First Party vs Third Party Cookies

Paid Search

“What is a cookie? What is the difference between a first-party and a third-party cookie? How does this all impact me?”

You may have heard a lot of talk about Google and cookies of late. In January this year, Google announced that it was phasing out third-party cookies in Google Chrome by 2022, only for them to delay it a few weeks ago to mid 2023. This also comes after Google updated the global site tag (gtag.js) and Google Tag Manager tracking snippets to utilise first-party cookies in May. Both of these moves have come with Google’s shifting stance toward a more privacy focused internet, but what does it actually all mean? In this blog, I’ll break down what a cookie is, the difference between a first-party and a third-party cookie and what this actually means for you.

What is a cookie?

A cookie is one of the main methods for a website to store data in your browser, as opposed to storing it on their own servers. It’s quite often used to store small bits of information such as:

  • User configuration settings (do you prefer light mode or dark mode?)
  • Information on the session (what products have you added to cart)
  • Tracking information, such as ID numbers, to monitor your behaviour.

What is a first-party cookie and how is it different from a third-party cookie?

A cookie is associated to whatever website or domain that sets it. If a cookie is set by the website you’re directly visiting, then it’s considered a first-party cookie. But if a cookie is set by a script from a different domain, to the website you’re visiting, then it is considered a third-party cookie.

For example, let’s say you’re visiting example.com and you add a product to cart: The details of your cart would be stored under example.com‘s cookie. But the website was also running an analytics script from myanalytics.com

Why was this distinction important? The information within cookies can only be accessed by the domain that set it. A website that set a first-party cookie was able to access the data stored in there, but a third-party script could not. But that also means that if a third-party domain set a cookie, it could access that cookie on any other website, as long as the third-party domain was on that website.

This enabled many services to track users across websites (cross-domain tracking). If an ad platform was on a store you visited and then on another website, the ad platform was able to access it’s third-party cookie and know that you had visited the store, enabling them to show you a remarketing ad.

What is happening with third-party cookies now?

With many companies now pushing toward a more “privacy” focused internet, many browsers and devices are blocking the creation of third-party cookies by default or have a method of isolating cookies so they can’t be used for tracking purposes.

Google, being in the unique position of having both a browser and an ads platform, have also decided to move toward utilising first-party cookies. This means that both main methods of tracking, either the global site tag (gtag.js) and Google Tag Manager, now both use first-party cookies, which impacts Google Ads and Google Analytics.

The full implications of this shift have yet to be seen, but Google have already updated the Google Ads Conversion tags to handle enhanced conversion data (such as product-level sales, customer data and shipping data) to be provided by the first-party for enhanced tracking. Similarly, the shift to a first-party cookie is just one part of a broader shift in tracking and privacy changes that Google is rolling out to their services, with others such as the FloC (Federated Learning of Cohorts) yet to be implemented.

It’s a turbulent and exciting time in digital marketing with the many upcoming changes shaking up the normal ways of doing business. But as always, with change comes opportunities and you can be sure that we will be on top of all the ongoing changes in the industry.