How to prepare for the Google Chrome 80 update (SameSite)
As part of Google's initiative to improve privacy and security on the web, Chrome uses a new model for cookies with their Chrome 80 update since February 2020. This update changes the way Chrome handles cross-site cookies. It now prevents cookies that are not explicitly labeled as "SameSite" and "secure" from being accessed. Here we explain how to configure your Mapp products accordingly.
Mapp Intelligence
Mapp Intelligence is using cookies to identify users. In order to ensure the accurate recognition of returning users, please check the settings in your tracking configuration mentioned below.
How to check whether you need to adapt your tracking setting
Only if all three criteria (Server-Side Cookies, no custom track domain, no https) match, you have to adapt your tracking configuration. In any other case, you are already prepared for the Chrome update!
- Cookies
Check whether you use Server-Side cookies- Log in to Mapp Intelligence.
- Open (for example) the Traffic analysis (Visitors > Traffic).
- Change the dimension to "End device Visitor IDs". Check whether these IDs start with "4".
If yes: Proceed with 2.
- Track domain
Check whether you are using a custom track domain or not. To this end, you can use the Developer Tools within your browser (as an example, see here how to use them in Firefox).
If the domain is a not subdomain of your own domain, proceed with 3. - https domain
Check whether you are already using an https track domain in the same Developer Tools window:
If you see the crossed-out lock next to your track domain as in the picture above, you need to adapt your tracking settings.
How to adapt your tracking settings
Please make sure your tracking is set up as follows:
- When using the Tag Integration, activate the “Send all pixel requests via HTTPS” checkbox in the advanced settings.
- When using Pixel v4, you can configure this in your global configuration settings:
- When using the Smartpixel or the AMP extension, you can sit back and relax because they take care that all requests are sent via an https encryption by default.
Some technical details
If you are using a secure (https) track domain, our servers will set the "SameSite=None" and "Secure" attributes and everything will work perfectly fine. Otherwise, our servers will set the SameSite=Lax attribute. This means your traffic is still being tracked as usual for any browser except Chrome80+ where a user will be recognized as a new user in every session.
Find out more information on how to send requests using a secure connection here.
Mapp Acquire
Mapp Acquire is using cookies to segment users based on their behavior on the website. In order to ensure the accurate segmentation of users, please follow the steps below in order to align with the new Chrome settings:
How to check whether you need a new pixel version
- Creation date of a tracking pixel
Check if your pixel has been created after 25 October 2019. In Acquire, open Data Collection > Tracking Pixels to see the Tracking Pixels overview:
If yes: You're done! You don't need to check or change anything else.
If no: Proceed to step 2. - https domain
Check if you are using an HTTPS connection for the Acquire request. You can do this in a similar way as described in the "Mapp Intelligence" section. To find the Acquire request, search for "flx1" in the Network tab of the Web Developer tools of your browser:
In case you are not using HTTPS, please update your tag as described in the following section.
How do I get the new tag?
In Mapp Acquire, navigate to the export section of a pixel and paste the updated tag on the website. The updated tag can be identified with https in the URL in combination with the &fs=1 parameter.
Some technical details
We have changed the tag to force SSL cookies. This means that all future cookies that are dropped with this new tag, are unable to interact with cookies stored with the old tag on non-secure (http) pages.