Decisions Made with Data.

Google’s Secure Cookie Policy – SameSite=None

//  by //  Leave a Comment

Updated March 4, 2025

Reading Time: 2 minutes

SameSite=Lax

In February 2020 Google is rolling out Chrome 80. This update comes out around the same time as similar updates from Mozilla and Microsoft. All of the updates are going to be making security-focused changes. But this time some of those changes will be focused on cookie settings, specifically the SameSite=None setting. So let’s see if it’s going to change how your site works.

Note: If you’re looking for more detailed information at the web developer level, you can find some high-level info from Google on their Web.dev blog.

Download your FREE Website Checklist

What are Third-Party Tracking Cookies?

Cookies are usually used to make a website visitor’s life easier. Cookies are used to do things like retain page settings, load certain views, or autofill usernames. Over time, your browser will collect cookies for a wide number of sites and save them in case you go back to any of those sites in the future.

Google isn’t changing this concept, but it is changing how your cookies are used if the domain changes. For example, if you’re visiting disney.com, and your browser saves a cookie, that cookie is linked to disney.com. But if you then navigate to marvel.com (owned by Disney), the cookie will now be considered “cross-site” (or often described as ‘third party’).

This is to stop cookies (and your personal information) being abused and to help protect web users’ online privacy. Being able to use the same cookies for multiple website domains, while useful, has created a weakness that hackers have exploited

So, to keep websites and their visitors safe. Google has changed the default setting from SameSite=Lax to SameSite=None, so it will now assume if a cookie does not match the original domain it was created on, it will be considered a third-party cookie and it will ask the visitor if they want to accept this cookie or not.

What Does SameSite=None Mean?

If you’re running a business that has multiple domains you need to be aware of this change to ensure your users have a comfortable experience on your website. If you manage cross-site cookies, you need to set up a SameSite=None; Secure setting to those cookies. This will tell Google that the two websites are connected and that it does not need to warn users about third-party cookies.

About Massimo Paolini

Massimo is Co-CEO and Chief Data Scientist. On the web since the 90’s and a Google Partner since 2014, his expertise includes technical SEO, search marketing, marketing analytics/analysis, and online advertising. Massimo has an innate ability to sift through a sea of data, uncovering insights that formulate results-oriented strategies. He has taught Digital Marketing, Google Ads and SEO at UC Berkeley Extension since 2014—and presented at international search marketing conferences like SMXL in Milan.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *