Cookies in web browsers quietly power much of the browsing experience, remembering preferences, personalising content, and keeping sessions running smoothly.
But not all cookies are the same. And more importantly, not all browsers treat them the same way.
Some block trackers by default, others do not. These differences can affect user privacy, how websites work, and how developers build for compliance.
In this article, we explore how major browsers handle cookies and why this matters for users and developers.
What are cookies in web browser?
Cookies are fundamental to how the web works. These small text files are created by web servers and stored on a user’s device via their browser. They help websites remember actions, preferences, and sessions—bridging the stateless nature of HTTP and enabling a smoother, more personalised browsing experience.
Beyond convenience, cookies also play a key role in advertising and analytics by tailoring content based on user behaviour. But while they enhance functionality, they also raise important privacy concerns, especially in the context of modern data protection regulations.
Types of cookies in web browser
Cookies serve different purposes based on type:
- Session cookies are temporary and disappear when the browser closes. They support actions like keeping items in a shopping cart during a visit.
- Persistent cookies remain on the device after a session, storing preferences and login info to personalise repeat visits.
- Third-party cookies are set by external domains, mainly for advertising. They track users across sites and raise privacy concerns.
Browser cookies from a web development perspective
In web development, cookies are essential for creating seamless and personalised user experiences. From e-commerce to social media and interactive apps, they enable websites to remember user preferences, store session data, and support critical functions like authentication.
This versatility makes cookies a powerful tool for building functional, user-friendly websites. But with that power comes responsibility. Developers must handle cookies with care, ensuring transparency, securing data, and complying with privacy regulations like the GDPR. Failing to do so can lead to compliance risks and loss of user trust.
Cookie management strategies
Effective cookie management ensures privacy compliance and builds user trust. Clear consent options, easy withdrawal, and purpose-based grouping improve transparency.
But there’s another layer developers must account for: the browser.
Each browser handles cookies differently—blocking, storing, or limiting them in unique ways. Developers must also consider how each browser handles cookies differently, as this affects user experience and consent tracking across websites.
Stay compliant across browsers with CookieYes
CookieYes auto-detects every cookie and categorises them for effortless management & compliance.
Get started for free14-day free trialCancel anytime
How do different web browsers handle cookies?
Different browsers manage cookies uniquely, affecting how users experience the web. This variability complicates both user experience and web development. Developers must consider each browser’s specific handling rules. Here, we will explore how popular browsers manage cookies, focusing on their default settings, user controls, and privacy features.
Google Chrome
First-party cookies
Allowed by default
Chrome permits websites to store cookies that match the domain shown in the address bar. These cookies enable core site functionality such as maintaining sessions, remembering preferences, and keeping users logged in.
Third-party cookies
Still allowed by default
Google Chrome continues to allow third-party cookies. Although Google initially planned to phase them out as part of the Privacy Sandbox initiative, it has delayed and reconsidered full deprecation. Users can still manage how third-party cookies behave through Chrome’s privacy settings.
Privacy features
Privacy Sandbox
Google is developing a set of technologies under the Privacy Sandbox initiative to reduce cross-site tracking while still supporting advertising use cases. This includes:
- Topics API: Assigns interest-based categories to users based on browsing activity without revealing exact site history.
- Attribution Reporting API: Allows for ad conversion measurement without third-party cookies.
- Protected Audience API: Supports remarketing and interest-based ads without user-level identifiers.
These APIs are intended to provide advertisers with alternatives while improving user privacy compared to traditional tracking methods.
Security features
Chrome enforces modern cookie handling rules for better security:
- SameSite attribute is applied by default to cookies that lack an explicit value, treating them as SameSite=Lax. This limits how cookies are sent in cross-site requests.
- Secure flag is required for cookies set with SameSite=None, ensuring they are only transmitted over HTTPS.
- HttpOnly flag is supported, which prevents cookies from being accessed through JavaScript, reducing exposure to cross-site scripting (XSS) attacks.
