Third-party cookies: What are they and how do they work?

Cookies are small files that websites send to your browser. They then track and monitor the sites you visit and your browsing activity on these pages. Learn more.

Image

You might’ve received a cookie notification when visiting Yatra.com to book holiday packages. Or perhaps it popped up when you opened the Amazon.com homepage to buy a t-shirt.

Either way, you've undoubtedly encountered a pop-up notification, unless you never visit new websites, telling you that the site you are on is using cookies to collect your data. The notification with the label “Accept Cookies” will be asked.

This leads to the obvious question: What are cookies?

Basically, cookies are small files that websites send to your browser. Then, they track and monitor your browsing activity on those sites, like history, searches, and browsed pages. Retailer sites might use cookies to remember what items you've recently bought in your online shopping cart, while news sites might use them to remember what stories you've clicked on in the past. Other sites might use cookies to remember your log-in information to fill the log-in pages when visiting the particular sites automatically.

Companies, advertisers, and marketers say that cookies will optimize your online experience, and there is some truth to that. A news site can use the information collected through cookies to recommend similar stories you might be interested in. A retailer might use it to suggest products you might like to buy based on your previous purchase history.

However, not all cookies are collected for the same purpose or creates by the same parties. There are two main kinds, first-party and third-party cookies. The significant difference between them is that First-party cookies live on the website you are currently visiting. In contrast, Third-party cookies are created by websites other than the one you are currently visiting.

Retailers you’ve visited in the past might use third-party cookies to direct ads of their own products when you visit other sites. Their main objective is to advertise their products and get you to return to their sites.

What are third-party and first-party cookies, and what is their purpose?

Generally, cookies of all kinds, both first-party and third-party cookies, are used as marketing and advertising tools.

That's because cookies at their most basic are pieces of information about your online browsing activities and preferences saved by the website owners and other parties. This is crucial information for companies that want to increase the odds that you'll buy something when visiting their sites.

How third-party cookies work

When you go online shopping and poke around the site for 20 minutes, scrolling through a specific section of clothing. Cookies save the data of your activities while on the site, like the items you've looked at. When you return to the site, the retailer will recommend similar things and show you pictures of clothing related to your earlier preferences. Again, the goal is to use your online history to boost the chances that you'll buy something.

Other sites use cookies to improve the service they provide. Maybe you visit a weather site and enter your city name or ZIP code. The site will remember this information and give you an option to see personalized weather updates next time you log into the site.

These kinds of cookies are known as first-party cookies. But maybe you are now visiting a different website but still see ads on this new site from the clothing, weather, or news site you visited previously. Or maybe you see some ads from sites you’ve never visited. These ads show up because of third-party cookies. Third-party cookies allow companies to send you targeted ads across the internet. This is why some of the same ads seem to pop up repeatedly, no matter what site you visit.

How are third-party cookies created?

How do websites create the third-party cookies that follow you around the internet? First, the website must send a request to the third party's server. Usually, the request will be to target online ads to the users interested in their products or services when visiting third-party websites.

For example, if you visited a website to book a hotel room in Goa, you might see ads for that same hotel even after you click away and visit other websites. The goal, again, is to advertise their service and get you to return to them.

Or maybe you visit a tourism site that has ads from several hotels, restaurants, and attractions. Each of these ads might create its own third-party cookies. The companies behind these ads can then track your browsing history across the internet and follow you with their ads pop up on other sites you visit.

Are third-party cookies safe?

Cookies are not necessarily a bad thing. The code in their files will not infect your computer with adware, spyware, or malware, or alter your devices.1

However, it doesn’t mean that accepting cookies from every site is safe. You might not like the fact that third-party cookies track your online browsing history and other activities even if you’re not using their sites. If you think that is an invasion of your online privacy, then you might want to disable cookies. 

Besides, if the websites you’re visiting are not secured or seem fishy, it’s a good idea not to accept their cookies. You might want to check the URL of any pages you go to and look for infectious signs. Crooks can use your information to commit cybercrimes, potentially targeting you.

Should you enable or disable third-party cookies?

When you visit any website, it will automatically store at least one cookie, a first-party cookie, on your browser, which remembers your basic activities on the site.

Most sites store third-party cookies on your browser, too. These are the cookies to disable if you want to keep social media companies, advertisers, and other website operators from tracking your online activities.

It takes different steps to disable third-party cookies depending on what browser you are using.

Microsoft Edge

After opening your Microsoft Edge browser, click the gear icon in the upper right-hand corner. Select the “Settings” option in the new menu that pops up. Next, click “View Advanced Settings.” In this menu, find the “Cookies” heading. Select “Block only third-party cookies.”

Chrome

Click the three lines in the upper right-hand corner of the browser. Next, click “Settings.” In this menu, click “Show advanced settings.” Then, click on the “Privacy” heading and then click “Content settings …” In this menu, check the box next to “Block
third-party cookies and site data.”

