Third-Party Cookie

A third-party cookie is a small file set by a domain other than the website you are visiting, usually through an ad, embed, or tracking script loaded on the page. It lets that outside domain recognize the same user across many different sites. Advertisers and data brokers use third-party cookies for cross-site tracking, retargeting, and building interest-based ad profiles.
Why Third-Party Cookies Matter
Third-party cookies built the modern ad-tech economy. For two decades they were how ad networks followed a user from a news site to a shopping site to a social feed, recognizing the same person the whole way. That cross-site memory powered the retargeting ads that chase you after you view a product.
They also enabled frequency capping, conversion attribution across publishers, and audience segments sold in programmatic auctions. The catch is that this tracking happens without the user’s clear awareness, which is exactly why regulators and browser makers turned against it. As third-party cookies disappear, marketers are shifting budget toward first-party data and on-page signals they own outright.
First-Party vs Third-Party Cookie
The difference is which domain sets the cookie relative to the site in your address bar.
- First-party cookie: Set by the domain you are actively visiting. It runs that site’s own logins, carts, preferences, and analytics.
- Third-party cookie: Set by a different domain loaded on the page. On
example.com, a cookie fromadnetwork.comis third-party and can be read anywhere that same network appears.
A first-party cookie serves the site you chose to visit. A third-party cookie serves an outside company tracking you across the web. Browsers now treat them very differently: first-party cookies still work everywhere, while third-party cookies are blocked by default in most browsers.
How a Third-Party Cookie Works
A third-party cookie is set when a page loads a resource, such as an ad or pixel, from an external domain that writes its own cookie.
- You visit
publisher.com, which embeds an ad served fromadnetwork.com. adnetwork.comsets a cookie in your browser, scoped to its own domain.- Later you visit
shop.com, which also loads content fromadnetwork.com. - The browser sends that same
adnetwork.comcookie back, so the network knows it is you. - The network links your behavior across both sites into one profile.
The header that creates it looks ordinary, but the request comes from an embedded third-party domain:
Set-Cookie: uid=xyz789; Domain=adnetwork.com; Secure; SameSite=None
The SameSite=None attribute is required for a cookie to be sent in cross-site contexts, which is what makes third-party tracking possible.
Third-Party Cookie Phase-Out
The third-party cookie phase-out is the browser-led effort to block cross-site cookies by default. Safari’s Intelligent Tracking Prevention has blocked them since March 2020. Firefox blocks them by default through Total Cookie Protection. Both moved years ago.
Google Chrome, the largest browser, took a different path. Its Privacy Sandbox project planned to remove third-party cookies, with deadlines that slipped from 2022 to 2024 to 2025. In July 2024 Google reversed course, and in April 2025 it confirmed it would keep third-party cookies in Chrome rather than force a phase-out. So third-party cookies still function in Chrome, but they remain blocked in Safari and Firefox, and users can opt out anywhere.
The practical result is unchanged for marketers: third-party cookie data is unreliable and shrinking. Attribution built on link tags survives this shift because the data lives in the URL, not a cookie. Tagging campaigns with a UTM builder keeps source and campaign data intact regardless of cookie policy.
Frequently Asked Questions
What is a third-party cookie?
A third-party cookie is a small file set by a domain other than the one in your address bar, usually via an ad or tracking script on the page. It lets that outside domain recognize you across multiple websites. Advertisers use it for cross-site tracking, retargeting, and building ad profiles.
What is the difference between first-party and third-party cookies?
A first-party cookie is set by the site you are visiting and runs its own features and analytics. A third-party cookie is set by an external domain and tracks you across many sites. First-party cookies still work everywhere, while third-party cookies are blocked by default in Safari and Firefox.
Are third-party cookies being phased out?
Partially. Safari and Firefox have blocked third-party cookies by default for years. Google Chrome planned to remove them but reversed that decision in 2024 and 2025, so they still work in Chrome. The overall trend still points away from relying on third-party cookie data.
Are third-party cookies bad?
Not inherently, but they raise privacy concerns because they track users across sites without clear consent. Regulations like GDPR require permission before they load. Most browsers and users now block or reject them, which makes them an unreliable basis for measurement.
To keep campaign tracking accurate as third-party cookies fade, tag every link with the free UTM builder at linkutm.