Update February 17, 2020: Google Tag Manager Preview Cookies You have It has been updated with the necessary tags, so it won’t be broken once the SameSite app is launched.
If you open the browser console in Google Chrome (since Chrome 76), you may have seen a bunch of warnings in a yellow background related to something called
SameSite The cookie attribute is either missing or incomplete for cookies set on external domains. If you use Google Tag Manager, especially in preview mode, you may have seen a warning about a file
Although the warning is very prominent, taking up some key real estate in the browser console warning, it is, for the time being, Just a warning.
This article briefly explains what a file is
SameSite hoopla is everything, and how it relates to Google Tag Manager.
Simmer . Newsletter
Subscribe to the Simmer newsletter to get the latest news and content from Simo Ahava right in your inbox!
SameSite Google’s Cookie Attribute and Tag Manager
Here is the full text of such a warning:
The cookie associated with a cross-site resource is set at https://www.googletagmanager.com/ without a file
SameSiteattributed. A future version of Chrome will only serve cookies with cross-site requests if set with
Secure. You can review cookies in Developer Tools under Application > Storage > Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
What is a file
SameSite The attribute is configured when the cookie is set, and is used to describe the contexts in which the cookie is available for reading.
It has three possible values:
Strict– A cookie with this
SameSiteThe value is only available in requests where the request host shares the public suffix of the request origin (
domain.comThe general suffix will be . www.domain.comAnd sub.domain.com And ecommerce.blog.domain.com). So if a page is on domain.com I requested a resource from www.domain.com, The
SameSite=Strictbiscuit Will be It is sent with headers. But if the page exists domain.com I requested a resource from double click dot net, Which
SameSite=StrictCookies written on double click dot net Will be Not be included in the application.
Notably, this also applies to navigation – when navigating from domain.com to me otherdomain.com, Which
SameSite=StrictCookies written on otherdomain.com They will not be included in the request headers.
Lax– If set with this value, the file
SameSiteThe cookie behaves similarly to
StrictCookies, but allow higher level navigation to include the cookie in the HTTP headers. Thus, if the user switches from domain.com to me otherdomain.com, The
SameSite=LaxCookies written on otherdomain.com They will be included in the request headers.
This is too the virtual value For cookies without explicit designation
None– This feature allows access to the cookie in first-party and third-party contexts without restrictions.
Basically, if you have a cookie that needs to be distributed over multiple domains in the HTTP headers, you need to set
SameSite attributed to
None Or it will stop working when
SameSite become imposed.
The important thing is that a
SameSite=None biscuit It must also contain
Secure Science, or it won’t work.
If the cookie does not have The
SameSite parameter, the default behavior is
Lax. And so, again, all cookies are for third party access Will stop working unless explicitly set to
This is a great article for
SameSite Information: Explain SameSite cookies.
What is the deadline?
SameSite Change needs to be implemented before February 4, 2020. on that date, Chrome 80 The new stable build will become, and users who upgrade to it will see a file
SameSite The attribute is imposed.
Thus, after this date, any cookies are sent with via the site Orders Should You have
Secure Flags or the browser will reject it.
So what about Google Tag Manager?
You may be concerned about Google Tag Manager.
- Why does Google Tag Manager use third-party cookies?! – Simple: Preview mode. GTM uses a third-party cookie that is set to www.googletagmanager.com to make sure that is yours The browser is in preview mode, then is yours The browser is specific to the draft container rather than the latest live version.
- What can you do about GTM
SameSiteWarnings? – no thing. If you read the previous chapters carefully, you will see that a file
SameSiteChange must be made by the party Adjust A cookie, like Google. So Google needs to update the authentication cookies written on it www.googletagmanager.com to include the
SecureFlags for GTM Preview Mode to keep working in Chrome (and any browsers you choose to implement
Fortunately, there is a confirmation from the Google Tag Manager team that they will make sure to update the cookies before
SameSite Change enters stable construction.
Likewise, I’m sure that all other Google properties that require access to cookies in a third-party context will be handled appropriately as well.
great concern with
It’s likely to be a critical change, so if your company’s IT department isn’t on top of things, they time is running out.
To see the scope of this change and how badly prepared the general public is, I recommend looking no further Zach Edwards The Twitter feed, because it is full of examples where things have gone (or are going to go).
Zach’s webinar on this topic is also helpful (you can find the presentation here).
I hope this article was enlightening – please let me know in the comments if you have other concerns