DEV Community

Cover image for Why blocking 3rd party cookies won't stop adtech
Patryk Kalinowski
Patryk Kalinowski

Posted on • Originally published at

Why blocking 3rd party cookies won't stop adtech

There are lot of misconceptions how 3rd party cookies affect website analytics and if marketing teams should be worried when they are being blocked.

I tried to explain inner workings of all this fuss as simple as possible.

Behold, 3rd party cookies for dummies:

3rd party cookies

When you visit which has tracking code, this code asks domain for cookie (VisitorID: 123). Since you are on, is third party domain and adtech cookies are third party cookies.

Tracking script then gathers some data on you and sends information to server:

event_type: pageview
visitorID: 123 knows that user with VisitorID = 123 visited page X.html on

Next, you go to which is part of the same network. Script takes third party cookie from and sends back this information:

event_type: pageview
visitorID: 123 knows that user with VisitorID = 123:

  • visited page X.html on
  • visited page Y.html on

And so on, and so on...

What is, you ask? It's Facebook, Google, Twitter, LinkedIn and thousands of others. Tracking code is a Like button, Follow button, Retweet button, Adwords ads - basically everything which originates from those servers.

What happens when we block 3rd party cookies

You visit and tracking code asks for VisitorID cookie, but the request is blocked by browser. Tracking code is unable to get global unique visitor ID, so now it has to set up a first party cookie belonging to domain

This is being sent to

event_type: pageview
visitorID: AAA knows that user with VisitorID = AAA visited page X.html on

Next, you go to and again, tracking code can only create VisitorID cookie specific to only: BBB on image above. What's important, that cookie will be different from the one on

event type: pageview
visitorID: BBB

Now, instead of having one user with ID = 123 visiting two websites, knows about two separate users visiting two different websites. Privacy saved once again.

Why it won't really work

Cookies are very easy and reliable solution to pass data between domains. They require almost zero computing power and are part of network protocols themselves.

Since cookies will be blocked, Adtech companies will start using different solutions to identify users. One of those is fingerprinting.

Fingerprinting uses the fact that no computer is the same. You can have 100 users on Chrome, but 30 of them are on Macbooks, 20 on Android phones and 50 on Windows.

All those people have different screens with different resolutions, different fonts installed. They are in different cities and countries, too. IP address is different for every user.

In short, every visitor is unique anyway. Now, instead of setting up a third party cookie within 1ms and zero computing power, adtech companies will deploy various fingerprinting solutions generating unique IDs anyway, but for the price of slower loading times, increased computation (which burns through your battery) and less pleasant experience in general.

Adtech is worth billions of dollars, so we can expect more and more nasty tactics.

Will it affect my Google Analytics?

No. All analytics tools use first party cookies, as there is no need to know if users from WebsiteA visit other websites. First party cookies are enough to track every activity on one website.

Discussion (1)

_fones profile image
Wojtek Grześkowiak

Google says it will block fingerprinting as well. There will be random noise injected into web components fingerprinting is run at. So there will be no other way to follow users across domains.