The document discusses significant changes in SEO practices due to browser updates, focusing on Google's evergreen Googlebot and the deprecation of TLS 1.0 and 1.1. It emphasizes the importance of managing JavaScript usage carefully, understanding cookie management, and the effects of tracking prevention on analytics and retargeting campaigns. Additionally, it highlights the need for website owners to adapt to these changes by auditing their tracking methods and ensuring their TLS versions are up to date.

1. SEARCH IN 2020
BROWSER UPDATES THAT WILL CHANGE SEO
@TomAnthonySEO

3. A MONTH AGO…

4. GOOGLEBOT IS GETTING A
‘BROWSER UPGRADE’

5. EVERGREEN
GOOGLEBOT
How We Do SEO

6. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
How We Do SEO How We Measure SEO

7. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
CONTENT
DELIVERY
How We Do SEO How We Measure SEO How We Serve Content

8. EVERGREEN
GOOGLEBOT
CHANGING HOW WE DO SEO

9. 33 versions &
4 years behind!
CURRENT VERSION OF CHROME IS 74
41
73
74
75
Jan 2015
Mar 2019
Mar 2019
June 2019

10. NEW FEATURES
New functionality, including ‘modern’ Javascript features.
57 - CSS Grid layout
57 - WebAssembly
61 - Native support for JavaScript modules

11. BUT JS IS STILL PROBLEMATIC
Tests we’ve run continue to show removing JS
reliance improves search performance.

12. TLS DEPRECATION
72 - Deprecation of TLS 1.0 and TLS 1.1

13. HTTP TRUCKS!
Imagine an HTTP request is a truck, sent from your
browser to a server to collect a web page.

14. HTTP REQUESTS
Outbound trucks carry an HTTP request.
Request

15. HTTP RESPONSES
Returning trucks carry an HTTP response.
Response

16. PROBLEM! ANYONE CAN LOOK INTO PASSING TRUCKS!
With HTTP, people could look into the trucks,
and find out all your secrets!!

17. HTTPS
With HTTPS the road is the same, but we drive through a tunnel.

18. HTTPS REQUESTS ARE IDENTICAL TO HTTP REQUESTS
The trucks in the tunnel are still exactly the same.

19. OLD TUNNEL VS MODERN TUNNEL
TLS 1.0 & 1.1 are showing some cracks.
TLS 1.2
TLS 1.1

20. TLS DEPRECATION
72 - Deprecation of TLS 1.0 and TLS 1.1

21. TLS DEPRECATION
72 - Deprecation of TLS 1.0 and TLS 1.1
80 - Will remove support entirely

22. TLS DEPRECATION
In ~6 months sites only using old TLS
may be inaccessible to Googlebot!
72 - Deprecation of TLS 1.0 and TLS 1.1
80 - Will remove support entirely
Due early 2020

23. https://www.cdn77.com/tls-test

24. TLS 1.2 must
be enabled!
https://www.cdn77.com/tls-test

25. EXAMPLE SITES THAT MAY BECOME PARTIALLY UNCRAWLABLE
• kaushik.net (Googler!)
• kpmg.com
• wolfram.com
• britishmuseum.org
• legislation.gov.uk
~5% of sites.

26. VISITORS WILL SEE SOMETHING LIKE…

27. FIXING YOUR TLS
• Speak to your developers / IT team
• Check with your hosting company

28. USER AGENT HASN’T UPDATED, BUT WILL…

29. TAKEAWAYS
GOOGLEBOT

30. Googlebot will support new JS,
but JS still needs careful handling
TAKEAWAY

31. Ensure code that targets
Googlebot doesn’t use
a hard-coded User Agent
TAKEAWAY

32. Check your TLS!
TAKEAWAY

33. EVERGREEN
GOOGLEBOT
How We Do SEO

34. COOKIE
CHANGES
How We Measure SEO

35. COOKIE
CHANGES
CHANGING HOW WE MEASURE SEO

36. Do you know
how Cookies work?
QUIZ TIME!

38. It sets a cookie for the Google domain:
googleusercontent.com
I visit the Google domain:
www.google.com
QUESTION 1.

39. It sets a cookie for the Google domain:
googleusercontent.com
Left Hand: Third party cookies
I visit the Google domain:
www.google.com
Right Hand: First party cookies
Are these:
QUESTION 1.

40. Can a Cookie with the httpOnly
setting can be sent over HTTPS?
QUESTION 2.
Left Hand: Yes
Right Hand: No

41. QUESTION 3.
I put this Javascript on to distilled.net:
Can the script create third party cookies?
Left Hand: Yes
Right Hand: No

43. How Cookies Work

44. TWO WAYS TO SET A COOKIE
Sent from the
server via HTTP
Set in the browser
via Javascript

45. LOADING A WEBSITE…
We want to load Distilled’s site…
www.distilled.net
www.distilled.net

46. REQUEST FOR HTML
The first request is for the HTML content.
www.distilled.net
www.distilled.net
?

47. REQUEST FOR HTML
The Request goes to the server.
www.distilled.net
www.distilled.net
?

48. HTML LOADS
It returns, with the HTML file.
www.distilled.net
www.distilled.net

49. BUT MORE IS NEEDED
The browser reads the HTML &
identifies other files it needs.
www.distilled.net
?
?
?
www.distilled.net

50. www.distilled.net
www.facebook.com
3RD PARTY SERVERS
www.distilled.net
Some of these things may
be from other servers.
?
?
?

51. AN HTTP COOKIE (1ST PARTY)
An HTTP response can bring a Cookie with it.
1st Party: From the same server as the current web page.
Set Cookie
www.distilled.net
www.distilled.net

52. www.distilled.net
www.facebook.com
HTTP 3RD PARTY
www.distilled.net
3rd Party: From a different server as the current web page.

53. A JAVASCRIPT COOKIE (1ST PARTY)
A truck may bring Javascript, which like a recipe,
lets the browser ‘bake’ its own Cookies.
Javascript
www.distilled.net
www.distilled.net

54. 1ST PARTY
3RD PARTY
HTTP(S)
HOW COOKIES WORK
JS

55. 1ST PARTY
3RD PARTY
HTTP(S)
EXAMPLE 1ST PARTY HTTP COOKIE
LOGIN
JS

56. 1ST PARTY
3RD PARTY
HTTP(S)
EXAMPLE 1ST PARTY JS COOKIE
GA
JS

57. 1ST PARTY
3RD PARTY
HTTP(S)
EXAMPLE 3RD PARTY HTTP COOKIE
RETARGETING
PIXEL
JS

58. 1ST PARTY
3RD PARTY
HTTP(S) JS
NOT POSSIBLE: 3RD PARTY JS COOKIE

59. 1ST PARTY
3RD PARTY
HTTP(S) JS
EXAMPLE COOKIES
RETARGETING
PIXEL
GALOGIN

60.
WAR
ON COOKIES
THE

61. YOU ARE BEING WATCHED!

62. YOU ARE BEING WATCHED!

63. YOU ARE BEING WATCHED!

64. INTELLIGENT TRACKING PREVENTION (ITP)
In early 2017, Safari added
“Intelligent Tracking Prevention”
designed to stop this.

65. ADBLOCKERS
Some adblockers also
try to stop this sort of
cross-site tracking.

66. LAST YEAR - TOM CAPPER
https://moz.com/blog/analytics-black-holes

67. MIKE KING’S POST
https://ipullrank.com/your-analytics-data-isnt-real-and-its-only-getting-worse/

68. ABOUT TO GET WORSE…
ITP 1.0
ITP 2.0
ITP 2.1
Early 2017
June 2018
Mar 2019

69. SAFARI
1ST PARTY
3RD PARTY
HTTP(S) JS

70. SAFARI
1ST PARTY
3RD PARTY
HTTP(S)
DYNAMICALLY
LIMITED
ITP Update 2017
JS

71. SAFARI
1ST PARTY
3RD PARTY
HTTP(S)
7 DAY
LIMIT
March 2019:
Limit age to 7 days.
USER OPT-IN
JS

72. GA COOKIES ARE SET FOR 2 YEARS
Expiry: 2 Years

73. UNTIL NOW…
GOOGLE DIRECT/CATEGORY
10-DAY
VACATION
/PRODUCT
Attribution:
ORGANIC
Attribution:
ORGANIC

74. IN AN ITP WORLD…
GOOGLE DIRECT/CATEGORY
10-DAY
VACATION
/PRODUCT
Attribution:
ORGANIC
Attribution:
DIRECT
Cookie
Expires

