID. You should see that requests were sent from your tagging server URL, not analytics.google.com.
12. This is how you replace 3rd party cookies with 1st party using server-side tagging. Another way to verify that GA4 sets first-party cookies in Chrome is to open the Application tab in the console and check the domain that sets cookies and expiration date.
ConclusionCopy link to this section
This is a quick example of how to set first-party cookies in Chrome using server-side tagging. We also have more in-depth blog posts showing how to set up server-side tagging and first-party cookies for other marketing platforms. Though the process is slightly different for each platform, the key element is the same: using a custom domain for the server-side Google Tag Manager container that sets first-party cookies instead of third-party.
You can also check out our blog post on how to set first-party cookies in Safari and other browsers with ITP.
Do you want a setup from us?
Happy to hear that! Click Get assistance, fill-up the form, and we will send you a quote.
Relevant posts
What is cookieless tracking
In this article you will find out if tracking without cookies is possible and how to make your tracking secured and accurate.
Updated Apr 11, 2024How to increase first-party cookie lifetime set by a third-party IP (Safari 16.4 and ITP update)
Learn how you can use Stape's Cookie Keeper to increase first-party cookie lifetime set by third-party IPs in Safari 16.4 and other browsers using ITP.