What are tracking cookies and how to block them

Tracking cookies are used by many websites to run targeted ads, analytics services, or social media plugins. They gather a lot of user data, including shopping preferences, search history, button or link clicks, and more. However, tracking cookies raise privacy concerns due to user profiling, creating a need for more transparent methods.

In this article, we’ll cover what tracking cookies are and how they work. We’ll also explain how website owners should ensure cookie compliance on their websites.

What are tracking cookies?

Tracking cookies are small data files placed on the user’s browser by websites to gather information about their browsing activities. These text files help sites track user behavior and visited websites, and remember user preferences, such as language settings or login sessions.

There are two types of tracking cookies – first-party and third-party cookies.

First-party tracking cookies are used by the website you’re visiting to track your behavior during the session. They help enhance the user experience by remembering your specific preferences or eliminating the need to re-login each session.

One of the most common examples is Google Analytics tracking cookies. For instance, the tool uses the __utma cookie to distinguish users or sessions and __utmz to check how the user found the website.

Third-party tracking cookies can be used for advertising or analytics purposes and can be added by the websites that you haven’t visited. They can also be called cross-site cookies because they can track your activities across websites and share data between different sites.

Third-party tracking cookies track anything from the buttons you click and your location to your search history, interests, time spent on a page, and more.

Some of the most widely used cookie examples include major ad networks such as Facebook Pixels, Google Ads, Hotjar, Amazon, and more.

How do tracking cookies work?

Tracking cookies are primarily used for targeted advertising and marketing purposes. They track user behavior and activities to understand how they can make specific users buy a product or service.

For example, let’s say you’re looking for the new iPhone 16 on a website but you decide not to proceed with the purchase. As you continue browsing, you notice iPhone ads on other websites or social media. Here’s how it happened:

1. The website you visited looking for an iPhone 16 uses an advertising tool (that you cannot see) and places a tracking cookie on your browser.
2. As you browse through other websites, the advertising tool accesses the tracking cookie on your browser and starts collecting information about your browsing activities and behavior. It examines your interest in smartphone devices.
3. The advertising tool starts showing you targeted ads for the iPhone or other smartphones you may be interested in.

Such cookies assign an identifier to each user so they can differentiate between users and track data more accurately. You can see a visualization of how first and third-party tracking cookies work below. 

While tracking cookies are used for targeted advertising, they can also be used for improving the user’s experience on the website they’re visiting. For example, first-party tracking cookies can help sites remember language preferences, save login information, recommend relevant products on the website, remember shopping cart items, and more.

How are tracking cookies created?

First-party tracking cookies are created by the website the user is visiting. Meanwhile, third-party tracking cookies are created by external websites asking for scripts from third-party services.

Let’s say you visit a website that uses a third-party analytics tool. Your website requests scripts so that the tool can be activated. The tool sends a JavaScript file back to the website you visited to store it on your browser.

What data do tracking cookies collect?

Since the main purpose of tracking cookies is to deliver users targeted ads based on their browsing activities and behavior, here’s what information they may collect:

• Websites you visit
• Pages you visit on a website and the time spent on them
• Link or button clicks, such as the product you’ve clicked on
• Purchases you made
• Browser type
• Google searches
• IP address
• Location

Not every tracking cookie collects the same kind of data. What information is gathered depends on the type of cookies used on the websites you visited and what you consented to.

What are browser tracking cookies used for?

Tracking cookies are mainly used to improve the user experience or enhance the shopping journey throughout websites. Here are a few examples of tracking cookie use cases:

• Analytics. Websites may use widely-known tracking cookies of analytics platforms, such as Google Analytics, which provide merchants with useful data on how to improve sales or engagement.
• Social media. Tracking cookies help create seamless social media sharing.
• Targeted advertising. Tracking cookies gather information about what you browse, creating a profile based on your interests. Based on this information, you then start seeing relevant ads on other websites.
• User experience. First-party tracking cookies track your browsing activities on the same website they were set on. This helps improve your shopping journey or experience by delivering relevant product suggestions or remembering your login details.

Privacy regulations and tracking cookies

Loads of privacy regulations call for website owners to comply with certain requirements when using tracking cookies. Which privacy laws merchants need to comply with depends on who visits the website. You can check some of the regulations around the globe and who they protect below.

All of these privacy laws have similar compliance requirements when it comes to tracking cookies. Here are the main similarities and some differences:

• User consent. According to most privacy laws, you need to get active user consent before using tracking cookies. Regulations like CCPA only require informing about cookie usage, but consent is given automatically when users enter the site (except for minors).
• Consent withdrawal. Privacy regulations require websites to provide a consent withdrawal option, and it has to be as simple as it was to consent.
• Consent storing. Website owners have to store user consent securely and in one place. This allows users to exercise their right to know what consent they have provided and what data is collected.
• Website access. Under GDPR, website owners cannot prohibit access to their website in case cookie usage isn’t consented to. CCPA, LGPD, APPI, and PIPEDA don’t explicitly state this requirement.
• Information on cookies. Privacy regulations require websites to provide users with cookie management options and include information about what cookies are being used by writing a cookie policy.
• Data protection. Tracking cookies collect personal data which has to be protected from data breaches and unauthorized access. Violations can result in large penalties. For instance, GDPR fines can go up to €20 million or 4% of the firm’s global annual revenue.
• User rights. When websites use tracking cookies, users have the right to access, rectify, or delete the personal data gathered.

How to know if a website uses tracking cookies

You can quickly check if a website uses cookies by leveraging the Inspect Element function on your browser. The process is similar to most browsers. Here’s how to do it on the most popular ones:

1. Click Ctrl + Shift + I or right-click the page and press Inspect Element to open the developer console.
2. Locate the Application tab and open it. If there’s no Application tab, locate the Storage section.
3. Find the “Cookies” section and click the dropdown arrow to get a list of cookies used.
4. Identify the tracking cookies.

To understand if you’re looking at a tracking cookie, check the domain first. Third-party cookies are the ones that use a different domain rather than the one you’re visiting.

Then, also check the expiry date of cookies – if it doesn’t expire the same day you close the session, it’s a tracking cookie.

Some examples of tracking cookies include ones that were set by advertising platforms. This can be Google Ads, Facebook pixels, LinkedIn tracking cookies, Hotjar, and more.

How to block tracking cookies?

Browsers like Firefox and Safari block third-party tracking cookies by default. However, you can still check if they’re blocked or block them again if you’ve enabled them in the past.

Here’s a detailed guide on how to block tracking cookies on the most popular browsers:

Chrome

Google Chrome lets you block tracking cookies and enable requesting sites not to track you. Let’s take a look at how to do it:

1. Go to Settings > Privacy and Security > Third-party cookies.
2. Select “Block third-party cookies,” then scroll down and toggle on “Send a "Do Not Track" request with your browsing traffic” under the Advanced section.

Please remember that sites use their discretion in regard to the request not to track you, so they may not always satisfy it. That’s why it’s important to not blindly accept cookies on every site.

Firefox

Firefox has the Enhanced Tracking Protection feature enabled by default which you can see by clicking the shield icon by the URL bar once you enter a site. You can manage the settings of this feature and choose what to block. Here’s a quick tutorial on how to do it:

1. Go to Settings and click Privacy & Security.
2. Under the Enhanced Tracking Protection section, choose “Custom” and checkmark Cookies and Tracking content. Use the drop-down sections to manage cookie blocking.

Safari

Safari blocks cross-site tracking and third-party cookies by default, but you can check whether it’s on by following this guide:

1. Head to Settings.
2. Click Privacy and check if there are check marks by the “Website tracking” and “Hide IP address” sections.
3. You may also delete third-party cookies by clicking “Manage Website Data” and pressing “Remove all.”

Edge

Blocking tracking cookies on Microsoft Edge is simple. Here’s a quick tutorial to guide you through it:

1. Go to Settings.
2. Click the “Privacy, search, and services” section and enable tracking prevention. Choose the “Strict” protection level.
3. You can also go to Cookie and site permissions > Manage and delete cookies and site data, and toggle on the Block third-party cookies option.

Are tracking cookies going extinct?

While first-party tracking cookies used to enhance your user experience will stay, third-party tracking cookies have an unclear future.

Multiple web browser market giants are already blocking third-party cookies by default, including Apple’s Safari and Mozilla Firefox.

Only Google Chrome informed in 2024 that third-party cookies are here to stay, but users will receive a new experience called Privacy Sandbox. It aims to protect user privacy but still gives companies tools for creating a thriving business.

You can already find some of the cookie alternatives by going to Chrome’s Settings > Privacy and Security > Ad Privacy. You can find such privacy options as:

• Ad topics – creates topics based on your browsing history to show you personalized ads while keeping you private.
• Site-suggested ads – websites can determine your interests and show relevant ads on other websites.
• Ad measurement – you can allow/disallow websites to share your personal data with other websites to measure their ad performance.

You can learn more about this initiative in the Privacy Sandbox blog post.

Are tracking cookies dangerous?

Tracking cookies are not inherently dangerous for users. That being said, they can raise concerns for privacy-conscious users, especially when consent is not acquired or the gathered user information is exploited.

If websites and advertising services use tracking cookies without malicious intent, they can enhance the user experience and shopping journey. For example, recommending products or services relevant to the user can help them find what they’re looking for more easily or even locate better deals.

Yet, irresponsible tracking cookie data collection can lead to unauthorized access when security measures are not applied. Additionally, with countless websites using tracking cookies and creating user profiles, privacy and data abuse concerns arise.

For such reasons, website owners must ensure privacy regulation compliance to use tracking cookies, starting from adopting a cookie consent banner. Shopify website owners can benefit from an easy-to-use banner called TinyCookie. It’s also crucial to write a cookie policy and adopt security measures for data protection.

Interested to learn more? Check out these articles:

• How to Make Your Shopify Store GDPR Compliant
• Biggest CCPA fines and penalties

×

Share

Frequently asked questions

What are the best practices to add cookie tracking to your website?

The best practices for adding cookie tracking are implementing a clear cookie policy and adding a cookie banner. If your website is hosted on Shopify, you can take advantage of TinyCookie. You must also be transparent on what cookies are used and provide an easy consent withdrawal option.

What is the Do Not Track feature?

The “Do Not Track” feature is a setting on browsers that requests websites to not track users for advertising, marketing, or analytics purposes. However, websites are not obligated to obey this feature and can choose not to.

Are tracking cookies legal?

Tracking cookies are not illegal, but websites that use them have to follow specific privacy regulation requirements. The main compliance requirements include displaying a cookie consent banner, giving an option to manage cookies, and having a clear cookie policy.

About the author

Kristina Jaruseviciute

Kristina is a Senior Writer at TinyCookie, where she specializes in providing educational content for readers interested in web cookies and compliance. She covers an extensive scope of subjects, from cookie types, definitions, and tutorials to compliance tips for website owners.