75. CHROME
1ST PARTY
3RD PARTY
HTTP(S)
SOON:
LIMITED
JS

76. FIREFOX
1ST PARTY
3RD PARTY
HTTP(S)
CROSS-SITE
TRACKING
BLOCKED
“Enhanced Tracking Protection”
is rolling out, from now, over
next few months.
JS

77. FIREFOX
1ST PARTY
3RD PARTY
HTTP(S)
CROSS-SITE
TRACKING
BLOCKED
7 DAY LIMIT
Currently
experimenting with
7 day limit.
JS

78. ADBLOCKERS
Some Adblockers also block
Tracking & Analytics cookies by default.
Others allow it in settings.
Privacy
Badger
uBlock
Origin
Ad
Muncher

79. ADBLOCKERS

80. COME 2020…
1ST PARTY
3RD PARTY
HTTP(S)
7 DAYS &
TRACKERS
BLOCKED
OK
OK
OK
TRACKERS
BLOCKED
LIMITED
LIMITED
TRACKERS
BLOCKED
7 DAYS &
1 DAY FOR
TRACKERS
JS

81. JS
COME 2020…
1ST PARTY
3RD PARTY
HTTP(S)
7 DAYS &
TRACKERS
BLOCKED
OK
OK
OK
TRACKERS
BLOCKED
LIMITED
LIMITED
TRACKERS
BLOCKED
7 DAYS &
1 DAY FOR
TRACKERS ANALYTICS
🤕 (15-40% OF
TRAFFIC IMPACTED)

82. JS
COME 2020…
1ST PARTY
3RD PARTY
HTTP(S)
7 DAYS &
TRACKERS
BLOCKED
OK
OK
OK
TRACKERS
BLOCKED
LIMITED
LIMITED
TRACKERS
BLOCKED
7 DAYS &
1 DAY FOR
TRACKERS ANALYTICS
RETARGETING
& CROSS-SITE TRACKERS
☠
🤕 (15-40% OF
TRAFFIC IMPACTED)

83. TRACK ME NOT

84. THE END IS NIGH…?

85. IMPACT ON RETARGETING CAMPAIGNS
‣ Retargeting is going to be come less and
less effective.

86. IMPACT ON ANALYTICS #1 - INVISIBLE USERS
‣ Some users will simply be invisible!

87. IMPACT ON ANALYTICS #2 - ALTERED ATTRIBUTION
‣ Organic traffic will appear to go down
‣ Direct will appear to go up

88. REMINDER - COOKIES WILL EXPIRE IN 7 DAYS
GOOGLE DIRECT/CATEGORY
10-DAY
VACATION
/PRODUCT
Attribution:
ORGANIC
Attribution:
DIRECT
Cookie
Expires

89. ATTRIBUTION TO ORGANIC
3875
3550
90 Days
7 Days
Perceived ~9% drop in organic conversions.

90. ATTRIBUTION TO DIRECT
338
698
90 Days
7 Days
The impact of a 7 day cookie over a 90 day cookie.
More than double the conversions are attributed to direct.

91. PERCEIVED CHANGE IN TRAFFIC SOURCE
90 Days
7 Days
Attribution moves from Organic to Direct
DirectOrganic

92. MEASURE IMPACT ON YOUR SITES
Using GA’s “Model Comparison Tool”
you can measure the impact.
1 2
3
4

93. What can we do?

94. BEST WRITE UP (WITH IDEAS FOR WORKAROUNDS)
https://www.simoahava.com/analytics/itp-2-1-and-web-analytics/

95. Annotate ITP release dates
(see Mike King’s post)
TAKEAWAY

96. Educate the business &
normalise how you treat data
TAKEAWAY
(e.g. set campaign timeout to
7 days for all traffic)

97. Cross-reference with
Search Console data
TAKEAWAY

98. Disable Ineffective Trackers
(& Improve Site Speed!)
TAKEAWAY
http://www.tomanthony.co.uk/badtrackers/
Tool to help:

99. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
How We Do SEO How We Measure SEO

