Cookies are an age-old and delicious snack. From chocolate chip to snickerdoodle, this article will walk you through HubSpot’s approach to all types of cookies.
If only it were so easy, right?
While the right kind of cookie can make your child’s day and satisfy your sweet tooth, the other kind might give you (as a marketer) a real headache.
In the last few months, today’s tech giants have made moves to curb the use of cookies on websites. In this post, we’ll give you the full rundown.
What is a cookie anyway?
In the most basic sense, a cookie is just a small text file that is stored on your browser. When you visit a website, the site developers may have a script on their pages to generate this text file and add it to your browser. Cookies don’t have the best reputation, but they are useful for a lot of what we want to do online. If you’re doing some online shopping, a cookie keeps track of your shopping cart for you and keeps you logged in while you switch between pages. Cookies are also helpful for website owners to understand their site traffic and how many individuals visit their website by tagging browsers with a unique cookie.
How does HubSpot use cookies?
In HubSpot, we use cookie tracking to give you context for your site’s visits. When someone arrives on a HubSpot tracked page, a cookie is added to their browser (assuming they accept your cookie banner, if you have one) to remember which site pages she viewed. Though this cookie does not have any identity information for anonymous, first-time visitors, it can still store the visitor's pages viewed. If your visitor enjoys your content so much that they choose to fill out a HubSpot form or start a live chat, they will have a record created in your HubSpot contact database, and the past history associated with their cookie will be added to the record.
What’s the difference between a first party and a third party cookie?
The difference between first- and third- party cookies is how they’re saved and who can see them. When a website saves a cookie, it’s given a domain. If the domain on the cookie matches the domain of the website setting it, it’s a first party cookie. If the domain is different, it’s a third party cookie. First party cookies can only be seen when on the website that set it, where third party cookies are visible from any website.
This is why most ad tools use third party cookies; they enable a tool to track a user across multiple websites, and they can use that cross-site data from any other website to tailor ads.
One specific example:
Let’s say you’re on a website, a.com. It’s an ecommerce business. You put something in your shopping cart. When you come back later, the site remembers you, and keeps your same items in the shopping card. That’s the result of a first party cookie doing its job. The cookie was set by the same domain you’re on.
On the other hand, let’s say you’re on a.com, and the page you’re on contains an iframe from a different website (b.com). Cookies set by b.com accessed from an a.com page are third-party cookies. Accessing them from a.com is a cross-site request. This iframe might show you an ad via Doubleclick --- they track you across multiple websites, and serve you ads wherever you go online. That’s the type of thing Google’s cracking down on.
So what have Google announced?
Google announced a new version of Chrome last year that would stop sending third-party cookies in cross-site requests unless they’re secured and flagged using an IETF standard called SameSite.
Apple, at their developer conference last June, announced a new version of Intelligent Prevention Tracking: the system that limits ad functionality on its native browser, Safari. The new version cracks down on first-party cookies.
More recently, Google announced that they are making further moves to eliminate 3rd party cookies from Chrome. This is in an effort to help publishers and advertisers succeed while also protecting people’s privacy as they move across the web.
Google said it was releasing new data on one proposed technology, which does away with “individual identifiers” and instead groups users into large demographic flocks.
The technique hides individual users in the online crowd and keeps a person’s web history private on a device’s browser.
So… are third party cookies completely dead?
Not necessarily. With this update, those cross-site requests sent by third-party cookies need a special type of security stamp called SameSite. Essentially, with this Chrome update, developers need to label third-party cookies in a certain explicit way. If they don’t, the cookies may not work in Chrome. In short, this makes it harder for the “bad guys” to use cookies for nefarious purposes (e.g. stealing data and hacking websites).
I’m a HubSpot customer. Will the Chrome update impact my tracking?
The short answer: no. HubSpot’s cookies are first-party cookies, so they’re not impacted by the Chrome updates. Your HubSpot tracking code will continue to function, and your HubSpot reports will continue to contain data.
Are you sure? I’m seeing a Chrome notification about cross-site resources. Seems fishy.
Yep, we’re sure.
HubSpot cookies are first party cookies. The scripts responsible for setting HubSpot cookies will generally be hosted on a domain different from the HubSpot-tracked website (e.g. the HubSpot analytics script is hosted at hs-analytics.net) and this is likely the reason that Chrome is flagging the cookies as being 'associated with a cross-site resource.' The HubSpot scripts setting the cookies are considered cross-site resources, however the cookies themselves are first party cookies and do not track visitors across multiple websites/domains.
What about the Safari update?
The biggest change with the newest ITP update is that first party cookies stored in Safari that are unused for seven days will be deleted. This means that visitors who don't return to your website within seven days will look like new visitors to HubSpot (or any other analytics tool). That means that your “unique visitor” or “new visitor” metrics may rise. In addition, you’ll likely see less browsing history in the contact records of Safari users.
Note that, while significant, Safari is a distant fourth in browser usage globally. While that doesn’t take away from the importance of the announcement, it puts the impact into perspective.
Is this the end of marketing as we know it?
No. It’s the next step in an ever-building push-pull between two contrasting perspectives on data. On one hand, as cookies become more limited, that hurts websites’ ability to deliver personalized experiences to their visitors and customers, creating a less friendly web experience. On the other hand, limiting cookies increases the safety of the internet and protects individuals’ privacy.
These updates will no doubt make harnessing data for marketing, sales, and service more difficult. But at the end of the day, it’s about your customer’s experience. Google and Apple think your customers value privacy, so they’re making moves to protect it. In that sense, they’re solving for both you and your customers.
And in that sense, too, they’re 100% aligned with the inbound methodology. At HubSpot, we’re all about matching the way you market and sell to the way your customers shop and buy. Today’s customer prioritizes privacy; you should too. Apple and Google are updating their software to make that easier.
The question moving forward: where will these companies draw the line? At what threshold does limiting cookies actually hurt the customer experience by rendering it impersonal and completely anonymous? Only time will tell.