Browser Privacy and Monetate
Customers are more concerned about their privacy and security than ever before. As a result and in response, Web browsers and browser extensions continue to evolve to better control what can and cannot occur on a given site as well as across sites.
Most of these changes aim to mitigate the invasive nature of the advertising technology, or adtech, industry. Monetate isn't an adtech firm nor is it intent on tracking visitors across sites. Instead, Monetate integrates with clients to deliver personalized Web experiences for their customers. Most browser security features shouldn't affect Monetate's functionality, and the company is committed to integrity and client safety.
Monetate's core functionality has no need for cross-party or cross-site functionality, with a few edge cases. While it does rely on persistence of some data at the browser level, that reliance shouldn't pose any issues because local storage of data continues a standard feature of mainstream browsers for the foreseeable future. Furthermore, because Monetate operates with first-party storage, any changes to third-party storage has no adverse affect.
All cookies have an owner, which is domain-specified within the cookie settings. A third-party cookie is a cookie set by, and on, a domain that isn't the domain that appears in the browser address bar. A first-party cookie is set by, and on, the same domain that appears in the browser address bar.
The use of cross-site cookies is being phased out, and short-term adjustments have been made to account for any issues introduced by Google Chrome's same-site cookie requirement. Nevertheless, the following areas of Monetate may be affected due to historical use of cross-site (third-party) cookies:
- The Monetate user interface at marketer.monetate.net
Clients using a Monetate tag–based integration might also experience some impact to certain components:
- Monetate ID cookies (mt.v)
This impact is due to using a tag that references a third-party script (from the perspective of the client domain) and from certain limitations on third-party and quasi-first–party cookies that specifically can alter cookie expiration and, consequently, affect Monetate analytics and certain multisession targeting capabilities.
Monetate continually changes to accommodate the ever-evolving Web landscape. Most of these changes involve the elimination of third-party cookies for certain functionality, tighter integrations with clients (for example, server-side integrations, CDN proxying), and increasingly conservative use of certain browser features.
Monetate's server-side option and advanced tag-based integrations using CDN proxying can circumvent most browser settings. Contact your dedicated Customer Success Manager (CSM) for more information.
Additionally, Monetate actively monitors browser announcements and browser usage to prioritize any developments that ensure the Monetate platform and its clients experience little to no impact.
Contact your dedicated Customer Success Manager if you have specific questions.
Although Monetate focuses on the "big four" browsers—Google Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge—it constantly monitors the relative popularity of other browsers to proactively solve potential issues.
Safari is the most common browser to access Monetate client sites, largely due to ever-increasing mobile traffic and the fact that Safari is the default browser on Apple devices.
Apple Safari's Intelligent Tracking Protection (ITP) is an evolving set of features and rules to control how cookies can track user behavior. ITP1.x focused primarily on third-party cookies, but ITP2.x has introduced additional settings that cap the lifespan of client-side cookies to 7 days as well as resolve loopholes some vendors used to circumvent the spirit of the rule.
For the purposes of ITP, client-side cookies are cookies set via document.cookie, the traditional way of setting cookies using JavaScript. Cookies set via HTTP, or server-side, are not affected. This can directly impact Monetate functionality because the Monetate ID (the mt.v cookie) is intended to last much longer than 7 days to properly track new and returning status and collect cross-session behavioral data. Here are some specific examples:
- New and returning visitors — Returning customers who may have last visited the site 7+ days ago are considered new visitors because the historical sessions are lost
- Behavioral targeting — Data about a visitor's past behavior related to WHO targets, such as products viewed and past purchases, is limited to the previous 7 day unless the visitor has returned to the site and extended the lifespan of the cookie
- Testing analytics — Customers who may have last visited the site 7+ days ago can qualify for a separate testing split because their previous variant assignment has been lost
See ID Workaround for Safari Intelligent Tracking Protection to learn how clients using the Monetate JavaScript API or a hybrid implementation can configure the Monetate tag to look to a client-defined unique identifier instead of the Monetate ID.
Recent updates to Safari ITP blocks third-party cookies on your site. This update means that Preview Mode and the Monetate Inspector browser plug-in may not work in Safari.
Monetate has developed an alternative approach to delivering Preview Mode to the site. To have this option enabled for your account, submit a support ticket using the .
No workaround is available at this time for Monetate Inspector. Monetate recommends using a different browser such as Chrome if you need to use the browser plug-in.
Google Chrome serves as the default browser for many Android phones and is one of the more popular for desktops and laptops.
