Third-party cookies provide an invasive way for websites to track what you do online. In this article, we look at what they are, how they work, and how you can block them on all major browsers.
Find out which browsers are best for your privacy
If you want to keep your online activity private, a virtual private network (VPN), such as Proton VPN, will prevent the websites you visit from knowing your IP address, the unique number assigned to your internet connection by your internet service provider (ISP).
This is good because websites can easily use your IP address to uniquely identify you, know your rough geographic location, and track you when you visit other websites.
However, your IP address is not the only way websites can track you across the internet. Despite the rise in browser and device fingerprinting, the most common method for such tracking is still third-party cookies.
What are cookies?
Cookies are small text files that are stored on your browser when you visit a website. When you revisit the website, it can retrieve and read its cookies, letting it remember things about you.
Cookies can perform many useful tasks, such as remembering that you’re logged in, what your preferences are, which language you speak, what’s in your shopping basket, and so on.
Cookies used by a website to facilitate and enhance its own functionality are known as first-party cookies. These are usually benign, and attempts to block them will likely reduce a website’s usability or even break it entirely. That’s why it’s not usually a good idea to block first-party cookies.
What are third-party cookies?
Much more insidious are third-party cookies. These cookies are stored on your browser by websites other than the ones you visit (in other words, by third parties). Their purpose is almost entirely to track your behavior on different websites.
These third parties are typically advertising companies such as Google, or social media networks such as Facebook, TikTok, and Twitter, all of which rely heavily on knowing as much about you as possible to keep you engaged and serve you with highly-targeted ads.
How do third-party cookies work?
Websites often host JavaScript from other (third-party) websites. Typical examples include social media Like buttons, third-party live chat support windows, and website analytics platforms such as Google Ads and Adsense (also run by Google).
Although these cookies can improve the functionality of a website, they can also expose your information to parties you didn’t even know were present. For example, if a website uses Google Analytics, that website can trace your activity on its site, but so can Google.
This allows whoever created the cookie in the first place to keep track of all the websites you visit, and often also what you did on those websites. If you visit a shopping website for example, third-party cookies can record which items you look at and pass this information on to its creators.
Cookies and EU law
The ePrivacy Directive (known often as the “EU cookie law”) came into effect in 2012. It requires all websites to ask anyone who visits them using a European Union (EU) IP address for explicit consent before placing cookies on their browser.
In theory, this should give EU citizens control over all third-party cookies placed on their browsers. However, this hasn’t been an effective policy for the following reasons:
- Not all websites respect the law.
- Many websites make it difficult to quickly block third-party cookies without blocking all cookies.
- Bombarded with extensive cookie consent options for every website they visit, many (if not most) people simply accept all cookies because it’s the easiest option.
Netshield Ad-blocker
If you have a paid Proton VPN plan, you can use our NetShield Ad-blocker feature. This DNS filter doesn’t specifically block third-party cookies, but it does block many of the third-party scripts that load cookies onto your browser.
Learn more about NetShield Ad-blocker
How to block third-party cookies on your browser
- Firefox (desktop)
- Firefox (Android)
- Firefox (iOS and iPadOS)
- Chrome, Chromium, Brave, and Opera (desktop)
- Brave (Android)
- Opera (Android)
- Microsoft Edge (Windows)
- Safari (macOS)
- All browsers (iOS and iPadOS)
- Vivaldi (desktop)
Firefox (desktop)
1. Go to ☰ → Settings → Privacy & Security → Browser Privacy → Enhanced Tracking Protection → Custom.
2. Ensure the Cookies checkbox is selected and select the level of cookie protection you’d like from the dropdown menu.
Firefox provides several options to block the worst types of third-party cookies, making it easier for you to protect your privacy without breaking the websites you visit. You can also just block all third-party cookies.
Firefox (Android)
1. Go to ⋮ → Settings → Privacy and security → Enhanced Tracking Protection → Custom.
2. Ensure the Cookies checkbox is selected and choose the level of cookie protection you’d like from the dropdown menu.
The Firefox Android app provides several options to block the worst types of third-party cookies, making it possible to browse privately without breaking the websites you visit. You can also block all third-party cookies.
A similar setting can be found on Firefox Focus for Android by going to ⋮ → Settings → Privacy and security → Cookies and Site Data → Block cookies.
Firefox (iOS and iPadOS)
On iOS and iPadOS, all third-party cookies should be blocked by default. However, Firefox and Firefox Focus on iOS/iPadOS have an additional setting:
1. Go to ☰ → Settings → Privacy →Tracking Protection → Strict.
This setting blocks a great deal more than just third-party-cookies, but the in-app documentation notes that it blocks “Cross-Site Trackers — These cookies follow you from site to site to gather data about what you do online. They are set by third parties, such as advertisers and analytics companies”.
