Back to all glossary articles

Third-party cookie

Third-party Cookies are not created by the website being visited, but other domain. Let’s imagine a visitor is browsing forbes.com which has a YouTube video on one of its pages. In this case, YouTube will set a cookie which is then saved on a visitor’s computer. This cookie is classified as a third-party cookie, because it’s created by a different domain than forbes.com.

Third-party cookies are the fuel of online advertising. As website owners add their tags to a page, they can display ads as well as track users and devices across the different sites they visit.

Since cookies can be used to store and retrieve information about users and their interactions with websites, they’ve been recognized as a threat to privacy. Because of the widespread use of cookies, data is scattered across apps, websites and services. From a privacy perspective, it’s difficult to say who does what with the data, etc. Therefore, measuring third-party data is getting more and more problematic.

With the passage of CCPA and GDPR, governments are seeking to protect the privacy rights of website users. These laws and regulations create penalties for those that fail to notify web users of the presence of cookies. Thus, third-party cookies have to be used with user consent. These regulations also require website operators to let users know what information is being collected and with whom this information is shared, along with giving them a way to opt out at any time.

Therefore, the days of third-party cookies are numbered. Apple’s Safari and Mozilla’s Firefox now block third-party cookies by default.

After four years of promising the ad industry it would eventually remove third-party cookies from its browser, in July 2024, Google announced it wouldn’t deprecate third-party cookies in Chrome.

While this decision gives advertisers some clarity, the web has been moving away from third-party cookies for years in favor of more privacy-first technologies. Also, the quality and reach of third-party cookies have been continuously degrading. If users get the option to opt out of tracking, they may additionally contribute to the technology becoming a thing of the past.

Find more details on third-party cookies on the Piwik PRO blog:

Check out our free Online Cookie Scanner

  • Anonymous website visitor tracking: How to do useful analytics without personal data [Updated]

    Regulations worldwide, like GDPR or the ePrivacy Regulation, set a high bar for collecting user data. For one, GDPR requires consent to process the data if it’s reasonably likely that such data could be used to identify an individual. The problem is that consent opt-in rates typically vary between 30% and 70-80%. The solution? Anonymizing…

  • What is PII, non-PII, and personal data? [UPDATED]

    Personally identifiable information (PII) and personal data are two classifications of data that often confuse organizations that collect, store and analyze such data. Both terms cover common ground, classifying information that could reveal an individual’s identity directly or indirectly. PII is used in the US, but no specific legal document defines it. The legal system…

Other definitions

Recent posts from Piwik PRO blog