Starting with Chrome v80, all cookies are considered same-site (lax) by default unless a same-site value of None is explicitly set. Additionally, non-secure third-party cookies are no longer allowed.
Changes in the Monetate platform account for this issue to avoid any issues with experience previews or the Builders by ensuring that the SameSite attribute is set in the session cookie and explicitly requiring that all cross-site functionality be secure (HTTPS).
Built on the Chromium source code, the browser's approach to increased Web security has been dubbed Privacy Sandbox." This functionality involves a suite of features intended to allow most common legitimate use cases (such as cross-site login) to continue to function, albeit implemented in a different way. Chromium developers have indicated their intent to consider the standards of the W3C Community and Business Groups Web Standards Committee and feedback to those standards. Monetate continues to monitor these sandbox features and make platform updates when and where necessary.
Mozilla has publicly indicated its commitment to robust browser privacy features while maintaining good site functionality. Firefox's tracking protection suite, known as Enhanced Tracking Protection (ETP), is designed to be both robust in its ability to protect end-user privacy and minimally impact website functionality. This trade-off has been accomplished and refined through a variety of means, including allowing end users to block all third-party cookies or just block trackers and to handle private browsing mode as a special case.
More recent versions of Firefox streamline privacy considerations. The browser's preferences settings allow a user to select standard, strict, or custom privacy settings, with the custom option allowing the user to block or unblock potential trackers by category (for example, third-party ads, fingerprinters, or cryptominers). Additionally, users can set exemptions, essentially serving as a whitelist. Even the standard privacy setting aggressively blocks trackers.
Firefox relies on Disconnect, Inc. (disconnect.me) for its list of trackers, and Monetate is on this list. While standard mode doesn't appear to limit Monetate functionality, the ease with which users can modify their privacy settings means that Monetate can be blocked, either partially or in full depending on various settings. Using Firefox in private mode have Monetate blocked by default.
Microsoft's latest browser uses a combination of Disconnect and user-site engagement scores to determine how to and what to block, from cookies to resources. This combination provides a reasonable compromise of privacy and usability. Whether Monetate is blocked by default depends on Edge's user-engagement score for that site, so it's difficult to know whether Monetate is blocked for all users on a given site.
With Microsoft Edge 79 and onward, tracker blocking is robust. In addition to preexisting features such as care taken to ensure that domain ownership is taken into account (that is, Edge understands that one company might own two domains and is less strict in cross-site blocking in such a case), trackers are more stringently blocked, and increasingly large number of types of trackers are blocked.
Not everyone uses one of the four main browser options, so here's a look at how privacy and security measures in certain other browsers impact Monetate:
- Microsoft Internet Explorer — Internet Explorer 11 is a legacy browser that still has some use. It's generally strict with third-party cookies and blocks many of them by default based on internal, unknown-to-the-public blacklists. However, first-party cookies are generally allowed.
- Opera — This multi-platform browser doesn't block third-party cookies or trackers by default, although users can change this setting in the preferences.
- Brave — This up-and-coming browser prioritizes privacy. It blocks Monetate by default.
While individual browsers have improved privacy and security settings, many people use ad-blocking browser extensions that can also impact Monetate's ability to function. The primary purpose of an ad blocker is to remove unwanted third-party advertisements, but recent updates and newer options including tracking and privacy protection.
Clients using Monetate's tag–based integration or its server-side option or advanced tag–based integration can use CDN proxying to circumvent most browser extensions and settings. See Manage First-Party Proxies for more information.
Why can't I see experiences, experience previews, or the Builder tools in Mozilla Firefox's private browsing mode?
By default, Firefox's private browsing mode blocks all calls made to Monetate servers. This tracking protection is automatically enabled only for private windows.
You can change the setting that blocks Monetate in private browsing mode by opening the browser settings and clicking Privacy & Security. The default Standard setting for Enhanced Tracking Protection blocks tracking content only in private windows. To customize the protection, following the guidance on Mozilla's Firefox support site.
Apple Safari's Intelligent Tracking Prevention (ITP) preference blocks all calls made to Monetate servers.
You can change the setting that blocks Monetate by navigating to Preferences > Privacy > Website Tracking > Prevent cross-site tracking.
See Monetate and Specific Browsers for more information about Monetate and Apple Safari.
First-party cookies originate from the primary domain visited by the user, hence becoming first-party cookies. This means that the domain of the cookie matches the domain in the browser address bar.
Third-party cookies aren't written from the primary domain visited by the user, which means the domain of the cookie doesn't match the domain in the browser address bar.