Google Search Console: New Requirements for SharedArrayBuffer Emails

Google Search Console (GSC) may have set a record over the past week.

When it comes to confusing acronyms in cryptic emails, it’s hard to top the message many of you received regarding the use of SharedArrayBuffers (SABs, natch) without the use of COOP and/or COEP headers.

As a publisher, how could you even think about using SABs without COOP and/or COEP headers?

In related news… what are SABs, COOP and COEP?

If you are confused or have no idea you’re certainly not alone. Have no fear! We’re here to explain what those acronyms are, why you got this message and why you should ignore it and NOT change headers.

What are SharedArrayBuffers?

SharedArrayBuffers (SABs) are a data store (defined as a repository for storing and managing collections of data) used by websites which work across multiple “workers” or threads.

These data stores were able to operate across multiple websites, similar to a third-party cookie if run across an iframe. Basically, a clever use of an SAB could be used similarly to third-party cookies.

What many people don’t realize (and the reason you got this email) is that the end of third-party cookies is really the end of third-party storage.

This is a long way of saying that data storage across multiple websites — including SharedArrayBuffers — is no longer going to be a thing.

It’s no surprise that Firefox has already limited the contexts in which you could use SABs; Google Chrome, in its attempt to move towards a more privacy-centric web, is now doing the same.

What the heck are COOP and COEP Headers?

Sent along with any HTTP responses, headers are used to tell the web browser how to handle the web page they’re about to receive.

Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) are basically two headers that will tell a web browser that it’s operating in a secure or isolated context.

In a secure or isolated context, messages to SABs and other scripts won’t be able to leave or go across the domain.

While that sounds great, advertisements — including the Mediavine Script Wrapper itself — need to serve from a different domain. Running these headers would stop any third-party scripts from running.

So, should you add COOP and COEP headers to your site?

NO!

If you’re using Mediavine Ad Management, or any other ad provider, this will break your ads and most likely your website.

Why did I get this email?

So why you and why now? The reason this confusing, probably-over-your-head GSC alert cast such a wide net is that at least one ad vendor, Integral Ad Science (IAS), is using SABs in their measurement.

They’re an incredibly popular vendor in the ad tech space, so chances are if you’re serving ads, one of those ads is running IAS.

Therefore, in Google’s eyes, your website is using SABs. But you’re not actually using SABs.

If you just ignore this message, all that will happen is that IAS will break if it doesn’t fix its script by May 25 with the release of Chrome 91.

We’ve reached out to IAS to notify them, and we’re guessing many other people have as well. Chances are their script will be fixed by then, but regardless, you won’t need to worry.

If you want to be completely sure, consider a Plugin Audit

We know that Mediavine’s scripts don’t use SABs, and we know that most websites won’t have issues (SABs simply don’t come up very often) but we can’t speak to every bit of JavaScript a site might have.

When this issue came up, our engineers found at least one publisher site with a plugin that depends on SABs.

If you run a lot of plugins, we suggest a plugin audit – a great idea anyway, for speed purposes – to determine if any might cause issues.

Unfortunately, we cannot offer support help in determining whether your site is running SABs.

But won’t this impact my search engine rankings?

NO!

Although this message came from Google Search Console, it’s actually an email unrelated to Search Rankings.

They’re just trying to be a good ecosystem partner by communicating to publishers who, ironically, they think they’re helping by informing them about the potential problem with SABs.

But again, you’re almost certainly not using an SAB yourself. You probably didn’t even know what one is (and probably still don’t).

I repeat, this will NOT impact search rankings.

Beyond that, what should you do with this email?

Ignore it. Archive it. Delete it. Whatever you prefer to do with messages you don’t read or don’t need to take any action on, do that.

Because you probably aren’t running SABs yourself, all that will happen is that any scripts on your page running it won’t work May 25 — and that’s assuming they aren’t fixed by then, which they all but certainly will be.

This email was scary because of its unknown terms, but the contents itself are essentially nothing to worry about. It was just Google trying to help, even if it may have done the opposite.

We still love you, Google. Nobody’s perfect.