Firefox

Click on the three lines in the Firefox browser’s top right-hand corner. In the "Options" menu, choose "Privacy & Security." You’ll then see Firefox's "Content Blocking" choices on the right-hand side of the page. Check the circle next to the "Custom" option. Next, select the checkbox "Cookies." You can then choose "All third-party cookies" in the drop-down list.

Is there a downside to disabling third-party cookies?

Are there any negatives in disabling third-party cookies? It all depends on you. If you don’t want to get too many ads targeted toward you, it’ll help disabling third-party cookies. You might, however, see ads related to whatever site you are currently visiting.

One downside of disabling third-party cookies is you might not get the most optimized experience on some sites. For example, if you disable third-party cookies, your city might not pop up when you log onto a weather site, or you may not find the suggestions according to your preference while online shopping.

If you’re concerned about advertisers and social media sites tracking your online browsing, disabling third-party cookies is probably worth the slight inconvenience you might face when visiting certain websites.

Examples of third-party services that leave cookies

Websites use third-party cookies for various reasons. Ad-retargeting is one of the fundamental objectives. In ad-retargeting, websites use third-party cookies to follow consumers who have previously visited their site and show them ads for products and services from that site.

Another example is the social media buttons. These are the buttons from sites such as Facebook, Twitter, Instagram, Pinterest, and other social media sites that allow you to log into these platforms while you're on another site. Once connected to the external sites, you can use those accounts to perform activities on them.

Most of these social buttons will place third-party cookies in your browser, which can track your browsing activity on other sites. When you then log into Facebook, Twitter, and other social media sites, ads from the outside websites you visited will show up.

How to check if a website uses third-party cookies

Depending on the browser you are using, you can take different steps to see if the website you are visiting uses third-party cookies.

For example, in Google Chrome, you can press F12 on your keyboard to open Developer Tools. You can also right-click on the website page and choose "Inspect Element"  to open it.

Once you’re on the Developer Tools page, choose the "Application" tab. Find the "Cookies" section and click twice on it. Then, below will appear a list of different domain names. The website uses third-party cookies if you see such a diverse list of domain names.

For instance, maybe you are on the website in.Norton.com. If you double click on the "Cookies" section and any other domain besides "in.Norton.com" shows up — such as Symantec.com or nebula-eu.kampyle.com/ — the site is using third-party cookies. 

If you are using the Microsoft Edge browser and want to determine if a site uses third-party cookies, click on the "Settings" option first. Then click "Site permissions." Select "Cookies and site data." Once you've opened this section, click the arrow for "See all cookies and site data." This will show all the cookies saved to your device.

The current state and future of third-party cookies

While third-party cookies have been an essential tool for advertisers and marketers, it might soon disappear.

Google announced in March 2021 that it would stop using cookies on its Chrome browser by 2022. And in 2019, Mozilla's Firefox browser started blocking third-party cookies by default.

However, this doesn't mean advertisers won't have tools to target you on the country's most popular browsers. In fact, Google is already testing alternatives to third-party cookies.

Google has created something called its "Federated Learning of Cohorts," or FLOC, proposal, which according to Google, is about finding a third-party cookie alternative that protects user privacy.

This system, which is pronounced like the word "flock," would put people into groups based on similar browsing behaviours, meaning advertisers would use only cohort IDs and not individual user IDs to target them. Web histories of users would be kept on the Chrome browser, but Chrome would only provide advertisers with information on a cohort made up of thousands of individual web surfers.

One cohort might include thousands of users who have browsed alternative music sites. Others might contain users who are interested in comics or animation. This, Google says, provides advertisers with a powerful tool while protecting the privacy of individual Chrome users.

At the same time, governments have started to implement legislation to create civil and criminal penalties for companies, marketers, and others who fail to inform consumers that their websites are using cookies. One example is General Data Protection Regulation (GDPR), an EU law, which regulates how users' personal information is collected, stored, and eliminated.

Although there are no specific laws in India against the use of cookies by websites, the present “Information Technology Act (ITA) 2000” data privacy provision defines data protection standards for companies and might enforce laws against illicit use of cookies by any servers. [2] It doesn’t necessarily prevent third-party cookie use, but new laws like PDP Bill are being introduced, inspired by GDPR and such, which could reduce its use. 3

You might not have to worry too much about third-party cookies in the future, but you can expect that companies will likely seek other ways to track consumers’ browsing activity. There’s simply too much money to be made for advertisers to not try to send you targeted ads.

If you’re worried about your online privacy, then, be sure to implement the enhanced privacy measures offered by your favourite browser and consider installing security software with a robust virtual private network, or VPN feature, even if third-party cookies slowly fade away.

1 https://www.nortonlifelockpartner.com/security-center/grayware-adware-madware.html

2 https://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india

3 https://www.natlawreview.com/article/privacy-and-data-protection-india-wrap-2020#:~:text=Inspired%20by%20the%20GDPR%2C%20the,2000%20and%20the%20rules%20thereunder.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.