How to Prepare for the End of Third Party Cookies

Third Party Cookies and Web Analytics

Big changes are afoot in the world of web analytics. Both Apple and Google are taking steps to block third party cookies from web browsers. While this change will be largely invisible to users, it will have a significant impact on publishers and merchants who want to understand how visitors reach their sites — and how well their advertising is working.

The good news is that there are solutions. The bad news is that none of them are easy or free.

What’s a cookie and why are third party cookies going away?

In the last few years, governmental bodies have started to introduce new regulations limiting how ad networks can track users. In particular, these new rules are targeting how advertisers can track a user’s movement across multiple websites. 

This has put third party cookies — the underlying technology used by ad networks for cross-site tracking — in the regulatory crosshairs.

Cookies are small text files placed within the browser by a visited site. These files are necessary for continuity within a session. For example, on an ecommerce site, cookies help the site remember what you’ve added to your cart in between shopping sessions. Cookies also help users on gated sites stay logged in so they don’t have to repeatedly enter their password.

When a site owner uses cookies this way, they are referred to as first party cookies. 

Third party cookies, by contrast, send data about users back to the ad networks. For example, when you add a Meta pixel to your website, you’re helping Meta track the performance of the ads you’re paying for. The pixel sets a cookie, but it does so from the facebook.com domain. 

As innocent as that seems, the access to that cookie isn’t restricted to your site. Meta can place an ID within that cookie that tracks your site’s visitor across any sites that have a Meta pixel.

And, given that a user’s web activity might reveal their name and email address as part of a purchase process, your visitors are tracked to a personally identifiable level across sites.

You can see why regulatory bodies might be concerned.

How third party cookie blocking will work

First party cookies are set by the same domain the visitor is currently browsing. Cookies set by yourdomain.com are considered valid for www.yourdomain.com and something.yourdomain.com . If the browser (Chrome, Edge, Safari, etc.) is set to only accept cookies from a first party context, only sites on those domains above can read the information in the cookie.

With iOS 12, Apple introduced Intelligent Tracking Protection (ITP) which effectively blocked 3rd party cookies from its mobile devices. However, in 2024 third party cookies are going to be gradually blocked in Google Chrome — the desktop browser with 64% market share

Unfortunately for website owners, the tools used to optimize user experiences and paid media budgets are caught up within this. Measurement of new versus repeat visitors, where they’re coming from, and the size of targetable audiences, will all be affected negatively.

Fortunately there are remedies and below we detail what steps can be taken to mitigate these changes.

What's going to happen when 3rd party cookies are blocked?

Given that Google Analytics 4 (GA4), Meta, Linkedin and others all use third 3rd party cookies there is going to be a noticeable impact on measurement on those platforms.

GA4 will show fewer repeat visitors, meaning higher funnel touches will not be associated with the same user; attribution will therefore be biased towards last-click.

For the same reasons, the true value of paid media will be understated. Also, lookalike or predictive audiences will be less accurate given the full user journey won’t be visible.

This means that advertising will become less efficient, and will likely cost you more.

The same may be true for sites that rely heavily on organic SEO, referrals or affiliate traffic. Correctly attributing the value of those channels will be very difficult.

Fortunately, there is time for corrective action.

Solutions for third party cookie blocking

There are several solutions to third party cookie blocking, some of which you may have implemented already, possibly without knowing it. These solutions are designed around serving cookies and capturing user information exclusively in the first party context. 

In simple terms, this means making cookies and tags look like they are set by the same domain of your site, regardless of where the data is ultimately sent.

However, pulling this off isn’t easy. And sadly, even for small and medium sized business, it won’t be free. You’ll have to pay something for additional infrastructure and possibly license fees to make first party cookies do the job. 

This is a big change for thousands of organizations that have become accustomed to paying nothing for Google Analytics.

I . Conversions APIs

Conversions APIs are a way to send event data directly to the ad networks without cookies. Any event generated by your website will have data with it that is unique to your site, the event and  the user. The website sends the event data to a server hosted on a subdomain of the website which in turn sends to the network’s API.

Once this is sent to the ad network the data is processed and associated with the ads bought.

Meta has offered its conversions API for the past few years in response to ITP on iOS 12; Linkedin has more recently released its version.

There are several ways to deploy a conversions API server:

  1. Use the ad networks’ provided software or method hosted on AWS, other cloud service, or your own servers.

  2. Use a server side tag manager such as Google Tag Manager Server Side and use the specially provided tags. This again needs to be hosted on a cloud service or self-provided infrastructure.

  3. Use a Customer Data Platform (CDP) such as Segment or Rudderstack

II. Customer Data Platforms

These services act as proxy for all your analytics — one tag deployed on a website collects all the necessary event data and routes to the specified destination including the above conversions APIs, GA4 or a selection of other analytics services.

These services act as a data warehouse for your analytics data which in the age of GDPR and CCPA can reduce data privacy compliance complications.

The services come at a cost that can easily run into the thousands of dollars as your site scales  and with the risk that every analytics service you use is compatible with them through any version changes. Moreover, set up requires developer time for deployment and maintenance. 

III. Server Side Tag Managers

Google released its Server Side Tag Manager several years ago as a complement to its near-ubiquitous Google Tag Manager (GTM) product

Similarly to the original GTM client side, GTM server side works off a system of tags, triggers and variables. The GA4 Google Tag in the client (web) side container acts as the event collector. But, instead of sending the data directly to Google’s servers the Google Tag sends to the server side container which is hosted at something like gtm.yourdomain.com where the collected data is processed and routed to the analytics destinations. All cookies are set from the subdomain and hence in the first party context.

The bonus here, as mentioned above, is that more than just Google’s services can be used within the server. Both Meta and Linkedin have conversions API tags meaning a very easy deployment of either.

Hosting for the server side container was initially only available on Google Cloud Platform. Given redundancy requirements, multiple instances of the server are needed which can easily push the costs to the hundreds of dollars per month. Not huge, but again we’re often moving from a status quo of zero cost.

There is the option now to host on self-owned infrastructure, but more usefully, from our point of view, is the emergence of specialist GTM server side hosts such as Stape and TAGGRS. These providers take advantage of buying GCP compute at scale such that the resulting costs are a fraction of buying directly from GCP. Furthermore other features such as logging and specialist tags for different web platforms are included simplifying deployment, maintenance and debugging.

Far more can be done with GTM Server Side than is detailed here, such as data enrichment, but that is information for a future article.

It’s the end of third party cookies, not the end of the world

This year we’ll likely see the end of third party cookies. To maintain continuity of measurement, action will need to be taken to move measurement and cookies to the first party context. 

This change needn’t be onerous; there are a number of possible solutions and can serve as an opportunity to reassess the measurement tools your organization uses and the way in which they are used.

If you need further advice on how to prepare for this change, contact us and we’d be delighted to discuss.