Third-party cookies are small text files placed on your browser by the websites you haven’t visited. Their main purpose is to track your browsing activities for targeted advertising and enhance user experience.
In this article, we will discuss the definition of third-party cookies, their differences from other cookie types, as well as their advantages, disadvantages, and more. You’ll also learn about the future of third-party cookies and whether they’re becoming a thing of the past.
Ensure GDPR, CCPA, or other privacy regulation compliance with an intuitive cookie banner on your Shopify website
Try TinyCookie FreeWhat are types of cookies?
To understand what third-party cookies are, you need to comprehend what are cookies in the first place and their types. By definition, cookies are small data packets that websites send to your browser to gather information about your visit. Here are the types of cookies that exist:
- First-party cookies are hosted by the domain the user visits. They’re used for ensuring a better user experience, such as eliminating the need to re-login on each session or remembering a language setting.
- Second-party cookies are a less often distinguished type that refers to user data shared between companies.
- Third-party cookies are cookies that are generated and tracked by websites or companies that you don’t visit. They’re often used for advertising or analytic purposes. For example, if you visit a website that uses Google Analytics, third-party cookies of that tool will be used on your device upon your consent.
How third-party cookies work
Third-party cookies track your browsing activities through different websites to gather information and show targeted ads.
Here’s how third-party cookies work step-by-step:
- You visit a website that uses an advertising service that you can’t see with the naked eye.
- Depending on the privacy regulation that applies to you, you then provide consent (for GDPR compliance) or passive consent is applied upon your visit (according to CCPA).
- The advertising service places a third-party cookie on your browser.
- When you leave the website and go to other sites, the service accesses the third-party cookie to examine what sites you visit and what you’re interested in.
- Then, the service starts showing you relevant ads based on the gathered information about your browsing behavior. That’s why you see specific ads on unrelated websites or social media feeds where you haven’t looked for them.
Let’s take an example to explain it in simpler terms. Say you visited an online home appliance store and looked for a robot vacuum. Maybe the prices were too steep or you couldn’t find the model you wanted, so you left the site.
However, since you gave consent to cookie usage, an advertising service placed a third-party cookie on your browser. The cookie gathers information about your interest and the advertising service starts showing you targeted ads about robot vacuums on other websites.
How are third-party cookies created?
To create third-party cookies, websites request and load scripts or resources from third-party services. This can be an analytics service, social sharing plugins, a live chat tool, or any other third party.
For example, let’s say a user visits website A that uses a third-party tool. Then, website A has to request scripts and resources from the tool so it can be activated. The tool provider sends a JavaScript file back to website A so that it can be stored on the user’s browser. It looks like this:
<script src="https://examplewebsite.com/js/analytics.js"></script>
However, this only happens if the user consents to third-party cookie usage when they visit website A. Otherwise, the script file is blocked.
Why are third-party cookies useful?
Third-party cookies are a great tool for website owners who wish to improve sales with the use of targeted advertising or enhance user experience. Here are the main reasons why third-party cookies are useful:
- Targeted advertising. Third-party cookies collect data about the user, such as their browsing activities or demographics, and show ads based on it. Gathering data helps merchants understand what messages resonate best with specific customers, helping increase sales.
- Website optimization. Third-party cookies can be used for analytics tools that examine how users interact with a site, helping improve points of friction or performance.
- User experience. These types of cookies help sites enhance customer experience by remembering specific settings, including eliminating the need to log in each time.
- Seamless plugin experience. Let’s say a website uses a live chat plugin or a social sharing tool on their website. In such cases, third-party cookies are useful for ensuring a streamlined functionality of the tools.
While third-party cookies can bring loads of benefits for website owners, it also has its drawbacks for users. They track users to build profiles based on the collected data, raising privacy concerns. Not to mention there are risks of users falling victim to a data breach or hacks if the company doesn’t ensure proper security measures.
Privacy regulations and third-party cookies
Depending on the target audience and visitors on your website, there are different privacy regulations you should comply with that deal with third-party cookies. For example, GDPR protects EU citizens, CCPA Californians, PIPEDA Canadians, LGPD Brazilians, and APPI Japanese citizens.
While all of these privacy regulations have their own set of rules, the main requirements regarding cookies are similar. Here they are:
- Acquiring user consent. Privacy laws require getting user consent before using third-party cookies on a user’s device. While CCPA compliance doesn’t require active consent (except for children), it’s still obligatory to inform users about cookie usage as soon as they enter the site.
- Providing a consent withdrawal option. According to most regulations around the world, websites need to provide an easy consent withdrawal option for users at any time.
- Collecting user consent forms. For legal reasons, privacy regulations require storing user consent in one place.
- Not blocking website access. Some regulations like GDPR require providing users access to a website even in case of not providing cookie usage consent. Meanwhile, other regulations, such as CCPA, LGPD, APPI, or PIPEDA don’t mention this requirement.
- Providing cookie explanations. Website owners need to integrate cookie management options as well as write a cookie policy with detailed information about what cookies are being used on the site.
