Third-party cookies: What are they and how do they work?
April 23, 2021 4 min read
Cookies are small files that websites send to your browser. They then track and monitor the sites you visit and your browsing activity on these pages. Learn more.
Maybe you've seen that cookie notification when you log onto Airbnb's home page to book a vacation home. Or maybe it pops up when you visit Adidas.com or Nike.com to buy shoes.
But unless you never visit new websites, you've undoubtedly encountered a pop-up notification telling you that the site you are on is using cookies to track you. The notification will then ask you to accept these cookies.
This leads to the obvious question: What are cookies?
Companies, advertisers, and marketers say that cookies will optimize your online experience, and there is some truth to that. A news site can use the information it’s collected through cookies to recommend other stories you might enjoy. A retailer might use it to suggest products you might like to buy based on the pages you’ve clicked on its and other sites.
Not all cookies, though, are created equal. There are two main kinds, first-party and third-party cookies. The main difference? First-party cookies live on the website you are currently visiting. Third-party cookies are created by websites other than the one you are currently visiting.
Retailers you’ve visited in the past might use third-party cookies to populate other sites you visit with ads for their products. The goal is to get you to return to their sites to purchase their products.
What are third-party and first-party cookies and what is their purpose?
Cookies of all kind are generally used as marketing and advertising tools. That holds true for both first-party and third-party versions.
How third-party cookies work
Say you go to an online clothing store and poke around the site for 20 minutes, scrolling through photos of jeans. Cookies allow the retailer to remember the items you've looked at. When you return to the site, the retailer will show you photos of the items you've looked at in the past and will also show you photos of clothing related to your earlier preferences. Again, the goal is to use your past online activity to boost the chances that you'll buy something.
When the cookies that do this are on the site that you are visiting, they're first-party cookies. But maybe you move to a different website. You then see adds on this new site from the clothing, weather, or news site that you visited yesterday. Or maybe you see ads from a shoe retailer, weather site, or news provider that you’ve never visited. These ads show up because of third-party cookies. Third-party cookies, then, allow companies to send you targeted ads across the internet. It's why some of the same ads seem to pop up no matter what site you visit.
How are third-party cookies created?
How do websites create the third-party cookies that follow you around the internet? First, the website must send a request to the third party's own server. Usually, the request will be for an online ad that pops up when you visit other websites.
For example, if you visited a website for a hotel in Michigan, you might see ads for that same hotel even after you click away and visit other websites. The goal, again, is to get you to go back to that hotel's website and book a room.
Or maybe you visit a tourism site that has ads from several hotels, restaurants and attractions. Each of these ads might create their own third-party cookies. The companies behind these ads can then track your browsing across the internet. They can also make sure their ads pop up on other sites you visit.
Are third-party cookies safe?
Cookies are not necessarily a bad thing. The code behind them will not infect your computer, install adware or malware on your device, or alter your devices.
But you might not like the fact that third-party cookies track your online browsing. These cookies allow websites to track your activity even if you’re not using their sites. If you think that is an invasion of your online privacy, then you might want to disable cookies.
Should you enable or disable third-party cookies?
When you visit any website, it will store at least one cookie — a first-party cookie — on your browser. This cookie remembers your basic activity on the site.
Most sites store third-party cookies on your browser, too. If you want to keep social media companies, advertisers, and other website operators from tracking your online browsing, these are the cookies to disable.
It takes different steps to disable third-party cookies depending on what browser you are using.
To disable third-party cookies on the Microsoft Edge browser, click the gear icon in the upper right-hand corner. Select the “Settings” option in the new menu that pops up. Next, click “View Advanced Settings.” In this menu, find the “Cookies” heading. Select “Block only third-party cookies.”
Click the three lines in the upper right-hand corner of the browser. Next, click “Settings.” In this menu, click “Show advanced settings.” Click on the “Privacy” heading and then click “Content settings …” In this menu, check the box next to “Block third-party cookies and site data.”
Click on the three lines in the Firefox browser’s top right-hand corner. In the "Options" menu, choose "Privacy & Security." On the right-hand side of the page, you’ll then see Firefox's "Content Blocking" choices. Check the circle next to the "Custom" option. Next, select the checkbox "Cookies." You can then choose "All third-party cookies" in the drop-down list.
Is there a downside to disabling third-party cookies?
