During the turn of the millennium, advertisers started adopting tracking cookies because it gave them an easy way to reach their target audience on a larger scale. But over time, tracking cookies have fallen from grace, as user privacy took a centre stage. 

Understand what tracking cookies are, how they work and how you can block them as an end-user as well as a website owner or publisher.

What are tracking cookies?

Tracking cookies are cookies that are either set on a user’s web browser by the website they are on or a third party. These cookies track the user’s online behaviour i.e. collect their data, such as clicks, shopping preferences, device specifications, location, and search history. This data helps in targeted advertising and gathering website analytics. 

First-party tracking cookies are used to track the visitor’s surfing behaviour on the website, to remember user activity over multiple visits etc. This information is used to optimize user experience in their subsequent visits. For instance, you may have seen links to the pages you visited recently on the same website. This is enabled by first-party cookies. 

Examples of first-party tracking cookies include Google Analytics cookies (​​mainly _utma,_utmb, _utmc, _utmz) that are used to track a website’s visitors.

What are third-party tracking cookies?

Third-party tracking cookies are created by an external server via a piece of code loaded on the website you are browsing. Third-party cookies are usually created by advertisers, data aggregators and other websites and are set through display ads, social media plugins, live-chat popups or web analytics tools used by a website. 

Third-party trackers (or cookies) can then be accessed by the third party that creates them and since they share information across websites, they are also known as cross-site cookies. Third-party tracking cookies are then used extensively for online advertising and retargeting. 

Examples of third-party tracking cookies involve cookies set by advertising networks such as doubleclick.net, amazon-adsystem.com, Facebook pixels, quantserve.com smaato.net, addthis.com, taboola.com and so on.

What information do tracking cookies collect?

Since tracking cookies are often used to advertise products and services to users, they mostly store information about users’ online browsing activity. Tracking cookies can collect information about all the sites you visit, the pages you looked at within a website, products you might have clicked on, purchases that you’ve made, etc, IP address, and your geographic location. Advertisers use this information to serve you custom ads across the web and in your social media feeds. 

Are tracking cookies dangerous?

It depends. You could be searching for running shoes and you may come across a shoe ad that is in tune with what you are searching for. Good deal, right? When used for legitimate marketing and advertising purposes, tracking cookies can give us personalized ads and suggestions that can be useful.

You may have seen ads popping up on websites while you browse on the internet. Let’s take the case of the display ad below. If you click on the ‘i’ button on the ad, you get information about which ad networks set the ad and how you can control your settings.

example of ads set by tracking cookies
How tracking cookies are used to display ads on the internet.
google display ad's use of tracking cookies
Google Ads use tracking cookies to show display ads.

This is an example of how ad networks collect data from users and display ads. Third parties — affiliate networks and advertisers like Google, Facebook, Amazon, Quantcast may use cookies, and other data tracking methods, to collect users’ data without our consent. Over time, tracking cookies can collect a lot of personal information and behavioural data — they can learn about your location, device information, purchase history, search queries, and much more.

Since advertisers can easily gather basic data without users even consenting to it, tracking cookies have a bad rap. Users have raised privacy concerns and object to being tracked by third-party software of any kind.

Does your website use tracking cookies?

If you are a web publisher or website owner, you should be aware of all the cookies set by your website, especially third-party cookies. Often, websites are not aware of all third parties permitted to create and store cookies on a user’s browser. You can use a free cookie scanner and get an audit report of the cookie categories, all the cookies set by your website, their purpose, domain and duration.

As the information collected via cookies have raised privacy concerns over the years, some laws regulate their usage. The two notable ones are the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the US.

GDPR and tracking cookies

According to the GDPR, web publishers are required to get user consent to collect personal data, including data collected from online identifiers like tracking cookies. Cookies, except strictly necessary cookies, are subject to the GDPR’s standards of consent.

Under Article 4(11) of GDPR, consent of the user means any freely given, specific, informed and unambiguous indication given by a clear affirmative action. Hence, websites are required to ask for users’ consent before setting cookies on their browsers. 

