How redirectors solve the third-party cookie problem
Recently, one of our competitors brought up a good point about third-party cookies and tracking. They pointed out that some browsers, on iOS-based devices in particular, do not accept third-party cookies by default. This makes tracking conversions on those devices challenging for tracking methods that rely on third-party cookies. We completely agree with that part of their analysis.
However, they associated using an http redirect with third-party cookies and suggested that using redirect-based tracking is susceptible to the same pitfalls. This indicates either a misunderstanding of what a third-party cookie is or a lack of understanding of how a redirect-based system should work. We wanted to clear that up for them.
First, what is a third-party cookie? A third-party cookie is a cookie from any domain other than the domain of the original page request. So if the original request is for http://someretailer.com/index.html, and there is an image on the page from http://content-provider.net/image1.jpg, a cookie set by content-provider.net would be a third-party cookie. One from http://content.someretailer.com/image2.jpg would not be a third-party cookie. It is the same base domain as the original request, so it is considered a first-party cookie.
This concern has prompted the major browser makers to include an option to restrict third-party web servers from setting cookies for objects on pages that are not their own.
How does a redirector solve this? When a browser requests a page from a redirector, the redirector is the first party. So if a browser requests http://redirect.another-tracker.com/?goto=client1.com/index.html, the server could respond with “Actually go to http://client1.com/index.html, and by the way please set a cookie for another-tracker.com.” Since the request is to “another-tracker.com” and the cookie is for “another-tracker.com”, the browser does not consider it third-party so it accepts the cookie (unless the browser has all cookies turned off, in which case they won’t be able to add anything to their cart on the client site so won’t be able to convert anyway). When the customer reaches the conversion page that contains a tracking tag, the browser is then happy to present the existing cookie to the third-party server, although it would not accept any new cookies that server tried to set at that time.
As with any solution, there are some additional technical gotchas, so this method may not be something just any company can get to work. But we have tested and verified it with many browsers, including Safari on iOS devices, so we are confident in our understanding of how best to track the performance of our customers’ ads.