What Are Third-Party Cookies?


For years, cookies have allowed marketers and advertisers to track visitors to websites and deliver a more personalized user experience.

Ever wonder why they are called cookies? There are two competing theories.

  • The Magic Cookies: The term cookie is attributed to a programmer named Lou Montulli, who shortened it from what is known as a “magic cookie” by Unix programmers. A magic cookie is a data packet that is sent and received by a program without being changed. You can trace the origins of that back to fortune cookies, which are cookies that contain a hidden message inside.
  • Cookie Bear: Others attribute the term to Xerox and the Andy Williams Show. If that seems like an odd combination, you’re right. Xerox developed a computer system that saved user data when clients logged in. The data was saved in a file called a cookie – named after a character on the Andy Williams Show. The character Cookie Bear followed Andy around, asking for cookies.

While the second explanation is more fun, the truth is that Montulli was responsible for the first cookie.

Third-party cookies changed the way people use websites by capturing information about user behavior and allowing advertisers to target products to specific users. In fact, the entire AdTech industry was created to personalize online advertising for targeting and retargeting users.

But lately, the cookie has begun to crumble.

Andy Williams ended his Cookie Bear sketches screaming “No cookies!” and many users feel the same. Firefox and Safari have already blocked tracking cookies by default. The world’s most dominant web browser, Google Chrome, plans to phase out third-party cookies in 2023.

However, third-party cookies are just one type of cookie. Balancing user experience (UX) and ad placements will still use cookies and other factors to personalize content.

Different Types of Cookies

There are several different kinds of cookies, but first-party and third-party cookies are the most common. They work the same way, but the difference is how they capture information.

First-Party Cookies

First-party cookies launch when a visitor lands on a website. They allow the site to store information about your behavior while you are on the website. The data is stored on the site, which can be used to personalize content and advertising.

This provides first-party data, which is valuable for publishers and digital advertising websites since you know what your users are interested in.

Third-Party Cookies

Third-party cookies are not made by specific websites. Instead, a different domain creates and places them using tags or scripts on websites. The third-party data that is gathered is accessible to any website that uses the third-party server code, which allows advertisers to capture your behavior across the internet.

These tracking cookies help serve digital advertising on different websites that install the tags or scripts.

What About Second-Party Cookies?

You don’t hear people talk about second-party cookies. Instead, it’s more commonly known as second-party data. Second-party data is when one company transfers cookies to another through a partnership or relationship. In other words, one party gathers the data directly and then gives it or sells it to another party.

Cookie Duration and Purpose

While cookies often get a bad reputation because of how they track consumer behavior, some cookies are necessary for website features and functionality to work correctly to enhance viewers’ browsing experience.

Cookies can occur as either short-term (session) cookies or longer-term (persistent) cookies:

  • Session cookies are temporary. Once you close your browser, these cookies expire and are no longer in effect.
  • Persistent cookies are downloaded to your computer and stay active until they expire or you erase them. Persistent cookies have an expiration date within their code. Per the EU’s ePrivacy Directive — what’s called the “cookie law” — persistent cookies should not last more than 12 months.

There are also some other cookie types you may hear of or function in specialized ways on top of the types already described thus far. These include:

  • Necessary cookies, which allow you to use the site. For example, these types of cookies are how eCommerce sites keep items in your shopping cart while you continue to shop. These are generally first-party cookies from a user-initiated action.
  • Preference cookies help to remember choices you have made and add to the functionality, such as retaining your language preferences or your user name and password for easier site login.
  • Statistical cookies collect information about the pages you visit on a website, links you clicked, and other data in an anonymous form. This data helps to track how websites function and ensure a good viewing experience.
  • Marketing cookies are a type that track your online activity and deliver relevant content and advertising. These are third-party cookies and are generally persistent. Third-party ad networks often use cookies to track behavior across different websites and continue refining advertising to deliver the most relevant content to individual users.

All these types of cookies require the users’ affirmative consent except for what’s classified as strictly necessary cookies through the ePrivacy Directive. Even if users refuse to grant permission, they must still be able to access your site and services.

How Are Third-Party Cookies Created?

You’ve probably noticed the cookie notifications when you visit a website or app. Most of the time, people just click “allow all cookies” and move on. When website visitors grant permission, a request is sent to a third-party service via the tag, script, or pixel.

Recent regulations, such as the General Data Protection Regulation (GDPR) in the EU, require website users to affirmatively allow cookies to gather user information and user data. Whether you are using Mozilla, Firefox, Apple Safari or iOS, Google Chrome, or other browsers, once you approve cookies, the information can be captured.

How Do Third-Party Cookies Work?

When you search online, these third-party cookies gather information about your activity. It’s like leaving bread crumbs all around the internet that leads advertisers back to you. These third-party cookies will track the sites and activities you visit.

Everything you search for, every site you visits, and everything you click on can be tracked. The use of third-party cookies by advertisers allows them to deliver more relevant ads to increase effectiveness. Third-party cookies can also remember your login details to a website.

Examples of Cookies at Work

No doubt you experience this regularly. Go browse a retail website for red shoes, and you’ll likely see ads for red shoes pop up when you’re on other sites. If you put something in your online shopping cart but then decide not to buy it at that moment, retailers will continue to target you when you’re browsing online and deliver relevant Google ads or Amazon ads encouraging you to buy.