100. CONTENT
DELIVERY
How We Serve Content

101. CONTENT
DELIVERY
HOW USERS WILL
ACCESS OUR CONTENT

103. collinsdictionary.com
google.com
Your web content is
displayed with Google’s
domain name.🤢

104. MORE HTTP TRUCKS…
For a typical website…

105. HTTP REQUESTS
Outbound trucks carry an HTTP request.
Request

106. HTTP RESPONSES
Returning trucks carry an HTTP response.
Response

107. HTTPS PREVENTS PEOPLE PEEKING

108. HTTPS ALSO CONFIRMS THE WEBSITE’S IDENTITY
When you connect to an HTTPS site,
it has proved it is who it says it is.
distilled.net

109. The AMP response is
sent directly from
Google.
Google previously
fetched the page from
you, then cached it.
WITH AMP PAGES, GOOGLE SERVES YOUR PAGE

110. WITH AMP PAGES, GOOGLE SERVES YOUR PAGE
google.com

111. WITH AMP PAGES, GOOGLE SERVES YOUR PAGE
google.com

112. EARLIER ON…
73 - Signed HTTP Exchanges

113. SIGNED EXCHANGES CHANGE THIS REALITY

114. Google requests a
‘Signed Exchange’
page from the server
SIGNED EXCHANGES (WITH TRUCKS…)
SXG
Not in response
to a user.

115. Google can now forward the
truck, which looks like it
came from original server.
No communication
with the server
LATER, GOOGLE CAN FORWARD THAT TRUCK ON
SXG

116. MOZILLA (FIREFOX) BELIEVE THIS IS HARMFUL

117. GOOGLE WILL HOST YOUR CONTENT
✓ Users won’t know they are not on your server
✓ It allows cached AMP pages to do more

118. PORTALS

119. PORTALS

120. PORTALS

121. PORTALS
✓ Increase the ‘appification’ of the web. Combined with
PWAs for ‘native’ feel.
✓ May allow Google heightened ability to serve AMP in
a ‘integrated’ fashion (combined with Signed Exchanges?)
✓ May be a new form of ‘link’, as they are a navigational
element. Will they pass PageRank?

122. TAKEAWAYS
CONTENT

123. If you are a (evil)
AMP lover, then try out
Signed Exchanges
TAKEAWAY

124. Portals will allow ‘app’ style
interfaces for websites.
TAKEAWAY

125. Portals may be a new
form of ‘link’ for PageRank
TAKEAWAY

126. Google are pushing new web
technologies that suit their agenda
TAKEAWAY

127. WRAP UP

128. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
CONTENT
DELIVERY
Not a big change First party or third party
HTTP or JS
Google is doubling
down on AMP
OBSERVATIONS
User-Agent not yet
updated, but will be.
Tracking Prevention is
impacting your analytics
Portals will dramatically
change how users see
your content

129. EVERGREEN
GOOGLEBOT
Continue supporting devs
with Javascript usage
ACTIONS
Check your TLS versions
Check for hardcoded
User Agents

130. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
Continue supporting devs
with Javascript usage
Audit cross-site trackers,
& disable the ineffective
ACTIONS
Check your TLS versions Cross-reference with GSC
Check for hardcoded
User Agents
Normalise your analytics
reporting for consistency

131. EVERGREEN
GOOGLEBOT
COOKIE
CHANGES
CONTENT
DELIVERY
Continue supporting devs
with Javascript usage
Audit cross-site trackers,
& disable the ineffective
For (evil) AMP lovers, try
out Signed Exchanges
ACTIONS
Check your TLS versions
Check for hardcoded
User Agents
Normalise your analytics
reporting for consistency
Opportunity for
‘link’ building.
Cross-reference with GSC

133. Thanks!
@TomAnthonySEO
Check out our
SEO A/B testing platform:
https://odn.distilled.net