Chrome 80: We’re ready!

You may have heard that Google Chrome has made some big changes in the latest update for the popular browser – we are here to help break down those changes for affiliate marketers and why you don’t need to be concerned if you’re using Hitpath.

The major changes have primarily to do with the way Chrome will be handling cookies – specifically that they will no longer share cookies across different websites (called Cross Site tracking) unless those cookies are secure and are set with a “SameSite” status tag. 

If that sounds like a bunch of technology jargon – you’re not wrong.  In simplest terms Chrome is changing its rules on how it will send cookies from various sites. This impacts affiliate marketers since these Cross Site cookies are what allow many things like retargeting, audience recognition, or some analytics to function correctly.  However, because Hitpath is tracking items such as clicks and conversions, we do not expect these changes to impact us – and we can walk through why.

1)   Hitpath does not use “Cross Site” tracking.  We use cookies for two main purposes; as a secondary method of tracking and as a deduping method.  In both of these instances, the cookies will only ever be read or accessed by the same domain that initially sent  the cookie. We do not have any instances where we need to share cookie information cross site to a different domain.

2)   Hitpath tracking is designed to use “first party” cookies.  This means that a user clicks on a website, ad or email that contains one of our links, which then loads that URL in the browser and redirects them to the landing page.  Because the user is choosing to click on that link, that makes it a first party cookie. A third party cookie is something that would be generated when a user navigates to a website like www.example.com, and then www.example.com would call a URL from a different site from within its own code that tries to drop a cookie.  Because the user wasn’t directly choosing to click on the URL (rather they clicked on www.example.com which then called the URL in the background), that becomes a third party cookie. 

3)   Hitpath cookies are secure. The new restrictions say that all cookies must be secure in order to be shared – Hitpath already includes SSL on all tracking domains and provides secure links to your affiliates by default, so all cookies will also be transmitted securely . No worries here.

4)   Hitpath cookies now include a SameSite tag.  Although based on the above we do not expect any impact on our first party, same site cookies, in order to keep up with best practices, we are adding in a SameSite=None tag to our tracking cookies.  The SameSite tag is a setting within the cookie that determines whether or not it can be accessed by other domains. Currently, Chrome has SameSite=None as the default for any cookies with no tag designated, but moving forward will change the default to be SameSite=Lax (more restrictive) for cookies with no designation.  We will now explicitly label our cookies as SameSite=None to keep the current behavior the same after the updates.

And of course as a final note, if you’re tired of trying to keep up with new browser changes and restrictions, we always recommend using our primary method of tracking – passing the hitid value – whenever possible as this method not only means you have the most accurate and reliable method of tracking, but it’s completely non-reliant on cookies

If you have questions on how to setup hitid tracking, or on any of the information above and how it may impact you or your business model specifically, as always, please reach out to your Hitpath Support team!  We’re here to give you unlimited support about questions big or small.