Recently, we’ve heard that some of you have questions about these cookies, so we’re answering them. In this post, we’re crumbling the tracking cookie to show you what it’s really made of, addressing the differences between first- and third-party cookies, and reviewing why relying only on cookie-based tracking will only hurt you in the end.
Browser Cookies: A Bite-Sized History
While the internet has been around in some form since the 1960s, it didn’t evolve into the World Wide Web we know today until 1991. The first websites were basic, clunky, and far from user friendly, but their commercial potential was obvious.
However, unlike brick and mortar businesses, websites had no way of knowing who was walking in the door, so to speak. Every user was anonymous, so websites offered every user the same experience — a poor one.
That all changed in 1994, when Lou Montulli invented the HTTP cookie.
An employee of Netscape, Montulli had been tasked to find a way to store incomplete transaction information in a user’s computer, rather than a business’s servers. His solution was a browser-based “cookie,” or a piece of data that could be stored by a web browser on a user’s computer. (He borrowed the term from “magic cookie,” a data file used in programming.)
Suddenly, cookies made it relatively easy for a website to collect, store, and monetize visitor data. So, naturally, every website started using them.
Different Types of Cookies
Cookies improve user experience. They make it possible for websites to remember user preferences, store items in shopping carts, and do a thousand other useful things. Cookies also perform essential functions on the web, such as authentication. Some of these jobs are more sensitive than others, or require specialized functionality, so different “types” of cookies exist to handle different tasks.
(We say “types” in quotation marks because, technically, every cookie is the same type of file. They can contain the same information and functionality. What’s different is how they are created and used.)
Some types of cookies include:
- Session cookies
- Persistent cookies
- Secure cookies
- HTTP-only cookies
- SameSite cookies (of Google Chrome 80 fame)
- First-party cookies
- Third-party cookies
If you’re a digital marketer, you’ll recognize the persistent cookie, just maybe not by name.
A persistent cookie is simply a cookie that expires after a specific date or time frame. Until it expires, a persistent cookie will share its information every time the user interacts with the domain it belongs to. This interaction can be on the website where the cookie was created, or via a resource belonging to the original website that is hosted by a different publisher, like a banner ad.
For this reason, persistent cookies are also called tracking cookies.
Tracking Cookies: First-Party vs Third-Party
Tracking cookies come in two flavors: first-party and third-party. The “party” in both terms refers to the website that sets the cookie.
As first-party cookies come from a trusted source — the website you’re actively visiting — browsers allow them by default. That’s generally a good thing, because these cookies enable much of the functionality you’re used to when browsing the web.
If first-party cookies were blocked, you would have to log in to your favorite website every time you visited. You wouldn’t be able to purchase multiple items while shopping online, because your cart would reset with every item you add to it. And so on.
You can still choose to disable first-party cookies in any browser, or delete them at will — just don’t say we didn’t warn you.
Third-party cookies are not set by the website you’re on. Instead, they are set by an external server (e.g., a tracking platform) via a piece of code loaded on the website you are visiting. These cookies can then be accessed on any website that loads the code from the same third-party server. Since they share information across websites, third-party cookies are also known as cross-site cookies.
Third-party cookies are used in online advertising because they make it easy for marketers to collect data about consumers and use it to serve relevant ads across the internet. Unfortunately, many websites use third-party cookies to collect this data without the consumer’s knowledge, mine unnecessary personal and behavioral information, and track users wherever they go online. These practices have led to increased global scrutiny and mistrust of the digital advertising industry and driven new legislation to protect consumer privacy and data security.
Browser support for third-party tracking cookies is rapidly declining. Many major browsers now block them by default, and others have announced plans to phase them out entirely:
- In Safari and iOS, Apple’s Intelligent Tracking Prevention (ITP) blocks all third-party tracking cookies by default. (Remember ITP 2.0? It started the shift towards cookie blocking in late 2018.)
- In Firefox, Mozilla’s Enhanced Tracking Protection blocks all third-party tracking cookies by default.
- Google announced in January 2020 plans to phase out support for third-party cookies in Chrome within two years, while Chrome’s Incognito mode now blocks all third-party cookies by default.
We admit it — not all cookies are bad. The internet as we know it couldn’t work without first-party cookies. Tracking cookies, however, are a different story.
When we tell you to cut out the cookies in our white paper, we mean tracking cookies in general, and third-party tracking cookies in particular. But even first-party cookies, when used for digital tracking purposes, have limitations and drawbacks.
Third-Party Cookies and Pixel Tracking
Third-party cookies and web browsers power pixel tracking, also called client-side tracking or cookie-based tracking. Cookies are simple, and web browsers do all the work of storing and sending information in pixel tracking, so it’s easy to implement and use. Unfortunately, cookies are also easy for browsers to block, users to delete, and bad actors to leverage, leaving marketers and their campaigns at risk. Not to mention, pixel tracking works only on desktop web.
Pros: Easy to set up and share data.
Cons: Inaccurate, unreliable, prone to fraud, doesn’t work on mobile, doesn’t work in browsers where third-party tracking cookies are blocked (i.e. Apple’s Safari, Mozilla’s Firefox, and soon Google’s Chrome).
First-party cookies can be used as third-party tracking cookies in certain situations. This can bypass some browser restrictions, but it’s not a panacea for pixel tracking.
Pros: Works on desktop web and mobile web, more reliable than pixel tracking, less sensitive to browser restrictions.
Cons: Implementation is more complex than pixel tracking, browser and cookie restrictions still apply, cannot track cross-channel, difficult to troubleshoot.
Conclusion: Cut Out the Cookies, Pivot to Postbacks
We stand by our point: All tracking cookies, whether first-party or third-party, will hurt your tracking health in the end. When superior solutions like postbacks are available, there’s no need to risk your campaign health with either one.
For the short list of pros and cons, plus how postbacks compare to cookie-based tracking, read “Pixels vs. Postbacks: Which Tracking Method Should You Be Using?”
For a more in-depth (and entertaining) look at all of these tracking methods, download our new white paper: How to Become a Track Star.
Performance marketers who continue to rely on the dying third-party cookie do so at their own risk. Whether the same fate awaits first-party tracking cookies is unknown, but we don’t suggest waiting around to find out.
Questions about cookies or other tracking topics? Reach out to our sales team at [email protected] or request a trial of TUNE.
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.