Blog

Latest News, Updates, Tutorials and much more

All you need to know about Third-Party Cookies

third party cookies


Third-party cookies are cookies that are set by a website other than the one you are currently on. For example, you can have a "Like" button on your website which will store a cookie on a visitor's computer, that cookie can later be accessed by Facebook to identify visitors and see which websites they visited. Such a cookie is considered to be a 3rd party cookie.

Another example would be an advertising service (ex: Google Ads) which also creates a third-party cookie to monitor which websites were visited by each user. This is the main technology used to show you products that you previously searched for on a completely different website.

Read on to learn more about 3rd-party cookies and why these may soon be disappearing from the web.

There are three types of cookies:

  • First-party cookies are stored under the same domain you are currently visiting. So, if you are on example.com, all cookies stored under this domain are considered first-party cookies. Those cookies are usually used to identify a user between pages, remember selected preferences, or store your shopping cart. You can hardly find a website nowadays that does not use first-party cookies.

  • Third-party cookies, as explained before, are cookies that are stored under a different domain than you are currently visiting. They are mostly used to track users between websites and display more relevant ads between websites. Another good example is a support chat functionality provided by a 3rd party service.

  • Second-party cookies are a questionable topic. Some people might say they don't exist at all. In general, second-party data is some first-party data shared between partners. In this sense, second-party cookies are just part of that data related to cookies. 

How Third-Party Cookies work

Third-party cookies are — you guessed it — cookies that are tracked by websites other than the one you are currently visiting.

The most common third-party entities are advertisers, marketers, and social media platforms.

Third-party cookies… one common example. Let’s say earlier in the week you looked up some vacation rentals in Cancun. You browsed a few websites, admired the photos of the sunsets and sandy beaches, but ultimately decided to wait another year before planning your vacation. A few days go by and suddenly it seems like you are seeing ads for Cancun vacations on many of the websites you visit. Is it a mere coincidence? Not really. The reason you are now seeing these ads on vacationing in Cancun is that your web browser stored a third-party cookie and is using this information to send you targeted advertisements.

You’re unintentionally creating a “trail of crumbs.” Most web users don’t realize that a browser window with multiple tabs open constitutes a single “session.” As you move from tab to tab, you are unwittingly relaying information about your web visit history to other websites and parties. And, closing the web browser doesn’t always eliminate the cookies your computer stores following the session. Depending on the browser you use, you may have to activate this manually.

How to clear your cookies after each session?

If you want to dump your cookies at the end of each session, select one of the following in your browser’s preferences:

  • Chrome: ‘Keep local data only until you quit your browser
  • Firefox: ‘Clear history when Firefox closes’
  • Internet Explorer: Delete browsing history on exit

If you do not select one of these preferences your browser will preserve cookie data from session to session. In other words, those ads tempting you into a vacation in Cancun will not disappear so quickly.

That seemingly random email isn’t so random. Let’s say you’ve visited a website where you have created a login ID. They likely have your name, email address, and possibly even your telephone number and street address. If the website uses 3rd-party cookies, or you have other tabs open during your session, your cookies may be revealing your contact information to other parties to send you SPAM.

You may be on a website with 3rd party cookies and not even know it. One of the failings of cookie notices is that they don’t often specify what types of cookies are being used on the site. They could be first-party, third-party, or both. But, if the website has advertisements (which many do), then you can reasonably expect the website to be generating both first- and third-party cookies.

To see if a particular website is using third-party cookies you can try the method mentioned below in this article, or visit cookie-script.com and enter the web address into the bar on the home page.

How are Third-Party Cookies created?

The simplest way 3rd party cookies can be created is when a currently visited website requesting a third-party service. Let's say there is an integrated live chat on the website example.com. To make it work, example.com is requesting a script from some live chat service provider, ex. someservice.com

The script could look like this:

<script src="https://someservice.com/js/livechat.js"></script>

Basically, it says "go to someservice.com and get this live chat JavaScript file". When the page is loaded, such a request is initiated. As a reply, your browser receives a JavaScript file with LiveChat and optionally some cookies placed in your browser by someservice.com domain. And there you go, before you notice and before the live chat window appears, your browser is already storing 3rd party cookies from some random website you never even visited. 

