Author: Kevin Clark

If you spend time in Chrome DevTools console tab you may have noticed these warnings “Third-party cookie will be blocked. Learn more in the Issues tab.”

In this post we’re going to cover some beginning details a website developer is considering. To be certain, there will be some nitty-gritty details not covered here, but it will give you a general lay of the land and link to further details. If you need to know more on what these cookies are, check out my other post: The State of Third Party Cookies in Browsers.

Third-party cookies are created by domains other than the one you are directly visiting. These cookies are mostly used for tracking users across different websites, enabling businesses to serve targeted advertisements based on browsing history and preferences. For more basic information, you can read this post.

Does My Site Have Affected Third-Party Cookies?

We have the problem, third-party cookies are going the way of the dinosaurs. Now, what needs to be done to assess the likelihood your site is affected? What steps may need to be taken to continue using the functionality they enable?

Testing Existing Cookies in Chrome DevTools

The easiest way to view cookies on a site and see if they will be blocked, either by browsers that currently block third-party cookies or browsers that may and are planning to block cookies in the future, is to:

1. Open up Chrome DevTools in the Chrome browser.
2. Click to open the Application tab.
3. Open up the Cookies section in the left-hand sidebar and select a domain.
4. From there, find the “Only show cookies with an issue” checkbox and mark it checked. This will filter down to only cookies which are currently blocked (in FF and Safari for example) and possibly will be blocked in the future (in Chrome and Edge for example).

If you right-click on one of the affected cookie rows, you’ll see you can select from “Show Requests With This Cookie” and “Show issue associated with this cookie”. 

The first option will bring you to the network tab, with the results filtered down to the requests where that cookie was used. The second will open up the Issues tab, which will list all the cookies that had issues on the page and all the requests that had issues.

Another, slightly more involved way of auditing cookies is to use Google’s Privacy Sandbox. It will give you more information on why the cookie would be blocked.

Once you’ve identified the cookies that will be affected, you’ll need to evaluate each one to determine the appropriate course of action.

In some cases, it might be a cookie that your site has issued, but was not specified as not cross domain during its setup.

In other instances, the cookie might have been set by a third party. For these, you’ll need to contact the respective company to find out their plans for adapting to the third-party cookie phaseout.

Options for Privacy Preserving Solutions

As usual there are different ways to address this issue with browsers implementing different specifications.

If your third-party cookies are utilized on a select few closely related websites, consider leveraging the Storage Access API and/or Related Website Sets to enable cross-site cookie access exclusively for those specific sites. 

The Storage Access API involves a user-friendly prompt asking for permission to allow third-party cookies on a case-by-case basis and is supported by all major browsers.

Think of Related Website Sets as an enhancement to the Storage Access API. It operates similarly, allowing cross-site cookie access, but without requiring user permission each time for sites within the set. This does not have cross browser support. It is currently only supported by Chrome and Edge using the requestStorageAccessFor API.

For third-party cookies that are directly tied to the main websites where they are created, you might want to consider using Cookies Having Independent Partitioned State (CHIPS), or partitioned cookies. This method involves adding a ‘partitioned’ attribute to your existing cross-site cookies, which then places them in a separate storage partition for each top level site. This setup allows unrestricted use of these cookies, although they remain isolated and cannot be shared with other sites. This is only supported in Chrome and Edge.

What are Third-Party Cookies?

Third-party cookies are small text files created by domains other than the one you are directly visiting. There are various reasons they are used:

1. Tracking and Analytics: Third-party cookies can track a user’s browsing activities across multiple websites. This data is valuable for analytics, helping website owners understand user behavior and improve their site’s performance and content.
2. Advertising: Perhaps the most well-known use of these cookies is in targeted advertising. Advertisers use these cookies to gather information about your interests based on the sites you visit and the actions you take. This allows them to show you more relevant ads across different websites, attempting to increase engagement and conversion rates.
3. Social Media Features: Websites might use them to enable social media functionalities, such as “Like” buttons, sharing capabilities, and other interactive elements that link back to social media platforms.
4. Content Personalization: Similar to advertising, third-party cookies can be used to personalize content across websites. For example, a news site might modify what you see based on the articles you’ve read on other sites.
5. Cross-Site Login: Some services use them to allow users to log in to various websites with the same credentials without having to authenticate separately on each site.

Why are Third-Party Cookies Being Phased Out?

Privacy.

Digital privacy has reached a tipping point and become a culturally visible concern.  Companies compiling detailed personal profiles with cookies has raised alarms about individual privacy rights. Third-party cookies, which track users’ across different sites, often without explicit consent or clear understanding from users, is an example of the lack of digital privacy that affects anyone using a browser.

This has led to laws and regulations like GDPR in the EU and CCPA in California that put strict requirements on how personal data can be collected, processed, and stored; consent must be clear before data can be used, and users have more control of their personal data.

Effects of Removing

Removing third-party cookies will significantly affect how websites track user behavior across the internet. Currently, many businesses rely on these cookies for targeted advertising and analytics. Without these cookies:

• Advertisers will find it harder to track user behavior across multiple sites.
• Publishers may see a decrease in advertising revenue, since personalized ads tend to generate higher revenue.
• Users will likely notice a difference in how personalized their web experiences are, with potentially fewer targeted ads.

The Current State of Third-Party Cookies

Some browsers have already cut out third-party cookies by default. The notable ones are Firefox and Safari.

Some browsers are slowly moving towards removing them. They are Chrome and Edge.

Let’s look at browsers North American market share for the last year ending April 2024. Data from Statcounter Global Stats.

• The gorilla in the room is Chrome, with a 51% average market share over the year. They have a detailed and current plan (it has been delayed multiple times) to phase out third-party cookies by early 2025. No matter your site, if you use them you need to look into this as you most likely have a large chunk of Chrome users.
• The browser with the largest share of use and has blocked third-party cookies is Safari, with a 31% average market share over the year.
• Microsoft’s Edge browser has about an 8% average market share, but by default they currently don’t block these cookies. Users can manually set cookies to be blocked, and they have started the process of warning users and developers that third-party cookies will be phased out.
• Firefox has about a 4% average market share and also blocks these cookies by default.

Your specific site browser percentages may differ, but you may already have some motivation to start implementing alternatives to third-party cookies.

Do you need help? We can do a technical audit and start the conversation.