Prepare your website and web shop for the new behavior of SameSite cookies in the browsers Chrome, Firefox and Edge
Chrome changes the cookie handling in February 2020 with the update to version 80. The Firefox and Edge browsers follow in implementing the new policy. Thereby the SameSite cookie labeling plays an essential role, respectively two of the possible values: Lax and None.
The Intelligent Tracking Prevention (ITP) recently announced by Safari takes a similar approach, but can be handled differently with the SameSite settings than explained below.
In the following, the SameSite cookie values Lax and None are explained in detail:
Lax: Cookies are only set if they are 1st party cookies, i.e. if the domain of the cookie is identical to the domain in the URL of the browser.
None: 3rd Party Cookies: Cookies are set across websites.
Unlabeled cookies were treated as SameSite=None by now. With the new update in February, unlabeled cookies will be interpreted as SameSite=Lax.
Through the update, 3rd party cookies, which are used e.g. for tracking reasons, will no longer function under SameSite=Lax. In order for these to continue to work, 3rd party cookies must carry the label SameSite=None. In addition, they must be delivered as HTTPS.
Google Analytics should not be affected by this change as it only uses 1st Party Tracking Cookies.
We recommend that you and your technical service provider check the cookies you set so that important key figures can still be measured by the update and the web shop continues to function properly.
We would be pleased to support you in analyzing, if your online presence is affected and offer you an action plan.
A cookie is a small text file generated by a website and stored by the web browser. Cookies enable a web server to recognize users and save settings. There are different uses for cookies, which operators must treat differently. Therefore the consent of the user plays a decisive role. Particularly in Germany, the DSGVO has particular regulations.
Which cookies can be set without the user's consent, depends on whether they are technically necessary for the operation of the website or not.
ESSENTIAL TECHNICAL COOKIES:
Cookies, which are essential for website operations, can be set without the user's consent. These are e.g. shopping basket cookies, cookies for log-ins, cookies that concern a country or language selection, but also cookies that save the selection in the cookie banner. Operators can rely on Article 6 paragraph 1 lit. b DSGVO.
UNESSENTIAL TECHNICAL COOKIES:
Marketing, tracking and third party cookies, which track user behavior on the website or across device boundaries (e.g. across different domains of different providers), require the active, explicit, informed, voluntary and above all prior consent (Article 6 paragraph 1 letter a DSGVO) of the user. This applies, for example, to cookies from plug-ins of social media providers, Google Maps, major online platform operators and advertising networks. The website operator itself may also not collect personal data of its users without prior consent