What are Cookies?
Cookies are small pieces of data stored on a user’s device by websites to track and remember information about the user’s interactions and preferences. They enable websites to recognise users, customise their experience and gather data for analytics.Types of Cookies
The following are the types of cookies:- First-party cookie - A first-party cookie is a cookie that is set by the domain the user is currently visiting. These cookies are primarily used to enhance the user experience on the website, such as remembering login credentials or user preferences. They are directly controlled by the website the user is interacting with. For example, suppose a user visits an online shopping website and adds items to their cart. The website can use first-party cookies to remember these items, ensuring they remain in the cart as the user continues to browse the site.
- Third-party cookie - A third-party cookie is a cookie that is set by a domain other than the one the user is currently visiting. These cookies are often used for tracking and advertising purposes, allowing third-party entities to monitor user behaviour across different websites. For example, consider a scenario where a user visits a news website that displays advertisements from an external advertising network. The advertising network uses third-party cookies to track the user’s browsing behaviour across multiple websites and deliver targeted ads based on their interests.
Common Use Cases of Cookies
The following are some of the common use cases of Cookies:- Session Management: They are employed for managing sessions, enabling functionalities such as logins, retaining shopping cart items, storing game scores or any other data that servers need to remember during a user’s session.
- Personalisation: Cookies facilitate personalisation by storing user preferences, chosen themes and other settings, allowing websites to customise the experience to individual users’ needs.
- Tracking: Cookies play a crucial role in tracking user behaviour by recording and analysing their interactions with websites. This data helps in understanding user preferences, patterns and trends for improving services and marketing strategies.
Cookie Syncing
Since cookies are domain-specific, the browser does not send cookies of other domains to a server request. So, in order to have a common identification of a customer, one level of translation is needed. Zeotap CDP allows you to collect user’s web data from different platforms and target the users by cookie syncing with selected partners. You can select partners from Zeotap’s list of integrated partners to cookie sync across your sources. Cookie sync is pre-configured against the write key of every source under your organisation. These channel cookies are mapped to the Zeotap cookie and any user identifiers sent by you. The cookie syncs are fired as image pixels for iframe tags. However, in the case of web image pixels, our pixel can sync with only one partner per call. Therefore, we choose the first priority among the list shared.Note:Reach out to your Customer Success Manager (CSM) for activation or configuring preferred partner.
How does Zeotap CDP use cookies?
Cookies are one of the preferred methods for maintaining a user identifier in the browser, both known and anonymous. This gets associated with all inbound events captured by our Javascript tag as they interact with customer websites. The following table provides information about the type of cookie set by Zeotap CDP when users perform specific actions:| Cookie | Cookie Type | Name as per Cookie Storage | Read/Write | Purpose | Value | Default Expiry | Set When | Cleared When |
|---|---|---|---|---|---|---|---|---|
| ZI | First-party | zpstorage_{{Base64.encode(API_KEY)}}zi | Read Write | Client ID to recognise client by device, browser or domain generated options | Random UUID | 365 days 7 days for Safari | This cookie is set in the following instances: • On Consent Set with consent.identify = true; • setZI();• resetZI() | This cookie is cleared in the following instances: • On Consent Set with consent.identify = false;• _clearUserData() |
| Identity | First-party | zpstorage_{{Base64.encode(API_KEY)}} identity | Read and Write | Object with hashed email, cellno_cc, cellno, loginid, fpuid (unhashed) that are device or browser specific | Base64 encoded JSON{email: '',cellno: ''}` | 365 days 7 days for Safari | This cookie is set in the following instances: • On Consent Set (empty); • On Options change (empty); • setUserIdentities() (encoded JSON) | This cookie is cleared in the following instances: • On Consent Set with consent.identify = false; • unsetUserIdentities(); • _clearUserData() |
