If you spend time in Chrome DevTools console tab you may have noticed these warnings “Third-party cookie will be blocked. Learn more in the Issues tab.”
In this post we’re going to cover some beginning details a website developer is considering. To be certain, there will be some nitty-gritty details not covered here, but it will give you a general lay of the land and link to further details. If you need to know more on what these cookies are, check out my other post: The State of Third Party Cookies in Browsers.
Third-party cookies are created by domains other than the one you are directly visiting. These cookies are mostly used for tracking users across different websites, enabling businesses to serve targeted advertisements based on browsing history and preferences. For more basic information, you can read this post.
Does My Site Have Affected Third-Party Cookies?
We have the problem, third-party cookies are going the way of the dinosaurs. Now, what needs to be done to assess the likelihood your site is affected? What steps may need to be taken to continue using the functionality they enable?
Testing Existing Cookies in Chrome DevTools
The easiest way to view cookies on a site and see if they will be blocked, either by browsers that currently block third-party cookies or browsers that may and are planning to block cookies in the future, is to:
- Open up Chrome DevTools in the Chrome browser.
- Click to open the Application tab.
- Open up the Cookies section in the left-hand sidebar and select a domain.
- From there, find the “Only show cookies with an issue” checkbox and mark it checked. This will filter down to only cookies which are currently blocked (in FF and Safari for example) and possibly will be blocked in the future (in Chrome and Edge for example).
If you right-click on one of the affected cookie rows, you’ll see you can select from “Show Requests With This Cookie” and “Show issue associated with this cookie”.
The first option will bring you to the network tab, with the results filtered down to the requests where that cookie was used. The second will open up the Issues tab, which will list all the cookies that had issues on the page and all the requests that had issues.
Another, slightly more involved way of auditing cookies is to use Google’s Privacy Sandbox. It will give you more information on why the cookie would be blocked.
Once you’ve identified the cookies that will be affected, you’ll need to evaluate each one to determine the appropriate course of action.
In some cases, it might be a cookie that your site has issued, but was not specified as not cross domain during its setup.
In other instances, the cookie might have been set by a third party. For these, you’ll need to contact the respective company to find out their plans for adapting to the third-party cookie phaseout.
Options for Privacy Preserving Solutions
As usual there are different ways to address this issue with browsers implementing different specifications.
If your third-party cookies are utilized on a select few closely related websites, consider leveraging the Storage Access API and/or Related Website Sets to enable cross-site cookie access exclusively for those specific sites.
The Storage Access API involves a user-friendly prompt asking for permission to allow third-party cookies on a case-by-case basis and is supported by all major browsers.
Think of Related Website Sets as an enhancement to the Storage Access API. It operates similarly, allowing cross-site cookie access, but without requiring user permission each time for sites within the set. This does not have cross browser support. It is currently only supported by Chrome and Edge using the requestStorageAccessFor API.
For third-party cookies that are directly tied to the main websites where they are created, you might want to consider using Cookies Having Independent Partitioned State (CHIPS), or partitioned cookies. This method involves adding a ‘partitioned’ attribute to your existing cross-site cookies, which then places them in a separate storage partition for each top level site. This setup allows unrestricted use of these cookies, although they remain isolated and cannot be shared with other sites. This is only supported in Chrome and Edge.