Cross-site tracking provides this functionality. When third-party cookies are enabled, tracking cookies follow you from webpage to webpage and tie a user’s browser data together to follow the breadcrumbs using a pixel.

You might visit a few travel sites on Safari, Firefox, or Chrome looking at vacations to Mexico. First-party cookies will capture your login information, saved in your browser, so you can log in automatically when you return to the travel site. This data allows a particular website to show you targeted ads based on the trips you looked at on that site.

Third-party cookies, when employed, will capture data from all the sites you visited and serve up trips to Mexico from advertisers as you visit other sites — even those unrelated to travel. You may also see these ads on other travel sites you visit, which may be the result of third-party cookies or contextual advertising to serve relevant ads that fit the content.

Are Third-Party Cookies Safe?

Third-party cookies aren’t anything to worry about. They’re not dangerous. For example, cookies don’t send viruses to computers or allow someone to spy on you with a webcam. You can feel safe browsing the internet and even accepting and allowing cookies to follow you throughout your browsing sessions. But with that said, data privacy (ePrivacy) has become a recent target for legislators.

Legal Spotlight on Third-Party Cookies

Recent consumer privacy legislation has clarified what information can be gathered and what can be done with it. These laws, such as the General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA), protect user privacy when it comes to personal data by governing interactions between sites and users.

These privacy regulations require users to opt-in to receive cookies. When you visit sites for the first time, you may see a pop-up or banner asking you to grant permission. Some sites may block you if you don’t agree. Users have the option to block cookies on social media sites or websites.

Cookie laws and regulations are being put in place to:

  • Prevent companies from gathering your data without permission
  • Prevent invasions of privacy
  • Provide consumers with a way to opt-out of browser and search history tracking.

For example, the GDPR requires that cookies can only be deployed after users give explicit consent and cover how data is gathered, stored, and used. Organizations must have a lawful basis to process the data gathered and only use the data for that intent. Sites must provide users with the option to deny the use of cookies, provide details on how data will be used, and allow consumers to withdraw consent at any time. This is often called the right to be forgotten.

The CCPA is a little more lenient in its data privacy requirements. While data collected through the use of cookies is considered personal information, businesses are not required to get consumers to opt-in for cookie use. Instead, it requires organizations to disclose what data will be collected and how the data will be used.

Pending Legislation in the U.S.

Laws and regulations are in a constant state of evolution. There is no national data privacy law in the US, but many states have begun to act. Besides California, data privacy rules in Colorado, Connecticut, Virginia, and Utah require notifications, purpose, and opt-in requirements by default.

As of July 2022, five more states — Massachusetts, Michigan, New Jersey, Ohio, and Pennsylvania also have legislation pending that would provide various requirements for the use of cookies and data gathering, storing, and processing. There is also inactive legislation that’s been introduced in more than 20 additional states but is not currently being pursued. However, these bills can be activated at any time.

Replacing Third-Party Cookies

Emerging data privacy laws such as GDPR and CCPA make it more difficult for websites to use third-party cookies. Some browsers already block third-party cookies by default. As Google Chrome deprecates cookies in 2023, it will become a more mainstream practice. Chrome has a nearly 70% market share, so when Google brings an end to third-party cookies, it will have a significant impact.

Google has offered several replacements for third-party cookies to allow site owners and advertisers to continue to use some consumer information for targeting. Their first attempt, the Federated Learning of Cohorts (FLoC), was designed to track users’ browsing activity and assign a label that would represent users without making them personally identifiable.

Privacy advocates, however, demonstrated that the FLoC concept was flawed, and it was too easy for marketers to attach personal attributes and identify individual users with FLoC data and other data sources. Google has since abandoned the idea and moved on to another strategy, which it calls Topics.

With Topics, Google categorizes the site you visit based on a more narrow set of data labels. It will make a small selection of Topics available to marketers and site owners and rotate them every few weeks. Google may even throw in random topics on occasion to make it even more difficult to identify individual users.


Cookies are created and stored when you visit sites or do online searches. This allows site owners and advertisers to track your online behavior. They are typically used for one of two purposes: enhancing website usability or delivering targeted consumer advertising.

Third-party cookies can improve the user experience. They can help sites to customize the content you see, especially for websites that use dynamic content engines. This provides content that may be of greater interest to visitors. Third-party cookies also help advertisers personalize ads that may be more relevant to you.

However, things are changing. Third-party cookies will be more challenging to use and subject to increasing data privacy protections. Learn more by reading our recent posts about cookie syncing and how third-party cookie depreciation impacts ads. 

While third-party cookies may be phasing out, publishers can continue collecting information on their sites — first-party data — to provide the best possible website experience. As third-party cookies fade, this first-party data will become even more valuable for publishers.

For more information on digital advertising and how you can scale up your revenue, contact the digital advertising experts at Newor Media today.

Lauren Aloia

Senior Account Manager, Publisher Development: Newor Media

Lauren is an ad tech expert with a wealth of experience spanning product development, ad operations, and data analysis. She currently works with Newor Media publishers to implement yield optimization strategies that maximize revenue from their programmatic inventory.