User controls
Chrome gives users several cookie management options:
- Block all cookies or only third-party cookies through Settings > Privacy and security > Third-party cookies.
- Clear cookies and site data for individual websites via the site settings interface.
- Set exceptions to allow or block cookies for specific domains.
- Enable additional controls through advanced features like “Clear cookies and site data when you close all windows.”
Mozilla Firefox
First-party cookies
Allowed by default
Firefox permits cookies from the sites users are actively visiting. These cookies help remember user preferences, login status, and browsing behaviour on that site.
Third-party cookies
Blocked for known trackers by default
Firefox uses Enhanced Tracking Protection (ETP) to block third-party cookies from known tracking domains. Other non-tracking third-party cookies are allowed under the default settings.
Privacy features
Enhanced Tracking Protection (ETP)
Firefox offers three ETP modes to control tracking and cookie behaviour:
- Standard (default): Blocks known tracking cookies, social media trackers, cryptominers, and fingerprinting scripts. Most websites will continue to work normally.
- Strict: Blocks all third-party cookies, including those not classified as trackers. This provides stronger privacy but may cause some websites to break.
- Custom: Let users choose exactly what to block—cookies, trackers, fingerprinting, and more—for full control.
Total Cookie Protection
Isolates cookies per website
Each website gets its own “cookie jar”, preventing cross-site tracking—even if the cookies themselves are allowed. This feature is enabled by default in private browsing and is rolling out to standard mode users.
User controls
Firefox gives users extensive control over how cookies are managed:
- Clear cookies and site data easily through Settings > Privacy & Security. Users can delete all cookies or only those from specific sites.
- Granular privacy settings let users block or allow cookies and trackers on a site-by-site basis. Options include clearing data on exit, managing exceptions, and reviewing all saved cookies.
Apple Safari
First-party cookies
Allowed by default
Safari accepts cookies and website data only from websites that the users visit by default. This includes first-party cookies and select third-party cookies embedded within sites the users have previously visited. This setting helps preserve functionality while reducing unwanted tracking.
Third-party cookies
Effectively blocked by default
Safari limits third-party tracking using a combination of default cookie policies and Intelligent Tracking Prevention (ITP). ITP uses on-device machine learning to classify and restrict tracking capabilities of third-party domains, including blocking their cookies or capping their lifespan.
Although Safari’s default setting allows cookies from “websites I visit,” third-party cookies from unknown or unvisited domains are blocked, effectively preventing many advertisers and third-party trackers from storing cookies.
Privacy features
Intelligent Tracking Prevention (ITP)
Safari’s ITP is designed to limit tracking across the web. Key features include:
- Detection of cross-site trackers using machine learning.
- Automatic blocking or restriction of cookies from classified trackers.
- Expiration limits for cookies even in a first-party context—e.g., cookies may be capped at 7 days or less, depending on tracking behavior.
- No reliance on external blocklists—ITP works independently based on user activity.
These measures make Safari one of the most privacy-focused browsers in mainstream use.
User Controls
Safari offers several cookie and privacy management options:
- Cookie preferences can be adjusted under Safari > Settings (or Preferences) > Privacy, where users can:
- Block all cookies.
- Allow cookies only from the current site.
- Allow cookies only from visited websites.
- Allow all cookies.
- Block all cookies.
- Remove stored cookies and data: Users can view and remove individual or all site cookies and stored data through the Details option.
- Do Not Track setting: Safari allows users to request that websites not track them, though compliance depends on the site.
Note: Blocking all cookies is possible but not recommended, as it may cause websites to malfunction or prevent logins from working correctly.
Microsoft Edge
First-party cookies
Allowed by default
Microsoft Edge allows first-party cookies, which are created by the websites the users visit directly. These cookies store login information, preferences, and other data to personalise and maintain the browsing experience.
Third-party cookies
Allowed by default, with optional blocking
Edge permits third-party cookies by default. These cookies, often used by advertisers or embedded services, can track browsing activity across different sites. Users can block them through Edge’s built-in tracking prevention settings.
Privacy features
Tracking Prevention Levels
Edge includes three levels of tracking prevention to give users more control over their privacy:
- Basic: Allows most cookies and trackers. This level is designed to maximise website compatibility while offering minimal privacy protection.
- Balanced (default setting): Blocks trackers from websites the user hasn’t interacted with. It maintains functionality while reducing cross-site tracking.
- Strict: Blocks most third-party cookies and known trackers. This provides the highest level of privacy but may affect how some websites function.
These levels allow users to tailor privacy protection based on their browsing needs.
User controls
Edge includes several tools for managing cookies and tracking:
- Users can view and adjust their tracking prevention settings from Settings > Privacy, Search, and Services.
- Cookies and site data can be cleared individually or in bulk from Settings > Cookies and site permissions.
- A tracking prevention dashboard shows which trackers have been blocked.
- Users can send “Do Not Track” requests to websites, although compliance depends on the site.
Brave
First-party cookies
Allowed by default
Brave allows first-party cookies, which are set by the website the users are currently visiting. These cookies help websites remember user login status, preferences, and other on-site activities.
Third-party cookies
Blocked by default
Brave blocks third-party cookies automatically. These cookies are usually placed by advertisers or third-party services and are commonly used for cross-site tracking. Users can adjust these settings to allow or block cookies based on their preferences.
Privacy features
Brave Shields
Brave includes a built-in feature called Shields that enhances user privacy and security. Shields automatically:
- Block ads and trackers
- Block third-party cookies
- Prevent fingerprinting
- Upgrade connections to HTTPS when possible
These protections are active by default and can be customised globally or on a per-site basis.
Cookie control options
Brave gives users several ways to control how cookies behave:
- Block all cookies: Prevents all websites from storing cookies on the user’s device.
- Block only third-party cookies: Allows first-party cookies but blocks cross-site tracking.
- Allow all cookies: Permits all cookies, including third-party ones.
Users can manage these settings from the browser’s Shields panel or through system preferences.
User controls
Brave offers a range of cookie management tools:
- Clear cookies on exit: Automatically deletes cookies each time the browser is closed.
- Manual cookie clearing: Accessible through the menu under Settings> Additional settings > Privacy and Security > Site and shields settings > Cookies and site data.
- Site-specific controls: Users can allow or block cookies for individual websites by clicking the lock icon in the address bar and selecting ‘Site settings’.
- Import and export settings: Cookie preferences can be transferred between devices using Brave’s import/export feature under ‘Privacy and security’.
DuckDuckGo
First-party cookies
Minimally used and only for non-personal settings
DuckDuckGo sets non-personal first-party cookies solely to store anonymous browser settings (such as region or theme). These cookies are optional and not used for tracking. Users can bypass cookies entirely by using URL parameters or the Cloud Save feature.
Third-party cookies
Blocked by default
DuckDuckGo blocks third-party cookies through its browser and extensions. These cookies, typically used for advertising and cross-site tracking, are not permitted unless explicitly allowed by the user.
Privacy features
Built-in tracking protection
DuckDuckGo offers extensive tracking protection in both its browser and browser extensions:
- Blocks third-party trackers from companies like Google and Facebook
- Blocks tracking cookies and fingerprinting techniques
- Does not track search activity—search queries are not logged or linked to user identity
- Blocks email trackers through its Email Protection tool
- Blocks app trackers on Android via App Tracking Protection (currently in beta)
Cookie pop-up blocking
The browser includes a built-in feature that hides cookie consent pop-ups on many websites, removing friction while still respecting user privacy preferences.
Burn feature
The Fire Button allows users to instantly clear all cookies, browsing data, and open tabs with a single click.
User controls
DuckDuckGo offers user-friendly privacy and cookie controls:
- Browser-wide cookie blocking is enabled by default
- Per-site cookie permissions are customisable through browser settings
- Email Protection forwards messages to users while stripping out trackers
- Search preferences can be stored via non-personal cookies, URL parameters, or Cloud Save for syncing across devices
DuckDuckGo does not collect or store any personal data by default and avoids building behavioural profiles for advertising. Its approach to cookies is minimal, transparent, and focused entirely on user control.
