Get Inspired
Docs
Blog
Articles
The Privacy Sandbox
What is the Privacy Sandbox? Proposal lifecycle in the Privacy Sandbox Timeline Glossary and key concepts Privacy Sandbox events Privacy Sandbox demos Blog Privacy Sandbox videos
Chrome-facilitated testing Relevance and measurement unified origin trial Enroll your site API status and feature releases
Privacy Sandbox testing FAQs Privacy-related compliance FAQs
Feedback
Prepare for phasing out third-party cookies Related Website Sets Related Website Sets: developer guide How Chrome evolved the First-Party Sets proposal Cookies Having Independent Partitioned State (CHIPS) Storage Partitioning Fenced frames
Federated Credential Management API Federated Credential Management API: developer guide Federated Credential Management API updates
Shared Storage Shared Storage API walkthrough
IP Protection Privacy Budget Bounce tracking mitigations
User-Agent reduction User-Agent reduction snippets
Topics API overview Topic classification Developer guide Integration guide Experiment and participate Topics API demos Test topic inference in a colab Topics API latest updates
Protected Audience API Experiment and participate
Protected Audience API: developer guide Seller guide: run ad auctions Buyer guide: join interest groups and generate bids Protected Audience API auction reporting Sequential auction setup with header bidding and multi-seller Protected Audience auction Improve Protected Audience API auction latency Opt-out of the Protected Audience API Report on Protected Audience API auction results Troubleshoot the Protected Audience API
Status of pending Protected Audience API capabilities Protected Audience API walkthrough
Content selection with Shared Storage Creative rotation Creative selection by frequency A/B Testing Known customers
Maximize ad relevance
Attribution Reporting overview Attribution Reporting end-to-end Experiment and participate Why Chrome plans to ship the Attribution Reporting API
Introduction to debug reports Set up debug reports Debugging cookbook
Attribution Reporting API developer guide Get started with Attribution Reporting Register attribution sources Register attribution triggers Prioritize specific clicks, views, or conversions Define custom rules using filters Prevent duplication in reports Custom report windows Register multiple reporters Report schedules Constraints on Aggregation Reporting data Web-to-app and app-to-web measurement Understanding aggregation keys Understanding noise in summary reports Working with noise Contribution budget for summary reports
API updates
Private Aggregation API Private Aggregation API fundamentals Experiment and participate Unique reach measurement User demographic reporting K+ frequency measurement
Aggregation Service Summary reports
Private State Tokens
The Privacy Sandbox
What is the Privacy Sandbox? Proposal lifecycle in the Privacy Sandbox Timeline Glossary and key concepts Privacy Sandbox events Privacy Sandbox demos Blog Privacy Sandbox videos
Chrome-facilitated testing Relevance and measurement unified origin trial Enroll your site API status and feature releases
Privacy Sandbox testing FAQs Privacy-related compliance FAQs
Feedback
Prepare for phasing out third-party cookies Related Website Sets Related Website Sets: developer guide How Chrome evolved the First-Party Sets proposal Cookies Having Independent Partitioned State (CHIPS) Storage Partitioning Fenced frames
Federated Credential Management API Federated Credential Management API: developer guide Federated Credential Management API updates
Shared Storage Shared Storage API walkthrough
IP Protection Privacy Budget Bounce tracking mitigations
User-Agent reduction User-Agent reduction snippets
Topics API overview Topic classification Developer guide Integration guide Experiment and participate Topics API demos Test topic inference in a colab Topics API latest updates
Protected Audience API Experiment and participate
Protected Audience API: developer guide Seller guide: run ad auctions Buyer guide: join interest groups and generate bids Protected Audience API auction reporting Sequential auction setup with header bidding and multi-seller Protected Audience auction Improve Protected Audience API auction latency Opt-out of the Protected Audience API Report on Protected Audience API auction results Troubleshoot the Protected Audience API
Status of pending Protected Audience API capabilities Protected Audience API walkthrough
Content selection with Shared Storage Creative rotation Creative selection by frequency A/B Testing Known customers
Maximize ad relevance
Attribution Reporting overview Attribution Reporting end-to-end Experiment and participate Why Chrome plans to ship the Attribution Reporting API
Introduction to debug reports Set up debug reports Debugging cookbook
Attribution Reporting API developer guide Get started with Attribution Reporting Register attribution sources Register attribution triggers Prioritize specific clicks, views, or conversions Define custom rules using filters Prevent duplication in reports Custom report windows Register multiple reporters Report schedules Constraints on Aggregation Reporting data Web-to-app and app-to-web measurement Understanding aggregation keys Understanding noise in summary reports Working with noise Contribution budget for summary reports
API updates
Private Aggregation API Private Aggregation API fundamentals Experiment and participate Unique reach measurement User demographic reporting K+ frequency measurement
Aggregation Service Summary reports
Private State Tokens

Bounce tracking mitigations

Reduce or eliminate the ability of bounce tracking to recognize people across contexts.

