What's the difference between first- and third-party cookies?

The details are in the domain…

What's the difference between first- and third-party cookies?

We have written a lot about cookies and what they mean for web users.

We began by discussing how web browsers store cookies to augment users' browsing experiences and how deleting these pieces of data can work in the interest of users' privacy and computing speed. Next, we followed up this discussion with a series of guides covering how users can delete their cookies, cached data, and history from some of the most common web browsers like Mozilla Firefox, Google Chrome, and Microsoft Edge.

In our guide for Internet Explorer, we discussed how users could choose to block first- and/or third-party cookies. This begs the question: what defines the "party" of a cookie? Let's get into the difference between first- and third-party cookies now.

A Cookie's "Party" Boils Down to Its Domain

To be fair, third-party cookies aren't any less cookies than first-party cookies. They're both data files that web browsers save to a user's computer in order to track their site preferences, login status, and information regarding active plugins. The difference between them boils down to what domain created the cookies in the first place.

A first-party cookie refers to a cookie created by the domain that a web user is visiting. When a user clicks on Amazon.com from a web browser, for example, that browser sends a web request in the first context, a process which entails a high level of trust that the user is directly interacting with Amazon.com. The web browser subsequently saves this data file to the user's computer under the "amazon.com" domain.

Most web browsers come with first-party cookies enabled. Why? Because the alternative can be frustrating for some users. PCMag elaborates on this point:

"If you were to disable first-party cookies, a website could not keep track of your activity as you move from page to page. For example, you would be unable to purchase multiple items online in the same transaction. Each time you added something to the cart from another page on the site, it would be treated as a new order."

03 14 11 ie cookies1

Internet Explorer 8 cookie settings. (Source: CNET)

Knowing what we now understand about first-party cookies, it's not hard to figure out what third-party cookies entail.

These data files owe their creation to a domain name that is not the principal domain name (the website in the address bar). Advertising networks are the most common begetters of third-party cookies; they use them to track a user across multiple websites, activity which they can then use to tailor their ads. Images, JavaScript, and iframes also commonly lead to the birth of third-party cookies.

Needless to say, users don't take to third-party cookies as kindly as they do first-party cookies. Why? Many view them as an infringement of their privacy and a threat to their digital security.

As a result, some users employ plugins like AdBlock Plus and NoScript to prevent things like ads and JavaScript from loading on a website, thereby deterring the creation of third-party cookies. More commonly, they use guides such as ours to configure their browsing settings so that their web browsers block or clear them.

Whether to allow first- and/or third-party cookies is ultimately up to you. Just make sure you use a web browser that allows you to disable the collection of these data files should you so choose.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

No comments yet.

Leave a Reply