Third Party Cookies

All You Need to Know About Third-Party Cookies

Third-Party Cookies are cookies that are set by a website other than the one you are currently on. For example, you can have a "Like" button on your website which will store a cookie on a visitor's computer, that cookie can later be accessed by Facebook to identify visitors and see which websites they visited. Such a cookie is considered to be a third-party cookie.

Another example would be an advertising services like Google Ads also create Third-Party Cookies to monitor which websites were visited by each user. This is the main technology used to show you products that you previously searched for on a completely different website.

Read on to learn more about Third-Party Cookies and why these may soon be disappearing from the web.

What cookie types are there?

There are three types of cookies, read about their differences:

  • First-party cookies are stored under the same domain you are currently visiting. So, if you are on example.com, all cookies stored under this domain are considered first-party cookies. Those cookies are usually used to identify a user between pages, remember selected preferences, or store your shopping cart. You can hardly find a website nowadays that does not use first-party cookies.

  • Third-Party Cookies, as explained before, are cookies that are stored under a different domain than you are currently visiting. They are mostly used to track users between websites and display more relevant ads between websites. Another good example is a support chat functionality provided by a 3rd party service.

  • Second-party cookies are a questionable topic. Some people might say they don't exist at all. In general, second-party data is some first-party data shared between partners. In this sense, second-party cookies are just part of that data related to cookies. 

Scan your website for free and see what cookies, including third-party cookies, your website uses:

How Third-Party Cookies work

Third-party cookies are — you guessed it — cookies that are tracked by websites other than the one you are currently visiting.

The most common third-party entities are advertisers, marketers, and social media platforms.

Let's see one common example of third-party cookies. Let’s say earlier in the week you looked up some vacation rentals in Cancun. You browsed a few websites, admired the photos of the sunsets and sandy beaches, but ultimately decided to wait another year before planning your vacation. A few days go by and suddenly it seems like you are seeing ads for Cancun vacations on many of the websites you visit. Is it a mere coincidence? Not really. The reason you are now seeing these ads on vacationing in Cancun is that your web browser stored a third-party cookie and is using this information to send you targeted advertisements.

You’re unintentionally creating a “trail of crumbs.” Most web users don’t realize that a browser window with multiple tabs open constitutes a single “session.” As you move from tab to tab, you are unwittingly relaying information about your web visit history to other websites and parties. And, closing the web browser doesn’t always eliminate the cookies your computer stores following the session. Depending on the browser you use, you may have to activate this manually.

How to clear your cookies after each session?

If you want to dump your cookies at the end of each session, select one of the following in your browser’s preferences:

  • Chrome: ‘Keep local data only until you quit your browser
  • Firefox: ‘Clear history when Firefox closes’
  • Internet Explorer: Delete browsing history on exit

If you do not select one of these preferences your browser will preserve cookie data from session to session. In other words, those ads tempting you into a vacation in Cancun will not disappear so quickly.

That seemingly random email isn’t so random. Let’s say you’ve visited a website where you have created a login ID. They likely have your name, email address, and possibly even your telephone number and street address. If the website uses 3rd-party cookies, or you have other tabs open during your session, your cookies may be revealing your contact information to other parties to send you SPAM.

You may be on a website with 3rd party cookies and not even know it. One of the failings of cookie notices is that they don’t often specify what types of cookies are being used on the site. They could be first-party, third-party, or both. But, if the website has advertisements (which many do), then you can reasonably expect the website to be generating both first- and third-party cookies.

To see if a particular website is using third-party cookies you can try the method mentioned below in this article, or visit cookie-script.com and enter the web address into the bar on the home page.

How are Third-Party Cookies created?

