Tracking Cookies 101

A Guide to Tracking Cookies

Last updated on October 13, 2021|Published on September 2, 2021

During the turn of the millennium, advertisers started adopting tracking cookies because it gave them an easy way to reach their target audience on a larger scale. But over time, tracking cookies have fallen from grace, as user privacy took a centre stage. 

This blog will discuss what tracking cookies are, how they work and how you can block them as an end-user as well as a website owner or publisher.

What are tracking cookies?

Tracking cookies are cookies that are either set on a user’s web browser by the website they are on or a third party. These cookies track the user’s online behaviour i.e. collect their data, such as clicks, shopping preferences, device specifications, location, and search history. This data helps in targeted advertising and gathering website analytics. 

First-party tracking cookies are used to track the visitor’s surfing behaviour on the website, to remember user activity over multiple visits etc. This information is used to optimize user experience in their subsequent visits. For instance, you may have seen links to the pages you visited recently on the same website. This is enabled by first-party cookies. 

What are third-party tracking cookies?

Third-party tracking cookies are created by an external server via a piece of code loaded on the website you are browsing. Third-party cookies are usually created by advertisers, data aggregators and other websites and are set through display ads, social media plugins, live-chat popups or web analytics tools used by a website. 

Third-party trackers (or cookies) can then be accessed by the third party that creates them and since they share information across websites, they are also known as cross-site cookies. Third-party tracking cookies are then used extensively for online advertising and retargeting. 

What information do tracking cookies collect?

Since tracking cookies are often used to advertise products and services to users, they mostly store information about user’s online browsing activity. Tracking cookies can collect information about all the sites you visit, the pages you looked at within a website, products you might have clicked on, purchases that you’ve made, etc, IP address, and your geographic location.

Advertisers use this information to serve you custom ads across the web and in your social media feeds. 

Are tracking cookies dangerous?

It depends. You could be searching for running shoes and you may come across a shoe ad that is in tune with what you are searching for. Good deal, right? When used for legitimate marketing and advertising purposes, tracking cookies can give us personalized ads and suggestions that can be useful.

However, third parties — affiliate networks and advertisers like Google, Facebook, Amazon, Quantcast use cookies, and other data tracking methods, to collect users’ data without our consent. Over time, tracking cookies can collect a lot of personal information and behavioural data — they can learn about your location, device information, purchase history, search queries, and much more.

Since advertisers can easily gather basic data without users even consenting to it, tracking cookies have a bad rap. Users have raised privacy concerns and object to being tracked by third-party software of any kind.

Does your website use tracking cookies?

If you are a web publisher or website owner, you should be aware of all the cookies set by your website, especially third-party cookies. Often, websites are not aware of all third parties permitted to create and store cookies on a user’s browser. You can use a free cookie scanner and get an audit report of the cookie categories, all the cookies set by your website, their purpose, domain and duration.

As the information collected via cookies have raised privacy concerns over the years, some laws regulate their usage. The two notable ones are the General Data Protection Regulation (GDPR) in the European Union and the California Consumer Privacy Act (CCPA) in the US.

GDPR and cookies

The GDPR requires user permission to collect their personal information, including data collected from online identifiers like cookies. Therefore cookies are subject to the GDPR’s standards of consent. Under Article 4(11) of GDPR, consent of the user means any freely given, specific, informed and unambiguous indication given by a clear affirmative action. Hence, websites are required to ask for user’s consent before setting cookies on their browser. 

The ePrivacy Directive or EU cookie law which predates the GPPR also requires websites to obtain user consent for cookies except used to facilitate communication over a network and strictly necessary cookies.

A simple cookie banner from CookieYes with cookie categories. 

CCPA and cookies

CCPA does not directly regulate the use of cookies. However, the personal information of CCPA includes unique identifiers like cookies and information regarding a consumer’s interaction with a website, application, or advertisement through browsing habits, search history etc. 

This means that cookies used behavioural advertising may constitute a sale that comes under the purview of CCPA. To avoid any risk, websites that use third-party cookies for advertising should:

  • Ask for consent via cookie banner or
  • ​​Disclose the sale of information and offer an opt-out ‘Do Not Sell My Personal Information’ link
A simple CCPA opt-out notice from CookieYes.

How to obtain consent for cookies with CookieYes

Websites should display a cookie popup or banner that allow users to opt-in or consent to the use of cookies.  Consent should be explicit, implicit consent or soft opt-in is invalid as per EU’s privacy regulations. 

CookieYes is a cookie consent solution that will help your website obtain consent for cookies and achieve GDPR cookie consent. CookieYes will help you implement foolproof cookie consent on your website.

With CookieYes, you can tick off the cookie compliance checklist below:

  • Display cookie banner or CCPA opt-out notice on user’s first visit to a website
  • Provide clear information about cookie usage and its purpose
  • Provide option to accept or decline cookies via ‘accept’ and ‘reject’ button
  • Provide option to give granular consent to separate cookie categories
  • Include information about cookie categories, the purpose of each cookie, their duration and their domain (who they are set by)
  • Link to a detailed cookie policy
  • Provide users with an easy way to revoke consent after giving it
  • Record all user consents for proof of consent
  • Auto-block third-party cookies and scripts till the user gives consent
  • Support the browser’s DNT (Do Not Track) status

How to block third-party cookie scripts with CookieYes

Website owners cannot always control cookies set by third parties because these cookies may have other cookies nested inside them. Note that a third-party tool used on your website may be using third-party cookies of their own, so the chain of cookies can be endless. That’s why it’s important to implement autoblocking of third-party scripts.

CookieYes can automatically block cookies from being set on user’s devices. When you scan your website with CookieYes, all the cookies and scripts on your site will be categorized and third-party scripts like Google Analytics and Facebook Pixels will be blocked from being set until the user gives consent.

You can Sign up on CookieYes, initiate a scan from your dashboard. That’s it! CookieYes will do the work for you. You can also manually add third-party scripts that need to be blocked.

If you are using Google Tag Manager to include scripts on your website, you will have to manually block via your Google Tag Manager account. Read this Guide to block third-party cookies on Google Tag Manager

Auto-block third-party scripts and manually add custom scripts to block using CookieYes.

How to block tracking cookies on your browser?

If you are concerned about tracking cookies, you can implement settings on your browser to mitigate tracking. Apple’s Safari browser and Mozilla’s Firefox browser already block third-party tracking cookies, while Google Chrome has announced a third-party cookie phaseout by 2023. 

Here’s how you can block cookies on different browsers and enable additional privacy settings.

Google Chrome

In Chrome, click on the three dots in the top right corner, then select: Settings> Privacy and security > Cookies and other site data


Safari blocks cookies used for cross-site tracking by default. You can also block all cookies on the browser,  open Safari select: Preferences > Privacy


By default, Firefox blocks third-party tracking cookies, social media trackers crypto miners etc. For enabling additional settings, go to the menu bar on the top-right corner, select:

Settings > Privacy & Security

FAQ on tracking cookies

What are cookies?

Cookies are small text files that store information in your browser. When the user visits a website it might store some cookies to recognize the user in future visits. When you visit that website again, it will remember you from your last visit. These cookies remember your preferences, language, login details, customize your browsing experience and display targeted ads. 

How do tracking cookies work?

Here’s how cookie tracking works. You visit a site, a third-party advertiser leaves a cookie on your browser. The cookie which contains a unique identifier will follow you around the web. It will collect information about all the sites you visit, the pages you looked at within a website, products you might have clicked on or purchases that you’ve made etc. Advertisers use the information collected via tracking cookies to serve users custom ads across the web and in their social media feeds.

What are some tracking cookie examples?

Examples of first-party tracking cookies include Google Analytics cookies (​​mainly _utma,_utmb, _utmc, _utmz) that are used to track a website’s visitors. Third-party tracking cookies are set by advertising networks such as doubleclick.net, amazon-adsystem.com, Facebook pixels, quantserve.com smaato.net, addthis.com, taboola.com and so on.

What is the Do Not Track setting?

Do Not Track is a web browser setting that enables users to opt-out of tracking by websites they do not visit. When you enable the Do Not Track (DNT)  in your browser’s settings, your browser adds a Do Not Track request header.  to all of your web traffic. This tells websites that you don’t want them to track you i.e. you don’t wish for tracking cookies from analytics or advertising networks to gather data about your browsing habits. Google Chrome, Mozilla Firefox, and Microsoft Edge are browsers that support DNT.

Is Google phasing out tracking cookies?

Google had announced that its Chrome browser will begin blocking cross-site tracking cookies and replace them with more privacy-conscious technologies. The search engine has recently noted that it will extend its self imposed deadline of 2022 and will now look at 2023 for the phase-out. The timeline had to be pushed as Google cited the need for sufficient time to experiment and figured out a technology to address the concerns of regulators, publishers, advertisers and users.

What will replace third-party tracking cookies?

Google launched its Privacy Sandbox initiative to find a solution that enables users to personalize (or target) web ads while still preserving privacy. As part of this initiative, it proposed an alternative for third-party cookies — Federated Learning of Cohorts (FLoC).  As per Google, it is a “privacy-first” and “interest-based” advertising technology which can track user’s browsing habits and place the user in various “cohorts” based on it. Advertisers will then target their ads to cohorts, rather than individual users. 

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.