Cookies have been available to marketers and web developers for years and have a number of uses. In May 2019 Chrome announced a new requirement for cookie tracking to help improve website privacy and security.
This article will cover what those changes are and what this change means for your website.
What is a cookie?
A cookie is a small text file that allows web servers to track a user between websites – giving the effect of one continuous visit. Cookie files are unique to the user, meaning that web servers know who is visiting a website.
On the first page request a cookie is sent from the server to the browser. On each subsequent request the file is sent back from the browser to the server.
How have cookies worked in the past?
Previously if a cookie for your website sat in a user’s browser it would be included in any web page request made. The cookie was applied whether the user clicked on a link from a third-party site, an iframe (an embedded copy of your website) or an image.
This feature was used to provide embedded content, shared imagery, tracking scripts (such as Google Analytics code) and adverts.
What does this mean for my website?
A change in the way browsers handle cookies means that the website instructs the browser when to send its cookie back which can – if not configured correctly – break the way cookies work.
This new type of cookie tracking is called a same-site cookie.
There are four modes to a same-site cookie:
Lax: any embedded content (iframes, images, tracking scripts) that your website provides to third-party websites will not be sent the cookie. This means they will be registered as a brand-new user whether or not they have visited your site previously. If your website is displayed in an iframe on third-party websites, it may be difficult to interact with it. With this in mind, this setting should not be applied without consideration although, it is the recommended
Disabled: no same-site ruling is applied at all and it is left to the browser to determine the best approach (most likely 'Lax'), this means your website could perform differently in different browsers.
None: everything works exactly as it does now. For Intergage customers, this is how your website will operate by default. However, works only if you have an SSL certificate, otherwise the browser will ignore this setting and use 'Lax' mode.
Strict: this is very similar to Lax mode but it means that even direct links to your website will skip the cookie. For example, if you sent an email with a link back to your website, when that link is clicked the cookie will not be included. This is very secure but will prevent anything that relies on user tracking (such as forgotten password emails and marketing automation features) from working.
Our advice is to opt for the Lax mode if you can.
When can websites use Lax mode for cookies?
It should be safe to opt for the Lax option, providing that your website does not:
display in an iframe on another website
use tracking scripts to track what users do on other websites from your website
host resources for other websites such as images or scripts
embed forms (through any means) onto third-party websites.
How can I change my same-site cookie setting? (Intergage Customers Only)
New User Interface:
To change your same-site cookie option in the new user interface of the CMS navigate to:
Settings > Cookie Control and change the "Cookie Same Site" option at the bottom of the form.
Old User Interface:
To change your same-site cookie option in the old user interface of the CMS navigate to:
Setup > advanced > server details and select Cookie Same Site
If you can't find your advanced settings, please get in touch with a member of the Intergage support team at firstname.lastname@example.org
What if my website doesn’t have an SSL Certificate?
If your website does not have an SSL Certificate (it really should by now) Intergage can provide you with a free audit to identify if there is anything that needs to change to make your website SSL compatible.
Intergage is also able to provide a free SSL certificate to anyone who uses the Intergage software. We will keep the certificate renewed free of charge.
See here for more information on why your website needs an SSL certificate.
If you are an Intergage customer and would like more information on your website’s cookie settings and SSL certificate, please get in touch or call our friendly team on 01202684009.