You can find a similar setting in Firefox Focus for iOS by going to ⋮ → Settings → Tracking Protection → Enhanced Tracking Protection. Third-party cookies are not specifically mentioned, but you can block various trackers and scripts based on their purpose (advertising, analytics, and social blocking are enabled by default).
Chrome, Chromium, Brave, and Opera (desktop)
Go to ⋮ or ☰ → Settings (or Go to full browser settings on Opera) → Privacy and security → Cookies and other site data and select Block third-party cookies.
Brave (Android)
Go to ⋮ → Settings → Brave Shields and privacy → Block Cookies and select Block cross-site cookies.
As with all browsers on iOS and iPadOS, third-party cookies on Brave are blocked by default (see below). There is an additional option to block cross-site trackers (⋯ → Settings → Brave Shields & Privacy → Block Cross-Site Trackers).
Opera (Android)
Go to Settings (gear icon) → Privacy → Cookies and select Enabled, excluding third-party.
Microsoft Edge (Windows)
1. Go to ⋯ → Settings → Cookies and site permissions → Cookies and data stored → Manage and delete cookies and site data → Block third-party cookies.
Safari (macOS)
Safari on macOS blocks all third-party cookies (and many other forms of cross-site tracking) by default. To check this, open Safari and go to the macOS menu bar → Safari → Settings → Privacy tab and ensure Website tracking: Prevent cross-site tracking is enabled.
By default, macOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it in the Privacy tab by unchecking Web advertising: Allow privacy-preserving measurement of ad effectiveness.
iOS and iPadOS (all browsers)
As part of the WebKit engine that all browsers on iOS and iPadOS must use, all third-party cookies are blocked by default on iOS 14+ and iPadOS 14+. To check this setting is enabled, go to Settings → [your browser] → and Allow Cross-Website Tracking is switched off.
Safari on iOS and iPadOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it by going to Settings → Safari → Privacy & Security and toggling the Privacy Preserving Ad Measurement switch off.
Vivaldi (desktop)
Go to Settings (gear icon to the bottom left) → Privacy and Security → Third-Party Cookies and select Block All.
Final thoughts
Blocking third-party cookies in your browser is an important part of preserving your privacy online. Other important steps you can take are:
- Use a VPN (such as Proton VPN) to hide your real IP address
- Use a script-blocker (such as Proton VPN’s built-in NetShield Ad-blocker feature) to prevent advertising, trackering, and other malicious scripts on web pages
- Use a browser that is resistant to fingerprinting. Fingerprinting is hard to block, but some are better at it than others.
Frequently asked questions
How can I tell that websites use third-party cookies
It is easy to see what third-party cookies are hosted on a web page using the Chrome browser. Hit F12 to open Developer Tools and go to the Application tab (you may need to click ≫ to see it) → Storage → Cookies.
Any cookies that belong to domains other than the website you’re visiting are third-party cookies.
This example shows a reddit page that hosts a third-party cookie from Twitter.
Can third-party cookies be useful to the user?
The scripts that set third-party cookies can be useful. For example, scripts that load a live chat support window make it easier for you to get help. Third-party cookies themselves, however, are almost invariably used by advertisers to track your browsing history and online activity (with the end goal of using that data to show you personalized ads)..
These tracking cookies offer you no benefit besides (questionably) more relevant ads.
Are third-party cookies safe?
Cookies are safe in that they cannot carry viruses or other malware, so they can’t directly harm you or your device. The danger they represent is to your online privacy — they allow advertisers and social media services to identify you, track your online activities, and even to monitor your interactions on websites (for example, by logging everything you look at on a website).
Do I need to block third party cookies and use NetShield Ad-blocker
It’s a good idea. NetShield Ad-blocker blocks scripts from a list of domains that we consider to be actively malicious, or simply of no value to most people who use Proton VPN.
However, it doesn’t block domains that people actually want to use, such as Twitter or Facebook, and so does not block all third party cookies.
On the other hand, NetShield Ad-blocker can block many non-cookie-related scripts that can track you in other ways (such as fingerprinting) or which may otherwise harm you (such as scripts that inject malware onto your device).
In addition to this, NetShield Ad-blocker helps protect your entire internet connection, not just threats from inside your browser. For example, mobile games often load ads from third-party domains. NetShield Ad-blocker can block these, but changing the cookie preferences in your browser won’t.
We therefore recommend blocking third party cookies in your browser and also using NetShield Ad-blocker.