Third-Party Cookies
Cookies set by a domain other than the one the user is currently visiting, traditionally used for cross-site advertising, retargeting, and behavioral tracking.
What are third-party cookies?
Third-party cookies are cookies set by domains other than the website a user is actively browsing. When a webpage loads an ad from ads.example.com, that ad server can set a cookie on its own domain — even though the user never visited ads.example.com directly. Because the same ad network serves ads across thousands of sites, the cookie follows the user from site to site, building a cross-site browsing profile.
For over two decades, third-party cookies were the backbone of digital advertising. They powered retargeting campaigns, frequency capping, audience segmentation, and cross-site conversion measurement. A user who browsed shoes on one retailer's site would see shoe ads on a news site minutes later — all orchestrated through third-party cookies.
Why it matters
Third-party cookies are disappearing. Safari blocked them by default in 2020. Firefox followed. Google Chrome, which accounts for roughly 65% of global browser traffic, has announced plans to restrict them as well. This shift has profound consequences for marketing teams:
- Retargeting disruption — Cross-site retargeting audiences built on third-party cookies are shrinking as browser support declines.
- Measurement gaps — Conversion pixels from ad platforms (Meta, Google, TikTok) that relied on third-party cookies to match ad clicks to purchases are losing signal.
- Attribution blind spots — Multi-touch attribution models that depended on following users across sites can no longer connect the dots.
- Audience syndication limits — Data management platforms (DMPs) that packaged and sold audience segments built from third-party cookie data are losing their core asset.
The deprecation of third-party cookies is not a future scenario — it is already affecting data quality for any marketer relying on Safari and Firefox traffic, which together represent roughly 30% of web users.
How third-party cookies work
- Embed — A website includes a resource (pixel, ad tag, social widget) from an external domain.
- Cookie drop — The external domain's server responds with a
Set-Cookieheader, placing a cookie scoped to its own domain on the user's browser. - Cross-site recognition — When the user visits another website that also includes resources from the same external domain, the browser sends the previously set cookie along with the request.
- Profile building — The external domain aggregates browsing behavior across all participating sites, building a behavioral profile tied to that cookie.
Third-party cookie deprecation timeline
| Browser | Status |
|---|---|
| Safari (ITP) | Blocked by default since 2020 |
| Firefox (ETP) | Blocked by default since 2019 |
| Chrome (Privacy Sandbox) | Restricted; phased deprecation in progress |
| Edge | Follows Chromium changes with optional strict mode |
| Brave | Blocked by default since launch |
How Ingest Labs handles the third-party cookie transition
Ingest Labs was built for a world without third-party cookies. The platform uses server-side tracking with a durable first-party cookie (MPID) set on the customer's own subdomain, eliminating any dependence on third-party cookie infrastructure. Conversion data flows server-to-server via APIs like Meta's Conversions API and Google's Enhanced Conversions, ensuring that ad platforms receive accurate match signals regardless of browser cookie policies. The result is approximately 30% more captured data compared to client-side-only setups that still rely on third-party mechanisms.
See how Ingest Labs handles third-party cookies
Book a demo to see server-side tracking, identity resolution, and data quality in action.