The ePrivacy Directive or EU cookie law which predates the GPPR also requires websites to obtain user consent for cookies except those used to facilitate communication over a network and essential cookies.

cookie banner on website homepage
A simple cookie consent banner with the option to accept or reject cookies.

CCPA and tracking cookies

CCPA’s definition of personal information includes unique identifiers like cookies and information regarding a consumer’s interaction with a website, application, or advertisement through browsing habits, search history etc. This means that cookies used behavioural advertising may constitute a ‘sale’, as defined in the CCPA. To avoid any risk, websites that use third-party cookies for advertising should display a cookie opt-out notice with a ‘Do Not Sell’ button.

cookie opt-out notice for tracking cookies
A simple cookie opt-out notice from CookieYes.

Obtain consent for tracking cookies

Websites should display a cookie popup or banner that allow users to opt-in or consent to the use of cookies.  Consent should be explicit, implicit consent or soft opt-in is invalid as per EU’s privacy regulations. 

CookieYes cookie consent solution helps over 1.3 million websites to obtain consent for cookies and achieve privacy compliance. CookieYes will help you implement foolproof cookie consent on your website. With CookieYes, you can tick off the cookie compliance checklist below:

  • Display cookie consent banner or cookie opt-out notice on a website
  • Provide clear information about cookie usage and its purpose
  • Provide option to accept or decline cookies via ‘accept’ and ‘reject’ button
  • Provide option to give granular consent to separate cookie categories
  • Include information about cookie categories, the purpose of each cookie, their duration and their domain (who they are set by)
  • Link to a detailed cookie policy on your website or cookie banner
  • Provide users with an easy way to revoke consent after giving it
  • Record all user consents for proof of consent
  • Auto-block third-party cookies and scripts till the user gives consent
  • Support the browser’s DNT (Do Not Track) status

Obtain cookie consent and
minimize your legal risk

Try for free

14-day free trialNo credit card required

Block third-party cookie scripts

Website owners cannot always control cookies set by third parties because these cookies may have other cookies nested inside them. Note that a third-party tool used on your website may be using third-party cookies of their own, so the chain of cookies can be endless. That’s why it’s important to implement autoblocking of third-party scripts.

You can Sign up on CookieYes for free, initiate a scan from your dashboard. That’s it! CookieYes will do the work for you. CookieYes scanner will categorize all cookies and scripts on your site and third-party scripts like Google Analytics and Facebook Pixels will be automatically blocked from being set until the user gives consent.

You can also manually add third-party scripts that need to be blocked. CookieYes can also be integrated with Google Consent Mode and Google Tag Manager easily.

How to block tracking cookies on your browser?

If you are concerned about tracking cookies, you can implement settings on your browser to mitigate tracking. Apple’s Safari browser and Mozilla’s Firefox browser already block third-party tracking cookies, while Google Chrome has announced a third-party cookie phaseout by 2023. 

Here’s how you can block cookies on different browsers and enable additional privacy settings.

Chrome

In Chrome, click on the three dots in the top right corner, then select: Settings> Privacy and security > Cookies and other site data

disable tracking cookies on google chrome

Safari

Safari blocks cookies used for cross-site tracking by default. You can also block all cookies on the browser, or select and remove websites that have data stored about you. For this, open Safari and select: Preferences > Privacy > Manage Website Data

disable tracking cookies on safari

Firefox

By default, Firefox blocks third-party tracking cookies, social media trackers crypto miners etc. For enabling additional settings, go to the menu bar on the top-right corner, select: Settings > Privacy & Security

disable tracking cookies on firefox

Edge

To block third-party tracking cookies on Edge, open the browser, click on click on the three dots in the top right corner and select: Settings > Cookies and Site Permissions > Manage and delete cookies and site data

block third-party tracking cookies on microsoft edge

Use privacy-focused browsers

Cookies are not the only concern when it comes to tracking, browser fingerprinting is another mechanism through which websites collect information about users. Websites can collect information about your browser type and version, operating system, active plugins, time zone, language, screen resolution and various other settings. While this data doesn’t directly identify a user, there’s only a small chance for another user to have the exact matching browser fingerprint.