Quick comparison of cookies in web browser
| Browser | First-party cookies | Third-party cookies | Privacy features | User controls |
| Google Chrome | Yes | Yes | Privacy Sandbox APIs (Topics, Attribution, Audience) | Block all/third-party cookies |
| Mozilla Firefox | Yes | Partial block | Enhanced Tracking Protection (Standard, Strict, Custom) | Clear all/specific cookies |
| Safari | Yes (only from visited websites) | Blocked | Intelligent Tracking Prevention (ITP) | Allow/block all or visited sites |
| Microsoft Edge | Yes | Yes (user can block) | Tracking Prevention Levels (Basic, Balanced, Strict) | Tracking prevention dashboard |
| Brave | Yes | Blocked | Brave Shields | Block all/3rd-party/allow all |
| DuckDuckGo | Minimally used for non-personal settings | Blocked | Built-in tracker blocking | Cookie blocking on by default |
Key takeaways
- First-party cookies are allowed by default in all major browsers to support core site functions like login and preferences.
- Third-party cookies:
- Allowed by default: Chrome, Edge
- Blocked by default: Brave, DuckDuckGo
- Partially blocked: Firefox (known trackers), Safari (via ITP)
- Privacy-first browsers (Brave, DuckDuckGo, Firefox) offer strong default protections—blocking trackers, fingerprinting, and enforcing cookie isolation.
- Chrome still allows third-party cookies but is transitioning to Privacy Sandbox APIs for a cookie-free tracking model.
- User controls are available in all browsers, letting users block, allow, or clear cookies globally or per site.
- Developers must account for browser differences in cookie handling to ensure privacy compliance and a consistent user experience.
Data privacy regulations and implications
Regulations like the General Data Protection Regulation (GDPR) and California Privacy Rights Act (CPRA) dictate how cookies can be used. They require:
- Transparency in data collection
- Clear user consent mechanisms
- Easy options for users to manage preferences
These laws shape how browsers and websites handle cookies, ensuring users maintain control over their data.
GDPR and cookie consent
The GDPR requires websites to obtain clear, affirmative consent before setting any non-essential cookies. This typically means:
- Displaying a cookie banner before cookies are placed
- Explaining cookie types and purposes
- Providing options to accept, reject, or customise consent
CPRA and cookie preferences
Under the CPRA:
- Users must be informed about what data is collected
- Websites must offer a ‘Do Not Sell or Share My Data’ option
- Cookie dashboards should allow users to manage data preferences
Both laws have driven the adoption of user-first privacy practices across websites and browsers.
Future outlook of web cookie management
Understanding how browsers handle cookies is essential for both users and developers. Each browser takes a different approach to balance privacy, functionality, and compliance with regulations like GDPR and CCPA. Staying informed helps users protect their data, while developers can build more privacy-compliant experiences.
Cookie management is shifting toward stricter privacy controls and smarter tracking prevention. Browsers will likely use AI to enhance protection, offering greater transparency and personalised yet secure browsing.
Cookies are small text files that a website asks your browser to store on your device. They hold information like login status, language preferences, and items in your cart. When you revisit the site, the browser sends these cookies back, allowing the website to “remember” you and deliver a more seamless experience.
Yes. Cookies are stored separately for each browser and user profile. For example, cookies saved in Chrome won’t be accessible in Firefox. Similarly, if you use multiple profiles in the same browser, each profile has its own set of cookies.
Cookies track users by storing a unique ID in the browser. When you revisit a site, the browser sends this ID back, allowing the site to recognise you and log your activity. Third-party cookies enable tracking across multiple websites, helping advertisers build user profiles and serve targeted ads.
Shreya is the Senior Content Writer at CookieYes, focused on creating engaging, audience-driven blog posts and related content. Off the clock, you’ll find her happily lost in the world of fiction.