Are there any negatives in disabling third-party cookies? You won’t get ads targeted toward your browsing preferences. Instead, you’ll usually see ads related to whatever site you are currently visiting.
You also might not get the most optimized experience on some sites. For instance, if you disable third-party cookies, your city might not pop up when you log onto a weather site.
If you’re concerned about advertisers and social media sites tracking your online browsing, disabling third-party cookies is probably worth the small inconvenience that some websites won’t work as efficiently when you visit them.
Examples of third-party services that leave cookies
Websites use third-party cookies for different reasons. Ad-retargeting is a key one. In ad-retargeting, websites use third-party cookies to follow consumers who have previously visited their site and show them ads for products and services from that site.
Then there are social buttons. These buttons from Facebook, Twitter, Instagram, Pinterest, and other social-media sites allow you to log into these platforms while you're on another site. You can then use the buttons to share and like the content on these sites. Most of these social buttons will then place third-party cookies in your browser.
These cookies will then track your browsing activity on other sites. When you then log into Facebook, Twitter, and other social media sites, ads from the outside websites you visited will show up.
How to check if a website uses third-party cookies
Depending on the browser you are using, you can take different steps to see if the website you are visiting is using third-party cookies.
In Google Chrome, for instance, start by pressing F12 on your keyboard to open Developer Tools. You can also right-click on the website page and choose "Inspect Element" on the menu that appears.
Once you're in the Developer Tools page, choose the "Application" tab. Next, click twice on the "Cookies" section. This will bring up the domain of the website you are on. If you see any other domains in that list, it means that the website uses third-party cookies.
For instance, maybe you are on a website called BakingTime.com. If you double click on the "Cookies" section and any other domain besides "BakingTime.com" shows up — such as www.facebook.com or widgets.itunes.apple.com — the site is using third-party cookies.
If you are using the Microsoft Edge browser and you want to determine if a site is using third-party cookies, click on the "Settings" option first. Then click "Site permissions." Select "Cookies and site data." Once you've opened this section, click the arrow for "See all cookies and site data." This will show all the cookies saved to your device.
The current state and future of third-party cookies
While third-party cookies have been an important tool for advertisers and marketers, there are signs that this tool might soon disappear.
Google announced in March 2021 that it would stop using cookies on its Chrome browser by 2022. And in 2019, Mozilla's Firefox browser started blocking third-party cookies by default.
This doesn't mean that advertisers won't have tools to target you on the country's most popular browsers. Google, in fact, is already testing alternatives to third-party cookies.
Google has created something it is calling its "Federated Learning of Cohorts", or FLOC, proposal. This, Google says, is about finding a third-party cookie alternative that protects user privacy.
What Google has come up with is its FLoC proposal. This system, which is pronounced like the word "flock," would put people into groups based on similar browsing behaviors. This means that advertisers would use only cohort IDs and not individual user IDs to target them. Web histories of users would be kept on the Chrome browser, but Chrome would only provide advertisers with information on a cohort that is made up of thousands of individual web surfers.
One cohort might include thousands of users who have browsed alternative music sites. Others might contain users who are interested in comics or animation. This, Google says, provides advertisers with a powerful tool while protecting the privacy of individual Chrome users.
At the same time, governments have enacted legislation to create civil and criminal penalties for companies, marketers, and others who fail to inform consumers that their websites are using cookies.
This legislation includes the General Data Protection Regulation, or GDPR, which regulates how personal information is collected, stored and eliminated. It also includes the California Consumer Privacy Act, or CCPA, designed to protect the privacy of California consumers. Virginia also recently enacted the Virginia Consumer Data Protection Act. In addition, the Washington Privacy Act and the Illinois Biometric Information Privacy Act are both getting close to being enacted.
You might not have to worry too much about third-party cookies in the future, then. But you can expect that companies will likely seek out other ways to track consumers’ browsing activity. There’s simply too much money to be made for advertisers to not try to send you targeted ads.
If you’re worried about your online privacy, then, be sure to implement the enhanced privacy measures offered by your favorite browser and a virtual private network, or VPN, even if third-party cookies slowly fade away.
Cyber threats have evolved, and so have we.
Norton 360™ with LifeLock™, all-in-one, comprehensive protection against viruses, malware, identity theft, online tracking and much, much more.
Dan Rafter is a freelance writer who covers tech, finance, and real estate. His work has appeared in the Washington Post, Chicago Tribune, and Fox Business.
Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc.