What are first-party cookies, and third-party cookies?

Cookies are small files stored on your computer when you visit a website. They store information about your visits, such as your preferred language and settings. Usually, marketers will distinguish between two different types of cookies - first-party and third-party cookies.

The most significant difference between first-party and third-party cookies is that first-party cookies are set by the website you're visiting, and data stays with the owner of that website.

In contrast, a third-party cookie is still set by the website you visit, but another service or website has created the cookie and thus owns it. The original website you visited will share that cookie and the data with the third party who made the cookie. 

What are first-party cookies?

First-party cookies are created and used on a single domain. In other words, they aren't shared with other websites or advertising partners. This means that first-party cookies can't be used to track your browsing activity across the internet.

Instead, they can store the information you enter on a website, such as your username and password. First-party cookies can only be read by the domain that sets them and cannot be read by other websites when the user navigates to other sites.

What are first-party cookies used for?

First-party cookies store information that is useful for the website visitor. This includes your sign-on credentials, things you put in the shopping cart, or your preferred language. They can also be used to track analytics data, providing website owners with important insights into how people use their site. Overall, first-party cookies help improve the user experience by providing relevant content on the website they visit. 

Umbraco community icon being assembled

What are third-party cookies?

Third-party cookies are created on one domain and shared across all third-party domains that use the same tracking code. Their primary function is to track user activity online and display advertisements based on that activity. 

What are third-party cookies used for?

Third-party cookies are often used to track your browsing activity across the internet. This means that they collect data about your online activity, even if you're not visiting the site setting the cookie.

For example, if you visit website A with a third-party advertising partner, that partner can place a cookie on your browser. Then, when you visit website B, the advertising partner can use the information in the cookie to serve you an ad for website A.

In the world of online advertising, third-party cookies are very widely used. By adding a cookie to a page, the advertising service can track users across many of the websites they use - as long as they share the third-party cookie from the advertising service. 

Different categories of cookies

We have previously established the topic of first-party and third-party cookies. But with the ever-increasing focus on the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), it’s important to distinguish between the cookie types and what kind of consent your website visitors give you to set and store cookies.
Four categories of cookies are often seen as the industry standard: necessary, preferences, statistics, and marketing.

  1. Necessary cookies are essential for the website's function and are automatically set by the browser. They include items such as session cookies and authentication cookies.
  2. Preferences cookies store information about a user's preferences, such as their language or location. This allows the website to provide a more personalized experience for the user.
  3. Statistics cookies track how users are using the website. Marketers often use this type of data to get insights on improving the website and making it more user-friendly.
  4. Marketing cookies track a user's online activity and display advertisements relevant to the user's interests. These types of cookies are used for cross-site tracking.


These categories of cookies are often used in cookie Consent Management Platforms (CMP), you have probably already interacted with the one we have on our website and accepted some of the categories. 

Screenshot of  the Umbraco.com cookie Consent Management pop-up

What impact does Intelligent tracking prevention (ITP) have on third-party cookies?

Apple's Safari browser, which is powered by the open-source web browser engine, Webkit, has long been a proponent of user privacy. In recent years, they have implemented several features that protect users from online tracking.

One such feature is Intelligent Tracking Prevention (ITP), which was introduced in Safari 11. ITP is a set of technologies that aim to reduce the ability of third-party cookies to track users across the web.

ITP works by placing limitations on how third-party cookies are used. For example, it prevents third-party cookies from being set in certain situations, such as visiting a website from a private browsing window.

ITP also limits the lifespan of third-party cookies. Typically, third-party cookies are stored on your browser for a period of time so that they can be used to track your online activity over an extended period of time. However, ITP limits the storage of third-party cookies to 24 hours. This means that after you visit a website, the third-party cookies set by that site will only be stored on your browser for 24 hours.

What is the future of first-party and third-party cookies?

The use of first-party and third-party cookies is likely to change as legislators and web users become more aware of the implications of third-party cookies.

First-party cookies will continue to be useful for storing information you enter on a website, such as your username and password. However, they won't be used for cross-site tracking or targeted advertising.

Some browsers are already blocking third-party cookies, and this trend will likely continue. This means that advertisers and publishers will need to find new ways to collect data about user activity and serve targeted ads.

One possible solution is to use first-party data collected by the website you're visiting. This data can be used to serve targeted ads without the need for third-party cookies.

Another solution is to use browser fingerprinting, which tracks user activity by collecting data about their browser and device. This data can then be used to serve targeted ads.

The future of first-party and third-party cookies is likely to change. As legislators and web users become more aware of the implications of third-party cookies, we'll see a shift towards using first-party data and browser fingerprinting.


Globe icon

Loved by developers, used by thousands around the world!

One of the biggest benefits of using Umbraco is that we have the friendliest Open Source community on this planet. A community that's incredibly pro-active, extremely talented and helpful.

If you get an idea for something you would like to build in Umbraco, chances are that someone has already built it. And if you have a question, are looking for documentation or need friendly advice, go ahead and ask on the community forums.

Want to be updated on everything Umbraco?

Sign up for the Umbraco newsletter and get the latest news and special offers sent directly to your inbox