Since the early 1990s, browser cookies have shaped many of our experiences on the internet. And over the past three decades, several types of cookies emerged, notably first-party cookies and third-party cookies.
Each type has a different purpose for different users. Website owners primarily use first-party cookies as a way to analyze how visitors use their site. Third-party cookies, on the other hand, often track user behavior across multiple sites, allowing advertisers to create more personal, targeted ads.
Most discussions about cookies, particularly third-party ones, center on privacy issues. In fact, some major technology companies have outright banned or restricted them on their platforms.
If you’re left wondering, “What do cookies do?” or “What are cookies used for on websites?” we get it. In this article, we’ll answer these questions and so much more as part of our guide to first- and third-party cookies.
What do cookies do?
Cookies are small pieces of data that attach to your device and web browser after you visit a website. Every time you visit a website, it creates a new cookie, but not all are the same.
These pieces of data perform various functions. For example, they can keep items in your online shopping cart, so they stay in your cart even if you exit the site and return later. Cookies also allow you to store authentication information, such as your username and password, so you can automatically log into websites.
However, that information isn’t only beneficial for users. They also create a record of browsing history and activity, which companies use for sales and digital marketing purposes.
First-party vs third-party cookies
Both first-party and third-party cookies (or 3rd party cookies) store your information to personalize your online experience. However, online advertisers and marketers also use this data – a lot. In particular, advertisers use third-party cookies to track users across different websites.
For privacy purposes and to know how browsers store your information, it’s important to know how they work. Let’s take a look at the differences between the two types.
What is a first-party cookie?
Websites use first-party cookies as a way to personalize your browsing activity. Thanks to these cookies, webmasters can track user behavior to get a better grasp on their audience. From changing language settings to improving the overall user experience, first-party cookies help to create a better web experience.
These cookies are crucial for ecommerce sites and platforms. Companies use them to recommend products to users as well as store your shopping cart and payment information for future use.
GDPR changes to cookies
After the European Union enacted the
General Data Protection Regulation (GDPR) laws in 2018, chances are you received pop-up messages from websites asking your permission to store cookies on your device. You likely still see them today.
This message ensures that websites are in compliance with GDPR regulations. There are specific scenarios where websites may not let you browse if you decline cookies, which you may want to do in some cases.
Check the SSL certificate
For example, you may choose to decline cookies on a website that lacks an
SSL certificate. You can easily tell if a site has this certificate. If it’s SSL certified, the domain starts with “https.” If it doesn’t, the domain will only have “http.”
Without SSL, the site lacks proper encryption. This makes it easier for hackers to steal the website's data, including first-party cookies. You should also decline cookies when you provide highly sensitive personal information, like your bank account information.
What is a third-party cookie?
Third-party cookies are placed on your device by someone other than the owner of the domain you’re visiting. Online advertisers generally use these cookies, which they place on sites using a script or tag. Social media sites such as Facebook do this, too, and it allows marketers to better target you on their platform.
Third-party cookies follow you around the web, but they have no impact on user experience. This is why you should always block third-party cookies if given the option.
Third-party cookies are also known as tracking cookies, because they “track” your behavior to serve more relevant ads to you. If you ever wondered why YouTube served you a personalized ad related to something you viewed earlier online, you can blame third-party cookies.
The end of third-party cookies?
Many big tech companies, including Apple and Google, are in the process of phasing out third-party cookies. Google announced a ban of third-party cookies in Google Chrome by 2023, with the plan to replace them with the
Federated Learning of Cohorts algorithm.
The algorithm analyzes a user's online activity within Google Chrome and assigns a "cohort ID" to each user. It then groups the cohorts together by the thousands, which means advertisers can’t access individual tracking data. The algorithm is in review to see if it’s GDPR compliant.
Apple banned third-party cookies in its Safari web browser in
2020. The company then implemented apps on its devices to obtain a user's permission to track their activity on other apps and websites. This is similar to how it asks user permission to access a user's photos and microphone.
When to allow cookies
With all this talk of tracking and compliance issues, you may be wondering when it’s OK to allow cookies.
1. Better browsing experience
Accepting first-party cookies generally allows for a better user experience on a website. Plus, you may not be able to access certain websites without accepting cookies, because they may decline your entry until you allow them.
2. Streamlined online shopping
In other cases, the site may not work as intended if you don’t allow cookies. This is particularly true with online shopping and ecommerce sites. In this case, the website can’t save your shopping cart or recommend specific products based on your behavior.
Without cookies, ecommerce sites would delete your cart every time you click on a new link, turning online shopping into a nightmare.
3. Conveniently store your info
You can use cookies to save information, such as usernames and passwords, to easily log into websites and fill out forms. This is particularly convenient when you have a number of online accounts with different usernames and passwords. It’s also better than logging in via your Facebook or Google account, which grants them access to your browsing data.
When to not allow cookies
It’s not worth accepting all cookies outright. The good thing is that, thanks to GDPR, most websites will ask if you accept their cookies or not. When this happens, consider thoroughly reviewing their privacy policy to see if there is any mention of third-party cookies.
1. Just say no to third-party cookies
If a site allows for it, either unselect the option to accept third-party cookies or decline them completely. This helps to protect your personal information, even if you enter it somewhere on that particular website.
2. When using public WiFi
Disallow cookies any time you use public WiFi. Hackers can use a process called
cookie scraping to steal information over WiFi. If you allow cookies when you’re working at a coffee shop, you run the risk of hackers snatching up any personal information you enter, from passwords to financial information.
How to turn off cookies
You can delete all cookies, first party and third party, at any time in the settings of your favorite internet browser. Simply navigate to the section where you clear browsing data and check the option for deleting cookies.
Once you delete your cookies, you can choose to turn them off entirely so you don’t acquire new ones. Every browser has a slightly different process, but you can generally find it under any “privacy” tab or menu in your browser’s settings.
Here’s how to do it in Google Chrome:
- In Google Chrome, click Settings
- Select "Privacy and security"
- Select "Cookies and other site data"
- Enable "Block third-party cookies" or "Block all cookies"
You can also clear all of your cookies and site data after you close your browser. Do this if you don’t want to save your username or password information, and if you prefer the most private browsing experience possible.
However, we don’t recommend that you block all of them. This could disrupt your browsing experience on many websites.
Summary
Understanding how cookies work is crucial to safely and securely browsing the web. First-party cookies certainly have their uses, including tailoring your browsing experience to your needs, but you should avoid third-party cookies whenever possible.
However, chances are you may not have to worry about that soon, because companies like Google and Apple continue to take steps to get rid of third-party cookies. Until that happens, it’s important to be aware of both first-party and third-party cookies and when you should allow them.
About the Author: Daniel Horowitz is a contributing writer for HP Tech Takes. Daniel is a New York-based author and has written for publications such as USA Today, Digital Trends, Unwinnable Magazine, and many other media outlets. Popular HP Products