Identity Resolution Demystified: 1st vs 3rd Party Cookies

What are cookies? 

Every time you revisit a site and don’t need to sign in again or when you see an ad from one site you visited on another publisher’s page, you have cookies to thank for that. Cookies allow sites to track online users’ behaviors, providing a more personalized user experience.

To define that further, a cookie is a small text file that contains a website domain, along with letters and numbers that are code for something else like an audience segment. For example, that segment could be 25- to 35-year old women with children. 

Most are familiar with the general idea of cookies, but not all cookies are the same. They break down further into first- and third-party cookies.

Both first- and third-party cookies track audiences, but they are collected and used in different ways. We’ll explain how both types of cookies work and what the future looks like for these options.

First-party vs. third-party cookies

Let’s start by defining both types of cookies and how they’re used before breaking down the differences further:

  • First-party cookies are ones that are directly stored by the website users visit. They keep users logged in, remember if they have things in their carts, power web analytics, remember language settings, and perform other functions that improve the user’s experience. First-party cookies are not going to be phased out.
    Example: Amazon sets a first-party cookie on you when you use their site.
  • Third-party cookies — often called tracking cookies — are used to identify users from across different websites. These are created by domains that aren’t the website the user is visiting, usually placed on a website via a script or tag. The third-party cookie is accessible on any website that loads the third-party server’s code. These are most commonly used for cross-site or behavioral tracking and retargeting. Unlike first-party cookies, these will be phased out.
    Example: Google’s DoubleClick network is a tracking network on 14 million websites that serve retargeting ads across the internet. In practice, what this means is if, for example, you look at a TV on, you may then see ads for that TV on another site like (a Google DoubleClick customer).

First- and third-party cookies are the same kind of files, so the differences come from how they are created and used. First-party cookies are generated by the host domain and work on that main domain only. Third-party cookies, on the other hand, are loaded by third-party servers and are mainly used for tracking and online advertising.

Though users can always block cookies, first-party cookies are supported on all browsers. Third-party cookies used to be supported by all browsers, but that has changed — and that trend will continue until they are completely depreciated. Also, if visitors use an incognito window, that will also cause the third-party cookies not to load.

Looking ahead

As we’ve mentioned, third-party cookies are on their way out — though not as quickly as once predicted. Safari and Firefox have killed them off already. Google originally planned to deprecate third-party cookies by Q2 2022, but they have recently decided to delay this for another two years

Still, they won’t be around too far into the future, and it’s safe to say the vast majority of marketers aren’t ready for that shift.

When that change happens, Giants like Facebook, Google, and Amazon will have more power than they already do, still holding the data to know what users do and what their interests are.

That poses several problems — one of the biggest being the uncertainty it causes. There will be no more tracking of cross-website behavior, which will result in publishers’ ad inventories becoming much less valuable to brands. 

That’s due to the fact that all web traffic becomes un-targeted because you don’t know what that visitor has been doing or looking at. Tracking is the only way publishers are currently staying in business. So when third-party cookies are gone, publishers will be left figuring out how to supplement lost data and revenue.

A possible alternative could be an authenticated traffic solution (ATS), with publishers encouraging users to authenticate with the ATS that can be linked to identity graphs.

It’s unclear what the future looks like, except for the fact that third-party cookies will be going away at some point. But for publishers across the internet, it’s a very scary unknown.

Table of Contents