- Protecting user data. Since third-party cookies gather data about users, protecting it from cybercriminals is essential or website owners can have severe consequences. For example, data breaches or other incidents can result in large CCPA fines or other privacy regulation penalties.
- Knowing user rights. Most privacy laws list users the right to access, rectify, or delete their personal data that was collected.
How to know if a website uses third-party cookies?
You can easily check if a website uses third-party cookies using your browser. First, you need to locate the cookies in the developer console. Here are quick guides on how to do it on the most used browsers:
- Chrome: Click Ctrl + Shift + I to open the developer console and select the Application tab. Under the Storage section, click Cookies.
- Safari: Right-click the page you’re visiting and click Inspect Element. In the Storage tab, click on Cookies.
- Firefox: Click Ctrl + Shift + I to open Inspect Element and select the Storage tab. You’ll see third-party cookies in the Cookies section on the left.
- Edge: Right-click anywhere on the page and press Inspect Element. Go to the Application tab and select the dropdown option by the Cookies section.
Once you find the cookie list, all you need to do is check their domain names. If it’s different from the website you’re visiting, it’s a third-party cookie.
How to block third-party cookies?
Most browsers allow blocking third-party cookies through settings. Here’s how to do it with the most popular browsers:
- Chrome: Access Settings > Privacy and Security > Third-party cookies and click “Block third-party cookies.”
- Safari: Third-party cookies are blocked by default. You can delete cookies by clicking the Safari option in the upper-left corner of the window and head to Settings > Privacy > Manage Website Data > Remove all.
- Firefox: Go to Settings > Privacy & Security, click Custom under the Enhanced Tracking Protection section, and check mark Cookies.
- Edge: Go to Settings > Cookie and site permissions > Manage and delete cookies and site data and turn on the Block third-party cookies option.
Are third-party cookies becoming extinct?
With privacy regulations, such as GDPR or CCPA, pushing toward a more private online space, the future of third-party cookies is unclear.
In 2020, Apple’s WebKit Security & Privacy manager announced that Safari blocks all third-party cookies by default through its Intelligent Tracking Prevention feature.
In 2022, Mozilla Firefox rolled out the Total Cookie Protection feature for its users. It restricts cookies for sites where they were created, preventing companies from tracking user browsing activities.
Meanwhile, one of the most popular browsers, Chrome, isn’t following its competitors in the same way when it comes to cookie restrictions. This is because it’s an important revenue stream for the tech giant.
Only in the first quarter of 2024 Google has disabled third-party cookies for 1% of its users and plans to reach 100% by the third quarter.
Additionally, on July 22, 2024, Google announced that instead of deprecating third-party cookies on Chrome, they’ll introduce a new experience “that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time.”
What will replace third-party cookies?
Google Chrome is already implementing some initiatives to replace third-party cookies. When trying to block cookies on Chrome, users already receive a pop-up stating “Learn about and control new technologies that aim to replace third-party cookies.”
It leads to the Chrome Settings > Privacy and Security > Ad Privacy section of the browser. Here, you can manage privacy options regarding ads, such as:
- Ad topics – determined by your recent browsing history and what topics you’re interested in to show you relevant ads while keeping your identity private.
- Site-suggested ads – gives permission to specific websites that you have visited to gain information about your interests and use it for showing relevant ads on other websites.
- Ad measurement – lets websites exchange your personal information and browsing activities to examine how their ads perform.
These are not the only third-party cookie alternatives that Google is developing. They’re part of the Privacy Sandbox project which will also introduce attribution reporting, private aggregation, and fenced frames. You can learn more about it in the Privacy Sandbox blog post.
Conclusion
Third-party cookies are types of cookies placed on a user’s browser by domains they haven’t visited. They’re mainly used for targeted advertising, improving user experience, and enhancing website performance.
To use third-party cookies, many website owners are legally obligated to acquire user consent based on relevant privacy regulations. The best and easiest way to comply is to get a cookie consent banner for your website, such as TinyCookie on Shopify.
Even if third-party cookies will face extinction in the future, cookie consent banners will still be obligatory for first-party cookies that websites use for their own analytics tools. Additionally, informing users about any cookie usage is an ethical practice that ensures transparency.
Interested to learn more? Check out these articles:
- Top companies with the biggest GDPR fines
- The ultimate guide to Shopify cookies
- What is a cookie script and how does it work on Shopify?
Frequently asked questions
First-party cookies are hosted by the website you visit and are used to gather information about your session to improve your experience. Third-party cookies are hosted by websites that you don’t visit and are used for advertising or analytics purposes.
To enable third-party cookies on Chrome, head to Settings > Privacy and Security > Third-party cookies and click “Allow third-party cookies.” On other browsers, head to Settings and find the Privacy and Security tab to locate the third-party cookie management section.
On your iPhone, head to Settings > Safari. Click “Clear History and Website Data.” If you wish to delete cookies without deleting history, go to Settings > Safari > Advanced and click Website Data. Press “Remove All Website Data.”