The simplest way third-party cookies can be created is when a currently visited website requesting a third-party service. Let's say there is an integrated live chat on the website example.com. To make it work, example.com is requesting a script from some live chat service provider, ex. someservice.com

The script could look like this:

<script src="https://someservice.com/js/livechat.js"></script>

Basically, it says "go to someservice.com and get this live chat JavaScript file". When the page is loaded, such a request is initiated. As a reply, your browser receives a JavaScript file with LiveChat and optionally some cookies placed in your browser by someservice.com domain. And there you go, before you notice and before the live chat window appears, your browser is already storing third-party cookies from some random website you never even visited. 

 

third party cookies request

 

Third-party cookies are not limited to JavaScript files only, any request to another domain can result in a third-party cookie in your browser: script, image, fonts, CSS files, etc. 

Actual technologies for creating third-party cookies can be much more complicated. But usually, it all comes down to the same basics of setting 3rd party cookies during requests to 3rd party services.

How to tell if a website uses Third-Party Cookies?

You can check if the website uses third-party cookies in any modern browser. Instructions vary in different browsers.

In Google Chrome, do the following:

  1. Press F12 to open Developer Tools (or right-click on the page and choose Inspect Element)
  2. In Developer Tools choose the Application tab
  3. On the left, double-click the Cookies section to unfold it

You should see the current website domain (or subdomain) here. If you see any other domains in this list it means the website uses third-party cookies:

cookies-developer

Read more about how to check website cookies in Chrome and Firefoxow to check website cookies in Chrome and Firefox.

You can also use a Cookie Scanner to see what cookies your website uses. With CookieScript Cookie Scanner, you can scan your website for free and see what cookies, including forst-party and third-party cookies, your website uses:

Are Third-Party cookies actually useful?

Since the late 1990s, online marketers have built their businesses on the ability to track online users and then target them with advertisements, and much of this has been through the use of third-party cookies. Let’s play “devil’s advocate” for a moment. Could third-party cookies actually be useful for users? In a way, yes. The two largest online advertising firms, Google Ads and AdSense, make a valid point that 3rd party cookies are useful to consumers as they create advertisements that are in line with individual interests. After all, if you are forced to see the ads, it's better if they are related to your interests. 

What happens after third-party cookies are eliminated?

Once third-party cookies disappear, there’s a likelihood that online advertisements will revert to contextual advertisements. That is, advertisements that are targeted to certain populations based on the website being visited, much like how magazines operate. 

Although since targeted advertising is much more valuable, major advertising platforms may find other ways of tracking users between websites and remember previous search history. 

How to Block Third-Party Cookies?

You might want to block third-party cookies as a website owner/ operator or a website user. This is done differently.

How to Block Third-Party Cookies on Your Website?

If you want your website to comply with the latest privacy regulations, you should block third-party cookies by default unless the user gives explicit Cookie Consent to use cookies. Third-party cookie blocking can be done using CookieScript Consent Management Platform (CMP).

There are several ways to block third-party cookies: blocking with Google Tag Manager (GTM) or with a CookieScript script, either automatically or manually.

If you use both GTM and our CookieScript script, the cookie scanning sessions could be duplicated and take much time. Thus, if you want your website to work properly, you should block third-party cookies only by one of these methods.

If you use Google Tag Manager, you should not use CookieScript automatic script blocking feature for those scripts that should be blocked. If you want to use CookieScript scripts for blocking third-party cookies, Google Tag Manager should be inactivated.

Read these guides about third-party cookies blocking on your website:

If you want to block third-party cookies automatically, CookieScript code should be included before third-party scripts that should be blocked. Ideally, CookieScript should be the first script included on the website.

When you block third-party cookies, you also block functionalities that depend on third-party services. This means Google Analytics / YouTube videos / Facebook buttons / AdSense or anything else that you block will not work until the user gives explicit Cookie Consent to use cookies.

How to Block Third-Party Cookies if You Are a Website User?

If you browse a website and want to disable or enable all cookies (both first-party and third-party) as a website user, read the following guides on how to do it:

The End of Third-Party Cookies?

While third-party cookies offer personalized online experiences for users and benefits for advertisers, they have raised significant privacy concerns. With the passage of GDPR, the EU ePrivacy directive (EU cookie law), and CCPA, governments are seeking to protect the privacy rights of website users. privacy laws and regulations require website operators to let users know what information is being collected and to whom this information is shared, along with a way to opt out at any time.  These regulations also create civil and/or criminal penalties for non-compliance with the privacy laws and are pushing browsers to block third-party cookies. 

At the beginning of 2024, it seemed that third-party cookies are counting the last days since some browsers already blocked third-party cookies while others had plans to do so. However, Google changed its plans in July 2024.

Browsers That Block Third-Party Cookies by Default

There are browsers that block third-party cookies by default. The top 3 browsers are Mozilla Firefox, Apple Safari, and Brave Browser, which block automatically third-party cookies, prioritizing user privacy.

On March 13, 2018, Firefox removed path information from referrers to prevent cross-site tracking of users when browsing in private browsing mode. Firefox Mozilla started blocking all third-party cookies by default in June 2019 with the introduction of its Enhanced Tracking Protection (ETP) feature.

Brave Browser started blocking third-party cookies by default in 2020. The browser was among the first to adopt a default blocking of third-party cookies.

Apple Safari started blocking all third-party cookies by default in 2020 with the release of a version of WebKit's tracking prevention. The only exception to this rule is the Storage Access API, which requires mandatory user control.

Google and Third-Party Cookies

In 2020, when its competitors started to block third-party cookies by default, Google first announced its plans to phase out Third-Party Cookies within two years.

Google has a major stake in third-party cookies. Nearly 90% of Google’s revenue is generated through advertising. Without third-party cookies, their advertising prowess could be negatively affected. This is one of the suspected reasons that the company is delaying a default block on third-party cookies until 2022. Until then, the company is taking steps to curtail some of the more invasive aspects of 3rd party cookies with their SameSite tool.

In 2022, the decision to phase out cookies was delayed for another two years. Google was developing the Privacy Sandbox, an alternative for Third-Party Cookies, and it needed more time to create it.

On July 22, 2024, Google dropped its plan to remove cookies from the Chrome browser. The announcement ended a four-year effort to replace cookies with other alternatives in order to protect users’ privacy. This decision was made after pushback from advertisers.

Alternatives to Third-Party Cookies

With third-party cookies becoming increasingly restricted due to privacy concerns, several alternatives were developed to maintain personalized experiences and tracking possibilities without relying on third-party cookies. Here is an overview of some of the most popular alternatives to third-party cookies:

  1. First-Party cookies. First-party cookies are stored directly on the website the user visits and don’t share data with other websites. They track user preferences, settings, and behavior on the same domain they are interacting with.
    Benefits: More control over the data and better compliance with privacy laws.
  2. First-party data. First-party data is data collected directly from users via interactions with your own website or app. Using this method, neither first-party cookies nor third-party cookies are used, companies gather data directly from users through registration forms, purchases, surveys, user behavior, or behavioral tracking on their own domain.
    Benefits: A more privacy-focused approach, as users provide consented data themselves. It often results in more relevant data since users knowingly provide this information. However, if users don’t want to share their data willingly, less data will be collected.
  3. Contextual advertising. Ads are shown based on the content of the webpage rather than user behavior. For example, companies place ads for hotels or travel packages on a travel blog website.
    Benefits: It doesn’t require tracking users across different websites and respects user privacy.
  4. Google's Privacy Sandbox develops several methods:
    • FLoC (Federated Learning of Cohorts) aims to protect user privacy by “clustering large groups of people with similar interests” to hide them “in the crowd” while simultaneously enabling advertisers to reach appropriate audiences. Users are grouped into anonymized cohorts based on browsing behavior, without identifying individuals.
    • Attribution Reporting API measures the effectiveness of ads without tracking individuals.
    • Topics API is a more recent proposal where browsers assign topics (what a user is interested in) to users based on their browsing activity, and advertisers can target based on these topics rather than cookies.
    • Benefits: All these alternatives respect user privacy and could deliver targeted ads at the same time.
  5. Server-side tracking. Instead of relying on JavaScript to place cookies in the browser, data is collected server-side. User tracking could be performed without storing cookies on users' devices at all.
    Benefits: Reduces dependency on browser-based tracking and could not be canceled by ad blockers.
  6. Email-based tracking (authenticated traffic). Companies use email addresses or other authenticated information for user tracking. When users log in (by providing email addresses or by other means), their activity is tracked within the company's network, and user behavior is tied to an email-based identifier.
    Benefits: This method provides a reliable way to identify users across multiple sessions and devices.
  7. Universal IDs (UID) are a method of tracking users using a single identifier across different platforms. A user’s information is stored using hashed identifiers from email or other consent-based inputs, so users can be tracked across platforms without using cookies.
    Benefits: The method relies on user consent, so it is transparent and complies with privacy laws.
  8. Device fingerprinting is a method that creates a unique identifier by using the technical characteristics of the user’s device and browser, such as screen size, operating system, browser type and version, the browser’s language setting, and the device’s IP address.
    The method can substitute for third-party cookies but is considered invasive and raises issues for privacy violations.
  9. Data clean rooms present the concept of secure environments where advertisers and publishers can share anonymized and aggregated first-party data without directly exposing user data to each other.
    Benefits: The method allows advertisers to target users in privacy-compliant ways without compromising user privacy.

Manage Third-Party cookies on your website with CookieScript

Learn how to prevent third-party cookies from running on your site until users consent to your Cookie Policy with these helpful instructions from CookieScript.

Keeping up with the latest cookie regulations and making sure your website complies is a job in itself. CookieScript keeps you compliant with GDPR, CCPA, and other regulations that are surely on the horizon. And, it’s super-easy to use.

How it Works

CookieScript automatically does the following:

  1. Scans your website for cookies
  2. Categorizes and adds descriptions to your cookies
  3. Maintains a full history of user consent (as required by GDPR)
  4. Allows users to withdraw consent at any time
  5. Blocks cookies until users agree to the Privacy Policy
  6. Block cookies until visitor consents (GDPR and CCPA)

Block third-party cookies by default. CookieScript also gives you the option to prevent third-party cookies from running on your website.

CookieScript makes the web a friendlier, more transparent experience for businesses and users. Getting started is free — create an account today to see how CookieScript will work on your website.

Frequently asked questions

What’s the difference between third-party and first-party cookies?

Third-party cookies come from a different URL than the one you are currently visiting, while first-party cookies come from the website you are currently visiting. Second-party data is a more complex topic, but generally entails first-party data being shared between two partners.

How do third-party cookies work? 

Third-party cookies track user behavior in an effort to provide a more targeted experience based on the information that they can gather. Because of their nature, there are often privacy concerns attached, and without provisions, they may fall in violation of GDPR and other privacy regulations. 

How can I clear my cookies?

You may grow tired of receiving the same seemingly random ads over and over. But they may not be so random. Most browsers have settings that allow you to clear cookies or set them so that cookies are automatically cleared when the browser is closed.

How are third-party cookies created?

The simplest way to think about it is that third-party cookies can be generated when you request a third-party service from a website. They are typically run through JavaScript or other programming languages.

How can I tell what websites use third-party cookies?

Today’s modern browsers allow you to check to see if a website is using third-party cookies. This allows you to understand who may be tracking your path across the internet.

Can third-party cookies be useful to the user?

Third-party cookies do come with a host of privacy concerns and are built for the purpose of allowing companies to track the online movements of consumers so they can more easily target them with their goods and services. At the same time, they may also help users by allowing them to receive ads that may be more in line with their individual needs and interests. Consumers must realize they are giving up some privacy in order to be able to receive that experience.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.