| ZS | First-party | zpstorage\_{{Base64.encode(API_KEY)}}zs | Read and Write | Session ID that is unique for a device, browser, domain or session | Random UUID | 60 minute s7 days for Safari | This cookie is set when On Consent Set is set to consent.identify = true | This cookie is cleared in the following instances: • On Consent Set with consent.identify = false;• _clearUserData() |
| GDPR Consent | First-party | euconsent-v2 | Read | Set by TCF CMP on a page if any | Encoded GDPR Consent | 7 days for Safari | This cookie is set when the user performs an action on the CMP pop-up | — |
| GA Client ID | First-party | {{cookie prefix as per SDK Configurations}}_ga | Read | Target Google Analytics Client ID | GA Cookie Value | 7 days for Safari | — | — |
| GA User ID | First-party | {{cookie name as per SDK Configurations}} | Read | Targets GA User ID either for all POST calls or only ones post login | GA Cookie Value | 7 days for Safari | — | — |
| IDP | First-party | IDP | Read and Write | Currency cookie (login ) service based | Base64 encoded String | 365 days 7 days for Safari | This cookie is set for setUserIdentities() | This cookie is cleared in the following instances: • unsetUserIdentities();• _clearUserData() |
| Zcookieid | Third-party Note: Third-party cookies are scheduled for deprecation as part of Google’s initiative. We recommend that you take necessary action in this regard. For more information about the plans and timelines, refer here. | zc | Read Write | Set by the Zeotap smart pixel endpoint as a third-party cookie against the Zeotap domain for user identification | Random UUID | 730 days | This cookie is set for the POST calls made from the SDK or the GET calls for cookie syncs | — |
| Capping Cookie | Third-party Note: Third-party cookies are scheduled for deprecation as part of Google’s initiative. We recommend that you take necessary action in this regard. For more information about the plans and timelines, refer here. | zsc | Read Write | Set by the Zeotap smart pixel endpoint as a third-party cookie against the Zeotap domain for capping cookie syncs with the Channel partners. For example, DoubleClick | Base64 encoded String | 1 day | This cookie is set for the POST calls made from the SDK or the GET calls for cookie syncs | — |
| User consent | Third-party Note: Third-party cookies are scheduled for deprecation as part of Google’s initiative. We recommend that you take necessary action in this regard. For more information about the plans and timelines, refer here. | zuc | Read Write | Set by the Zeotap smart pixel endpoint as a third-party cookie against the Zeotap domain for storing consent at the account level in case of non-TCF consent | Base64 encoded String | 365 days | This cookie is set for the POST calls made from the SDK or the GET calls for cookie syncs | — |
Third-Party Cookie Deprecation
As part of ongoing efforts to enhance user privacy and security, major web browsers, including Google Chrome, are phasing out support for third-party cookies. This change affects websites that rely on third-party cookies for tracking, advertising and analytics purposes. To know more about the plans and timelines for the deprecation of third-party cookies by Google Chrome, refer here.Timeline of Changes
- January 4th, 2024: Chrome began restricting third-party cookies for 1% of users to facilitate testing and preparation.
- Q3 2024 (Planned): Chrome intends to expand these restrictions to include 100% of users. However, this transition is contingent upon addressing any remaining competition concerns raised by regulatory bodies like the UK’s Competition and Markets Authority.
Impact to Zeotap 3P Cookies
The following Zeotap 3P cookies will be deprecated once Google implements their changes:- ZC – This Zeotap third-party cookie facilitates the ID extension feature, allowing brands to access additional identifiers.
- ZSC – This Zeotap third-party cookie is currently used to limit the number of cookie sync calls per session.
- ZUC – The legacy cookie for custom consent, ZUC, is scheduled for discontinuation soon.
What Next?
The following are the immediate action plan that Zeotap has prepared in response to the impending deprecation of third-party cookies:- Cookie Sync Suspension – We will cease all cookie synchronisation processes in alignment with the deprecation of third-party cookies. This includes the syncing of identifiers across platforms and systems.
- Existing ID Retention – Any existing identifiers stored within our system will remain active until the expiration of their Time-to-Live (TTL) duration. This ensures that current data remains accessible and usable within our platform for the designated period.
- ID Activation Cessation – Subsequent to the mandate, the activation of these identifiers for targeting or analytics purposes will be halted. This ensures compliance with evolving privacy regulations and industry standards regarding the use of third-party identifiers.
Note:For more information about how Zeotap has prepared for the cookieless future, refer here.