UPDATE: Google has extended the end-of-life date of third-party cookies until “the end of 2023”. There’s no harm in switching to first-party tracking well in advance, but the urgency has been somewhat decreased.
Let’s talk tracking! You’re certainly familiar with the phenomenon of seeing an ad in your Facebook feed for a brand you recently looked at or a similar product. It’s not magic…it’s a third-party cookie doing its job of tracking you around the web.
What are first- and third-party cookies?
Let’s first define a cookie (you know, those things that you accept now on all websites even when you’re not quite sure what you’re agreeing to). A cookie is just a simple text file and a first-party cookie is unique to the website you’re visiting. It is stored in your web browser and the cookie keeps track of your movements while on that website. It can collect and save information like username and password so you don’t have to reenter them each time you return to the site, customization preferences like font size, member status, or items left in a shopping cart. A session cookie is only valid during the time you are on the site, while a persistent cookie remains in your browser after you leave and stays active for the duration specified within the cookie file (typically ranges from 90 to 365 days). Cookies do not reveal personal information.
So, third-party cookies are…
While a first-party cookie is created by the website you’re visiting, third-party cookies originate from an external website, like an advertiser. Third-party cookies are used by advertisers or ad servers to track your engagement and behavior across websites and to help construct a user profile that the advertiser can use to serve you the most relevant ad possible. These cookies collect demographic information like age, gender, user engagement data, and so on. This is why after you’ve looked at tents on REI, you’ll probably see either an REI ad or a Dick’s Sporting Good’s camping ad or perhaps an AllTrails hiking app ad. Sometimes the ad you’re served is a near-perfect match to what you were researching and other times it may be closely related. If you’re interested in tents, you’ll probably be interested in hiking trails. The third-party cookie “recognizes” you even when you’re on a different website.
Simply put, first-party cookies are helpful to the user, while third-party cookies are a boon for the advertiser.
According to a research study by Pew Research Center, “roughly eight-in-ten or more U.S. adults say they have very little or no control over the data that government (84%) or companies (81%) collect about them. 81% of Americans think the potential risks of data collection by companies about them outweigh the benefits.”
The enactment of GDPR in May 2018 ushered in the now ubiquitous “cookie bar” at the bottom of websites. Explicit permission is asked to drop both first- and third-party cookies but your average website user isn’t going to do a deep dive into the explanation about what kinds of data are being tracked. Accept All is the fastest way to get the cookie bar to disappear and with that one click, you’ve given implicit permission for data tracking. Additionally, the European ePrivacy Directive issued guidelines for tracking and online security, and the California Consumer Privacy Act secured new privacy rights for Californians including “the right to know about the personal information a business collects about them and how it is used and shared”.
The gauntlet was dropped by Google in 2020 when it announced that, by some not-yet disclosed date in 2022 2023, Chrome would no longer support third-party cookies. This means that Google will no longer sell ads targeted to users based on previous user behavior and that the Chrome web browser will no longer allow cookies to collect that data. (Lest you think this is some altruistic move, be assured that Google itself will still be tracking behavior and target ads to users on its platforms.) But this does have major implications for SaaS tools like Pardot which currently utilize a combination of first- and third-party cookies. Of note, Safari and Firefox have already stopped supporting third-party cookies.
Pardot’s move to first-party tracking
In response to the shift away from third-party tracking, Pardot has developed a new first-party tracking service which is now available to all Pardot administrators.
Just to set the table around first-party context, first-party cookies are one element and the relationship between the website and the service is the other. Here’s an example from a Pardot blog about first-party tracking…
In a first-party relationship, the service and the website share an Extended Top Level Domain + 1 or ETLD+1 — which is the part of your website domain that your company controls. For example, if your website is www.example.com, then your ETLD+1 is example.com. If a service you use on your website also shares example.com, then it’s considered a first-party service, over which you have control. If your website www.example.com uses files hosted on files.example.com, then files.example.com is a first-party resource.
At the onset of Fíonta-led Pardot projects, we work with clients to set up tracker domains. As we use Pardot, we too have a Pardot tracker domain set up. Our main website is www.fionta.com and our Pardot domain is np.fionta.com – so np.fionta.com is a first-party resource. If we had a second website called www.fiontaservices.com, that site would not be ETLD+1 or within a first-party relationship with www.fionta.com and np.fionta.com.
In order to ensure consistent tracking, the domain URL needs to align with the website ETLD+1. It is possible to maintain multiple domain names but until a visitor fills out forms on both/all domains, Pardot will not realize that they are the same person and you run the risk of having one individual identified as a visitor and a prospect concurrently. Pardot has a series of infographics that illustrate this scenario if you want to do some additional research.
Enabling first-party tracking in Pardot
If your organization is only using one website domain, moving to first-party tracking is very easy and will only require a Pardot admin and a website admin to make the switch.
Before you enable first-party tracking, confirm that your tracker domain is ETLD+1 (e.g., subdomain.yoursite.com) and that the tracker domain is HTTPS and SSL-enabled.
- With Pardot Lightning open, go to Pardot Settings
- Click Edit (at the top right of the screen)
- Scroll down to First-Party Tracking and check the box
- At this point, Pardot recommends keeping all three boxes checked
- Click Save account button at the bottom
- Go to Pardot Settings / Domain Management – you will need to update every tracker domain in the same way
- Click the cog icon in the Actions column, then select Edit
- Select a default campaign to pair with the tracker domain; if desired you can override the default campaign in step 10
- Click Update Tracker Domain and repeat as needed for other tracker domains
- In your web page HTML, replace old Pardot tracking code with the newly generated tracking code (paste before the close body tag (</body>))
Contact us if you’d like assistance converting your tracker domains to first-party tracking or if you have an edge case that you would like to talk through.