 

third party cookies request

 

Third-party cookies are not limited to JavaScript files only, any request to another domain can result in a third-party cookie in your browser: script, image, fonts, CSS files, etc. 

Actual technologies for creating third-party cookies can be much more complicated. But usually, it all comes down to the same basics of setting 3rd party cookies during requests to 3rd party services.

How to tell if a website uses Third-Party Cookies?

You can check if the website uses 3rd party cookies in any modern browser. Instructions vary in different browsers.

In Google Chrome, do the following:

  • Press F12 to open Developer Tools (or right-click on the page and choose Inspect Element)
  • In Developer Tools choose the Application tab
  • On the left, double-click the Cookies section to unfold it

You should see the current website domain (or subdomain) here. If you see any other domains in this list it means the website uses third-party cookies:

cookies-developer

Are Third-Party cookies actually useful?

Since the late 1990s, online marketers have built their businesses on the ability to track online users and then target them with advertisements, and much of this has been through the use of third-party cookies. Let’s play “devil’s advocate” for a moment. Could third-party cookies actually be useful for users? In a way, yes. The two largest online advertising firms, Google Ads and AdSense, make a valid point that 3rd party cookies are useful to consumers as they create advertisements that are in line with individual interests. After all, if you are forced to see the ads, it's better if they are related to your interests. 

What happens after third-party cookies are eliminated?

Once third-party cookies disappear, there’s a likelihood that online advertisements will revert to contextual advertisements. That is, advertisements that are targeted to certain populations based on the website being visited, much like how magazines operate. 

Although since targeted advertising is much more valuable, major advertising platforms may find other ways of tracking users between websites and remember previous search history. 

The end of Third-Party Cookies

With the passage of CCPA, ePR, and GDPR, governments are seeking to protect the privacy rights of website users. These laws and regulations create civil and/or criminal penalties for those that fail to notify web users of the presence of cookies. These regulations also require website operators to let users know what information is being collected and to whom this information is shared, along with a way to opt out at any time.

Third-party cookies’ days are numbered. Pressure from regulators and consumers has led many within the tech industry to declare third-party cookies (and the targeted ads fueled by them) will soon come to an end. Apple’s Safari and Mozilla’s Firefox now block 3rd party cookies by default. One notable holdout is Google Chrome, which has a commanding 67% of browser market share.

Google has a major stake in third-party cookies. Nearly 90% of Google’s revenue is generated through advertising. Without third-party cookies, their advertising prowess could be negatively affected. This is one of the suspected reasons that the company is delaying a default block on third-party cookies until 2022. Until then, the company is taking steps to curtail some of the more invasive aspects of 3rd party cookies with their SameSite tool.

Learn how to prevent third-party cookies from running on your site until users consent to your cookie policy with these helpful instructions from Cookie Script.

Keeping up with the latest cookie regulations and making sure your website complies is a job in itself. Cookie Script keeps you compliant with GDPR, CCPA, ePR, and other regulations that are surely on the horizon. And, it’s super-easy to use.

How it Works

Cookie Script automatically does the following:

  • Scans your website for cookies
  • Categorizes and adds descriptions to your cookies
  • Maintains a full history of user consents (as required by GDPR)
  • Allows users to withdraw consent at any time
  • Blocks cookies until users agree to the privacy policy
  • Block cookies until visitor consents (GDPR and CCPA)

Block third-party cookies by default. Cookie Script also gives you the option to prevent third-party cookies from running on your website.

Cookie Script makes the web a friendlier, more transparent experience for businesses and users. Getting started is free — create an account today to see how Cookie Script will work on your website.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.