Published on Updated on

Translated to: 日本語

Anusmita Ray
Anusmita Ray

Technical Writer, Google Chrome

Implementation status

This document outlines a new proposal for bounce tracking mitigations.

The Privacy Sandbox timeline provides implementation timings for bounce tracking mitigation and other Privacy Sandbox proposals.

Why do we need this proposal?

Browser vendors are now actively removing third-party cookies from the web. Consequently, some platform trackers are introducing bounce tracking.

Key Term

Bounce tracking is a method of circumventing anti-tracking browser settings. This allows third-party vendors to set and read first-party cookies.

The bounce tracking mitigations proposal aims to:

  • Reduce or eliminate the ability of bounce tracking to recognize people across contexts.
  • Prevent stateful bounces from simulating third-party cookies when third-party cookies are disabled, either due to browser policy or user settings.
  • Avoid breaking supported use cases valued by the user that are implemented using stateful redirects.
  • Mitigate the impact of short-lived domains that may not be adequately addressed by other privacy interventions that rely on blocklists.
  • Avoid using block or allow lists to decide which websites are affected.

How will bounce tracking mitigations work?

Our proposal will address bounce tracking in the following use cases:

  • Third-party cookie simulation: Sites that use redirection to a third-party tracker to create a cookie bypass browser settings. To mitigate this issue, the browser could wipe the tracker's domain storage.
  • Outgoing redirection: Sites that redirect all outgoing links through a tracker domain. To mitigate this issue, the browser could wipe the tracker's domain storage.

Chrome intends to protect users from bounce tracking by periodically deleting state for these tracking sites. The process will work as follows:

  1. Chrome will monitor navigations and internally flag sites that are part of a "stateful bounce". This means a navigation redirected through the site, and that the site accessed state during the redirection. This includes both server-initiated redirections and client-side redirections where JavaScript programmatically triggers a navigation. Accessing state includes both cookies and other types of storage; for example, localstorage, indexedDB, and so on.
  2. Chrome will periodically examine the list of flagged sites and check to see if the user has actively used the site by interacting with it within the last 45 days. This interaction can occur before, during, or after the bounce was detected.
  3. If the site does not have any user interaction and third-party cookies are blocked, then its state will be deleted.

We hope to launch these changes to users who have opted-in to blocking third-party cookies in early Q3 2023.

Out-of-scope use cases

Redirect flows that are out-of-scope include: federated authentication, SSO and payments. This is because these flows, while similar to bounce tracking scenarios, involve direct user interaction. You can find further information in the explainer.

  • Federated authentication: Federated authentication occurs when a user clicks on a Login with Identity Provider button on the web, for example, Facebook, GitHub, or Google.
  • Single sign-on: When a site uses single sign-on (SSO), the user expects to log in with the identity provider once and then be automatically logged-in for all visits on other sites.
  • Payments: There are a wide variety of payment flows in use on the web today and the proposal aims to have them continue functioning.

Security considerations

There are some security considerations for this proposal that have been outlined in the bounce tracking mitigations explainer.

When will bounce tracking mitigations be available?

Currently this proposal is available for testing in Chrome. We hope to launch these changes to users who have opted-in to blocking third-party cookies in early Q3 2023.

This proposal largely only adds value when third-party cookies are disabled. Third-party cookies can be used to achieve mostly the same results as bounce tracking. Therefore it is not a goal to enable these mitigations when third-party cookies are enabled.

Engage and share feedback

The bounce tracking mitigations proposal is being tested and subject to change in the future. If you have any feedback, we'd love to hear it.

Updated on Improve article

This site uses cookies to deliver and enhance the quality of its services and to analyze traffic. If you agree, cookies are also used to serve advertising and to personalize the content and advertisements that you see. Learn more about our use of cookies.