Third-Party Cookie
What is Third-Party Cookie?
Third-Party CookieA cookie set by a domain different from the one in the browser's address bar, historically used to track users across websites.
A third-party cookie is stored by a domain other than the page being visited, typically because the page embeds scripts, pixels, or iframes from another origin such as an ad network. Because the same identifier follows the user across every site that loads the third party, third-party cookies were the foundation of cross-site advertising tracking. Safari and Firefox now block them by default and Chrome is phasing them out via the Privacy Sandbox initiative, which proposes alternatives like Topics, FedCM, Attribution Reporting, and Storage Partitioning. Defences include browser blocking, anti-tracking extensions, and partitioned storage that scopes cookies to the top-level site.
● Examples
- 01
An ad network cookie set by an embedded banner that follows the user across publishers.
- 02
An analytics SDK iframe writing a cookie usable to join sessions across unrelated sites.
● Frequently asked questions
What is Third-Party Cookie?
A cookie set by a domain different from the one in the browser's address bar, historically used to track users across websites. It belongs to the Privacy & Data Protection category of cybersecurity.
What does Third-Party Cookie mean?
A cookie set by a domain different from the one in the browser's address bar, historically used to track users across websites.
How does Third-Party Cookie work?
A third-party cookie is stored by a domain other than the page being visited, typically because the page embeds scripts, pixels, or iframes from another origin such as an ad network. Because the same identifier follows the user across every site that loads the third party, third-party cookies were the foundation of cross-site advertising tracking. Safari and Firefox now block them by default and Chrome is phasing them out via the Privacy Sandbox initiative, which proposes alternatives like Topics, FedCM, Attribution Reporting, and Storage Partitioning. Defences include browser blocking, anti-tracking extensions, and partitioned storage that scopes cookies to the top-level site.
How do you defend against Third-Party Cookie?
Defences for Third-Party Cookie typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Third-Party Cookie?
Common alternative names include: 3P cookie, Cross-site cookie.
● Related terms
- privacy№ 241
Cross-Site Tracking
The practice of linking a user's activity across multiple unrelated websites to build a long-lived behavioural profile.
- privacy№ 1115
Supercookie
A persistent tracking identifier stored outside normal cookie storage, designed to survive cookie clearing and private-browsing mode.
- privacy№ 127
Browser Fingerprinting
A stateless tracking technique that identifies a user by combining browser, device, and configuration attributes into a near-unique signature.
- privacy№ 1166
Tracking Pixel
A tiny, often 1x1 transparent image or beacon embedded in a web page or email to silently record opens, visits, and other user events.