How are browsers treating 1st vs 3rd party cookies?

You may have seen headlines about how different web browsers are planning to “get rid of third-party cookies,” or how websites “should move to first-party cookies.”

In this blog, we take a look at both types of cookies, covering what they are, how they’re used, and what you need to know in order to keep your digital marketing campaigns on track.

First thing’s first, what’s a cookie?

Oh boy. Okay, let’s start right at the beginning. At its most simple, a cookie is a small text file which is added to a user’s browser when they visit a website. Some cookies are necessary for websites to function, and others are used for innocent tracking and analytical purposes. Generally speaking, these ones are deemed as standard by most webmasters.

There are also cookies which are used for marketing purposes. These track your online activity to help advertisers deliver more relevant ads, or limit how many times you might see an ad. It’s these cookies, that are used for advertising purposes, that are often frowned upon. Here’s a great write-up about what cookies are.

Are there different types of cookies?

There are! Cookies tend to get broken down into two structures. They are either broken down by their intended use (session, analytical, etc.) or they are broken down by their creation method, “first” or “third party,” We don’t have to worry too much for now about the former method, and instead, we’ll just talk about first and third party cookies.

First Party Cookies – These are the cookies that are created, stored, or managed by the website that you are on. This might allow that website to collect analytical data on your session, remember your preferences, and collect other helpful data.

Third Party Cookies – These are cookies created by domains other than the one you’re visiting. Most commonly, they’re used for cross-site tracking, remarketing, and serving users more relevant ads.

It’s rather simplistic, but most webmasters will consider first party cookies as rather innocent and helpful. These are the ones created by the website you’re visiting, and they’re often only really created to help improve the user experience. It allows the browser you’re using to remember key pieces of information, such as your password, so you don’t have to log in each time, or any items you may have previously added to your basket on an eCommerce website.

Those pesky third-party cookies on the other hand, are created by websites other than the one you’re visiting. Most commonly, they’re used to track user behaviour to support online advertising. If you’ve ever been on your favourite fashion website, looking at a lovely pair of shoes, and then you’ve seen that same pair of shoes follow you around the internet for a while, that’s only possible due to third-party cookies.

So this is just about online ads?

We’d say mostly, but not entirely. It’s not just online advertising, you’d be surprised at some of the services supported by cookies – even some live chat / chat bots rely on them, as well as some CRM / lead monitoring systems too. Even those social media sharing buttons you often see on news article websites utilise them too.

Essentially, third-party cookies are mostly used to track user behaviour around the web. There’s definitely a discussion to be had here, as in many ways it could be argued that this functionality makes the web a better place. Personally, I like that websites remember some of my behavioural data, and use that to improve my experience – I’m the kind of person that would rather see a relevant ad than an irrelevant one. However, the issue has historically been that most of your average users aren’t aware that cookies are doing this in the background, and it’s historically been a difficult process to prevent / remove this functionality.

So why should I care now?

This is the right question to be asking! To put it simply, you should care now because browsers are beginning to act on this matter. They’re starting to take user privacy more seriously, and they’re implementing changes to their browsers that better protect the user. In particular, this has become a heightened discussion point since Google announced in January 2020 that Google Chrome, the most popular browser in the world by quite some distance, would begin to phase out third-party cookies within the next two years. You can read more about this here.

This is a good thing, of course, but it absolutely has ramifications for the digital marketing industry. Some of the changes that have been, or are about to be, implemented by these browsers will have a big impact upon the way in which digital marketing can operate, and what it’ll look like in the future.

We think it’s important that our teams and our clients understand these changes, as they’re likely to impact digital marketing strategies moving forward.

What are the browsers doing about this then?

Well, we’ve gone into each browser specifically in another post, which you can read here, but we can provide an easy overview here. For first party cookies, the browsers aren’t doing all that much. We mentioned it earlier, but first-party cookies are perceived as the wholesome, goody-goody two shoes of this situation. If anything, you could say that some of the changes we’ll explore shortly encourage the use of first-party cookies.

The reason browsers don’t mind these first-party cookies too much, as they can only be read when a user is on the website in question. This means they can’t really follow the user around the web for advertising purposes – which is the core focus of these changes (this is a simplification, but we’re not getting too technical here!).

It’s third party cookies where the changes are coming in (if they haven’t already!). Most commonly, these cookies are utilised to understand your behaviour on other websites, and then show you ads based upon that behaviour. With the media and legislation placing an increased focus on user privacy, this practice has become a huge talking point – despite the fact it’s been so commonplace (you could even make an argument that many of our online experiences are only possible because of cookies).

We think there are three key changes that browsers are making:

Firstly, a clear desire to better educate the user about cookies. We mentioned this earlier, but historically it was only the very nerdiest who understood that a cookie was something other than a delicious snack. Browsers are now doing a better job of informing their users about what cookies are, and how they’re being used.

Secondly, they’re making it a lot easier for users to control their cookie preferences. No longer do you have to be a fully certified hacker to understand which cookies are tracking you, and what they’re purpose is. This is now far more accessible.

Finally, browsers are doing a much, much better job of restricting malicious cookies. We’ll come onto this in more detail shortly, but the key takeaway for us is the wholesale restrictions most browsers are placing on third party cookies, as this is what could have the greatest impact upon digital marketing.

It’s that third point which is going to impact the digital landscape the most. Third-party cookies are one of the foundations upon which the internet is built, and the removal of them will undoubtedly have consequences, both positive and negative. You can read about these changes in more detail in the aforementioned post, but third-party cookies have already been phased out in some browsers, with Google Chrome being the last to do so (by 2022).

What does this mean for my business?

Whether you have or haven’t read the more detailed post on the changes these browsers have introduced, it’s becoming abundantly clear that third-party cookies are on the way out. Now, this wouldn’t be a problem but there are a lot of things that rely upon third-party cookies. Some of the key functionalities we’ve picked out are:

Behavioural targeting – the ability to target ads to a user based upon their wider shopping or research behaviour.

Retargeting / remarketing – the ability to target ads to a user based upon the previous websites they’ve visited.

Frequency capping – the ability to restrict the number of times a user sees an ad, if you don’t want to overwhelm them.

Attribution – the ability to see where a user first found your website, and credit any resulting sales / enquiries to that channel.

Now, we don’t think these functionalities will disappear from the web completely, but it’s almost impossible to think how they will continue to function when the very backbone which supports them all, third-party cookies, is being phased out.

What does this mean for the future?

We think it’s these technologies which are at risk. We’ve said this before, but on the positive side, “necessity is the mother invention,” and all that. For example, it’s impossible to think that Google will let some of these ad technologies go, as they make huge amounts of revenue from them – however, they’ll certainly be forced to innovate, and come up with new ways in which these technologies can be executed.

For a long time, third-party cookies have been used to shape our online experiences, but now they’re on the way out. Arguably, much of this could have been predicted with the advent of GDPR, and the increased discussion around user privacy. Naturally, brands who are built upon utilising practices that aren’t ethical will falter, as is often the consequence when the online browsers make large sweeping changes such as this.

Missed our first blog in the series? Catch up now!

Let's talk about opt-in cookie banners

Written by David Berry

Head of Performance & Analytics