Browser Cookies: How Are They Handled by Different Web Browsers?
In the ad tech industry, web browser cookies are the gatekeepers of key user data. Without cookies, publishers and advertisers cannot process important information related to the behavior of the users across the web. This serves as a major drawback, especially while planning to undertake programmatic ad campaigns in a personalized manner.
But why is cookie exploitation so difficult?
With the advent of privacy regulations like the GDPR and the CPRA, users are granted greater control over their data to prevent a potential privacy breach. This has drastically reduced the use of different types of cookies to understand the online surfing behavior of the users on the publisher’s part. Currently, each web browser deals with first-party and third-party cookies in different ways. While a few of them avoid them by default, there are manual options available in the rest to enable or disable cookies.
Let’s understand in detail how cookies function and the approach adopted by different web browsers in dealing with them.
What are Browser Cookies?
Browser cookies, sometimes also known as HTTP cookies, is a small snippet of data text which is stored in the web browser when a user visits a website. When a user visits a website or undertakes a subsequent action on it, some information from the website is stored in the browser used by the user to access the website. As the user continues surfing across the web, multiple cookies are picked up from different websites and stored. On re-visiting any of the previously accessed sites, the site will recall the information stored previously, recognize the user and provide a personalized web experience.
For example: When Amazon reminds you of the items you left in your cart previously while browsing through its website on a second visit, it is due to the cookie allowing Amazon to recall your shopping cart.
Types of Cookies
1. First-party cookies: These cookies are created by the website that a user visits. It stores information related to the total session time, page views per session etc. Normally, first-party cookies are accessible to the publishers who then share information obtained through such cookies with advertisers to undertake behavioral targeting campaigns.
2. Third-party cookies: These cookies are created by domains that are not directly visited by the users. Such cookies are used to track users and save their information for undertaking behavioral advertising campaigns. By installing third party elements (like ads and chatbots), it is possible to track the users since interacting with these elements will begin user tracking until the third-party code expires.
3. Secure cookies: These cookies can only be set by HTTPS websites i.e., a website with a genuine SSL certificate. These are cookies with encrypted data usually set by e-commerce websites at their checkout page or the payment page and by the online banking websites to facilitate safe transactions.
Cookie Handling Techniques by Different Web Browsers
1. Google Chrome
Currently, Google Chrome does not block either first-party or third-party cookies by default. However, Chrome users have an option to manually block site cookies at their convenience.
To enable or disable cookies on Chrome, follow these steps:
1. Open Chrome. On the top right part of the application, click on the three dots. Choose ‘Settings’ from the list of options.
2. On the next page, choose ‘Security and Privacy on the left.
3. Select ‘Cookies and other site data.
4. From the list of given options, you can enable or disable first-party or third-party cookies as per your preference.
Keeping in mind the potential consequences on the ad tech industry, Google has planned to delay the process of phasing out third-party cookies in its browser until 2023. While it may end up portraying Google in the wrong space, cutting off third-party tracking would also be viewed as the company’s strategy of increasing its dominance in the ad space.
Thus, with its hands shackled from all the ends, Google’s Privacy Sandbox currently serves the needs of the publishers as a suitable alternative to third-party cookies. However, it mainly consists of first-party data that is obtained from the usual logging in process of the users into their Google Account. Thus, overall, it reduces the benefits reaped by the publishers from the technology.
2. Safari
A stalwart defender of consumer privacy, Apple’s Safari browser blocks all third-party cookies. The story dates back to 2017 when Apple introduced the Intelligent Tracking Prevention (ITP) which was a unique privacy feature loaded on all iOS devices. In 2020, the next big move came in when Apple configured the ITP to block all third-party cookies.
As a result of this move, cross-site tracking is absent in Safari and all the site cookies expire within 24 hours in Safari. Moreover, all non-cookie data also expires within 7 days if the user does not visit the destination website within the designated period. Blocking of third-party cookies limits the publishers’ access to user data and impacts the overall advertising and retargeting campaigns. This also reduces the quality of the web experience of the users.
As of November 2021, Safari was the second most popular browser in the world with a global market share of 19.22%. At this level, the absence of third-party cookies limits the publisher’s revenue by offering low CPM rates.
3. Microsoft Edge
Microsoft Edge allows first-party cookies by default. However, it has options to disable both first-party and third-party cookies. It has 3 levels of ‘Tracking Prevention’ namely
- Basic: It allows prevention trackers across all the sites. This option enables personalized content and ads on the sites visited.
- Advanced: It blocks trackers from sites that the user hasn’t visited. This option will enable less personalized ads on the sites.
- Strict: It blocks a majority of trackers from all the sites. Under this option, there will be no personalized ads shown on the sites.
4. Opera
Just like Google Chrome, Opera allows first-party cookies and third-party cookies by default. The users can block these through the following steps:
1. Open Opera. Go to ‘Settings’
2. Click ‘Advanced’ in the left-sidebar and click ‘Privacy and Security
3. Under ‘Privacy and Security, click ‘Site Settings’
4. Click ‘Cookies and site data
5. Choose ‘Block third-party cookies’
Blocking first-party cookies in Opera may result in broken websites. Considering 2.34% of a trivial market share held by Opera, blocking cookies on this browser has a negligible impact on the publishers.
5. Mozilla Firefox
In February 2021, Firefox introduced the Total Cookie Protection feature in its Private Browsing window by default. This feature was introduced in the Firefox 89 version of the browser. As a result of this feature, when a user opens the Private Browsing window of the browser, each website the user visits have a separate cookie jar that stores cookies that are confined to that particular site. Thus, the cookies won’t follow the user from one site to another site. This would ensure that the browsing history of the user remains private.
For users who have Enhanced Tracking Prevention (ETP) mode enabled, Total Cookie protection has been in place since the Firefox 86 version which was extended to the Private Browsing window from Firefox 89.
Opera image source: https://www.theverge.com/2020/2/20/21136772/opera-privacy-tools-private-network-browser-settings-security
Safari image source: https://www.imobie.com/support/how-to-enable-and-disable-cookies-on-mac.htm
