Latest Round of Cookie Updates
February 1, 2021 -
On January 21st, the latest round of Cookie updates were released on the major browser players in the market. Although we understand there are many others out there, it’s fair to say these are the ones currently setting the rules.
That being said, here are the updates that you should be aware of.
Firefox – Cookies in 1st party context
All storage will be cleared (more or less) daily from origins that are known trackers and that haven’t received top-level user interaction (including scroll) within the last 45 days. Among other data, Firefox will clear:
- Network cache and image cache
- DOM push notifications
- Storage Access permissions granted to the origins
The full list of items and more details on this can be found here.
Brave – Referrer
Updated Brave with less strict referrer policy (now defaults to strict-origin-when-cross-origin instead of removing cross-site referrer altogether).
strict-origin-when-cross-origin or stricter referrer policy in cross-site navigational requests. Example: When clicking a link from https://domain.com/page to https://anotherdomain.com/another-page/, the referer header is set to https://domain.com. Similarly, the document. referrer will be set to https://domain.com once the user lands on anotherdomain.com.
For same-site requests (both navigational and non-navigational), referrers will have a normal behaviour.
Chrome and Edge – Referrer
This information was directly provided by Chrome 85 version but we believe can be applied to both browsers.
Safari – Others
Purge all site data from classified domains if no user interaction (or Storage Access API grant) in first-party context has been recorded in the last 30 days. WebKit browsers also delete all site data (script-writable storage, all cookies) if the site domain has been classified by ITP and if there has been no meaningful interaction with the site in first-party context in the last 30 days. Granted access through Storage Access API resets the timer as well. This is the latest information, but because Safari is the lead on this Cookie Status world, we can’t exclude other important updates that happened before.
Safari also protects against first-party bounce tracking. Bounce tracking happens when instead of navigating the user directly to the target domain, the user is redirected through intermediate domains which can set cookies and build a profile of the user. Intelligent Tracking Prevention detects when domains are used solely for bounce tracking and clears all website data that might have been saved on them.
Similarly, Safari protects against tracker collusion, where multiple tracking domains in a redirect chain can feed information to each other to build a comprehensive profile of the user. If one domain in this chain is classified as having cross-site tracking capabilities, then all domains in the redirect chain will be classified as well.
With Safari 14, WebKit’s tracking preventions are extended to all browsers running on the iOS platform. There is no way for the browser or any app using the browser to toggle these protections off. Only the user can opt-out of cross-site tracking protections.
Not a lot of updates, but we’ll keep you posted as new changes come out. Based on how things are going, soon enough we will be living in the much-talked-about cookieless world.