What’s the difference between first- and third-party cookies?

The details are in the domain…

David bisson
David Bisson
@
@DMBisson

What's the difference between first- and third-party cookies?

We have written a lot about cookies and what they mean for web users.

We began by discussing how web browsers store cookies to augment users’ browsing experiences and how deleting these pieces of data can work in the interest of users’ privacy and computing speed. Next, we followed up this discussion with a series of guides covering how users can delete their cookies, cached data, and history from some of the most common web browsers like Mozilla Firefox, Google Chrome, and Microsoft Edge.

In our guide for Internet Explorer, we discussed how users could choose to block first- and/or third-party cookies. This begs the question: what defines the “party” of a cookie? Let’s get into the difference between first- and third-party cookies now.

Sign up to our free newsletter.
Security news, advice, and tips.

A Cookie’s “Party” Boils Down to Its Domain

To be fair, third-party cookies aren’t any less cookies than first-party cookies. They’re both data files that web browsers save to a user’s computer in order to track their site preferences, login status, and information regarding active plugins. The difference between them boils down to what domain created the cookies in the first place.

A first-party cookie refers to a cookie created by the domain that a web user is visiting. When a user clicks on Amazon.com from a web browser, for example, that browser sends a web request in the first context, a process which entails a high level of trust that the user is directly interacting with Amazon.com. The web browser subsequently saves this data file to the user’s computer under the “amazon.com” domain.

Most web browsers come with first-party cookies enabled. Why? Because the alternative can be frustrating for some users. PCMag elaborates on this point:

“If you were to disable first-party cookies, a website could not keep track of your activity as you move from page to page. For example, you would be unable to purchase multiple items online in the same transaction. Each time you added something to the cart from another page on the site, it would be treated as a new order.”

03 14 11 ie cookies1
Internet Explorer 8 cookie settings. (Source: CNET)

Knowing what we now understand about first-party cookies, it’s not hard to figure out what third-party cookies entail.

These data files owe their creation to a domain name that is not the principal domain name (the website in the address bar). Advertising networks are the most common begetters of third-party cookies; they use them to track a user across multiple websites, activity which they can then use to tailor their ads. Images, JavaScript, and iframes also commonly lead to the birth of third-party cookies.

Needless to say, users don’t take to third-party cookies as kindly as they do first-party cookies. Why? Many view them as an infringement of their privacy and a threat to their digital security.

As a result, some users employ plugins like AdBlock Plus and NoScript to prevent things like ads and JavaScript from loading on a website, thereby deterring the creation of third-party cookies. More commonly, they use guides such as ours to configure their browsing settings so that their web browsers block or clear them.

Whether to allow first- and/or third-party cookies is ultimately up to you. Just make sure you use a web browser that allows you to disable the collection of these data files should you so choose.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “What’s the difference between first- and third-party cookies?”

  1. Dguilliams

    My Healthcare Company, AETNA, requires me to use third party cookies to access my health policy and information regarding my prescription and benefits. Is this legal?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.