If you want to be extra precautious, you can switch to privacy-friendly browsers, such as DuckDuckGo, Brave, Privacy Badger and Ghostery.

FAQ on tracking cookies

What are cookies?

Cookies are small text files that store information in your browser. When the user visits a website it might store some cookies to recognize the user in future visits. When you visit that website again, it will remember you from your last visit. These cookies remember your preferences, language, login details, customize your browsing experience and display targeted ads. 

How do tracking cookies work?

Here’s how cookie tracking works. You visit a site, a third-party advertiser leaves a cookie on your browser. The cookie which contains a unique identifier will follow you around the web. It will collect information about all the sites you visit, the pages you looked at within a website, products you might have clicked on or purchases that you’ve made etc. Advertisers use the information collected via tracking cookies to serve users custom ads across the web and in their social media feeds.

Is a tracking cookie bad?

No. In general, tracking cookies or any other type of cookies are not inherently bad. They won’t damage your devices or place malware or adware on them. However, tracking cookies can be of concern to privacy-conscious users who don’t want advertisers to collect their personal data.

Most often, tracking cookies are third-party cookies, meaning they’re placed on a website by a third party and collect data for the purpose of advertising and retargeting. However, over time, tracking cookies set by big advertising networks can collect a lot of your personal information that can be invasive. 

What is the Do Not Track setting?

Do Not Track is a web browser setting that enables users to opt-out of tracking by websites they do not visit. When you enable the Do Not Track (DNT)  in your browser’s settings, your browser adds a Do Not Track request header.  to all of your web traffic. This tells websites that you don’t want them to track you i.e. you don’t wish for tracking cookies from analytics or advertising networks to gather data about your browsing habits. Google Chrome, Mozilla Firefox, and Microsoft Edge are browsers that support DNT.

How do I get rid of tracking cookies?

Web browsers have a setting that allows you to request that websites don’t track you. You can check the ‘How to block tracking cookies on your browser?’ section to disable tracking cookies on Chrome, Safari and Firefox. If you want a more privacy-friendly option, use browsers or extensions like Brave, Ghostery, Privacy Badger, or DuckDuckGo.

You can also go directly to ad network websites like NAI Consumer Opt-OutOracle and Acxiom to opt-out of their third-party, interest-based advertising. 

Are tracking cookies illegal?

Tracking cookies are not illegal. However, as the information collected via tracking cookies can include your location, device information, purchase history, search queries, and so much more, privacy concerns have been raised. Privacy regulations, such as the GDPR, CCPA and LGPD, therefore have provisions to regulate the use of cookies, especially third-party and tracking cookies. Most of these laws require that websites obtain consent for their use.

Is Google phasing out tracking cookies?

Google had announced that its Chrome browser will begin blocking cross-site tracking cookies and replace them with more privacy-conscious technologies. The search engine has recently noted that it will extend its self imposed deadline of 2022 and will now look at 2023 for the phase-out. The timeline had to be pushed as Google cited the need for sufficient time to experiment and figure out a technology to address the concerns of regulators, publishers, advertisers and users.

What will replace third-party tracking cookies?

Google launched its Privacy Sandbox initiative to find a solution that enables users to personalize (or target) web ads while still preserving privacy. As part of this initiative, it proposed an alternative for third-party cookies — Federated Learning of Cohorts (FLoC).  After experts raised concerns that FLoC could be combined with people’s personally identifiable information, Google decided to retire the proposal.

In 2022, Google introduced Topics API to replace FLoC. Under this proposal, browsers will collect up to five user interests per week based on web activity such as “fitness”, “autos & vehicles” out of the  350 interest groups classified by the Topics API. Each week, a browser would select five topics per person and each topic is then kept for three weeks.