Third-party cookies

What are cookies?

Cookie is a cute name for what is basically a text file. When you visit a web site, the web site may want to ask your web browser (such as Chrome or Firefox or Internet Explorer) to create a text file to store some useful information. This information can only be read by the web site that created the information in the first place. This is the concept behind internet cookies.

When you visit a domain such as www.somedomain.com, the somedomain.com server may ask your browser to set a cookie. This is a first-party cookie, because it is set by the domain you have chosen to visit. First-party cookies are vital to many of the biggest websites. They are usually a good thing, allowing a site to remember that you've logged in, or to remember what items you've added to a shopping basket.

Third-party cookies

But when you visit a domain such as www.somedomain.com, the web pages on that domain may feature content from a third-party domain. For instance, there may be an advertisement run by www.anotherdomain.com showing graphic advert banners. When your web browser asks for the banner image from www.anotherdomain.com, that third-party domain is allowed to set a cookie. Each domain can only read the cookie it created, so there should be no way of www.anotherdomain.com reading the cookie created by www.somedomain.com. So what's the problem?

Some people don't like third-party cookies for the following reason: suppose that the majority of sites on the internet have banner adverts from www.anotherdomain.com. Now it's possible for the advertiser to use its third-party cookie to identify you as you move from one site with its adverts to another site with its adverts.

Even though the advertiser from www.anotherdomain.com may not know your name, it can use the random ID number in the cookie to build up an anonymous profile of the sites you visit. Then, when it spots the unique ID in the third-party cookie, it can say to itself: "visitor 3E7ETW278UT regularly visits a music site, so show him/her adverts about music and music products".

Some people don't like the idea of advertising companies building up profiles about their browsing habits, even if the profile is anonymous.

Blocking third-party cookies

A web browser such as Firefox, Chrome, Safari, Internet Explorer, or Opera will allow you to choose how you want it to respond to a request to set a cookie. You can tell your browser to block third-party cookies, tell it to ask you each time, or tell it to allow them every time.

Note that you can also tell your web browser to block first-party cookies (set by the site you chose to visit), but this may make it difficult to use web forums, shopping sites, and any site that relies on cookies to let you login.

Blocking third-party cookies should have no ill effect to you, however. If you want to deny third-party cookies and you're using one of the more popular web browsers, follow the instructions for your browser below.

Blocking third-party cookies in Firefox

Firefox is my favourite web browser, and it's the browser I recommend to everyone. To block all third-party cookies when using Firefox, follow these steps:

screenshot: The menu button at the top-right of the Firefox browser window.
The menu button is in the top-right of the Firefox window.
  1. If you're using Firefox 29 or newer (and you should make sure you're always using the latest available version of a web browser), click the menu button (in the top-right of the window) then click on Preferences.
  2. On the left of the window that appears, click on the Privacy link.
  3. To block third-party cookies, look down the page until you find the line which says "Accept third-party cookies" and then change the value in the drop-down menu so that it says "Never".
  4. Once you've chosen the setting you want, you can close the Preferences tab, or simply visit another website. The changes you've made will be remembered.

Allowing only first-party session cookies in Firefox

If you're also worried about first-party cookies, then the following is even stricter:

  1. Follow the steps above to get to the Firefox Privacy page.
  2. Find the line which says "Keep until" and change the value so that it says "I close Firefox". This tells Firefox to discard first-party cookies each time you close Firefox.
  3. Click the Exceptions button on the right.
  4. For each site that you do want to be allowed to store cookies even after you close Firefox, type in the domain or sub-domain name (such as yahoo.com or mybank.co.uk, etc) and then click the Allow button.
  5. Click Save Changes if you're happy with your changes, or Cancel if you want to discard the changes you've made.

This method is not automatic, because you have to tell Firefox which domains you want to allow to store cookies for longer than one session. For instance, if you use My Yahoo! as your home page, you will probably need to Allow "yahoo.com" and also "my.yahoo.com" in the Exceptions list, so that your login cookie is remembered even after you close Firefox. Otherwise you'll have to login with your username and password each time you open the browser. So this method requires a little more work, but it does mean that any domain not in your allowed list will have its cookies cleared every time you close Firefox.

Blocking third-party cookies in Chrome

I'm not a big fan of Chrome, but if you are using this browser and want to block third-party cookies, here's what you need to do:

  1. Click on the spanner icon in the top-right of the window, and then click on Options in the menu that appears.
  2. In the options window, click on the Under the Bonnet tab, then click the Content settings button at the top of the page.
  3. Click on the Cookies tab.
  4. Put a tick in the box labelled Block all third-party cookies without exception.
  5. Click Okay repeatedly to exit the options windows.

If privacy is your concern, you should probably take a look at the Google Chrome Privacy Policy too, which suggests that Chrome sends a lot of usage data to Google for various purposes.

Blocking third-party cookies in Safari

Third-party cookies appear to be blocked by default in Safari. But, should you want to check or change the setting, here's how to block third-party cookies in Safari:

  1. Click the gear icon at the top-right of the window, and then click on Preferences in the menu that appears.
  2. Click on the Security tab.
  3. Make sure that under Accept cookies the selected option is Only from sites I visit.
  4. On the same page, you might want to consider removing the tick from the box labelled Allow websites to ask for location information.
  5. Click Okay repeatedly to exit the options windows.

If privacy is your concern, you should probably take a look at the end user agreement for Safari, because it suggests that Safari sends a lot of usage data to Apple for various purposes. You may also want to disable the location feature, which readily sends your geographic location to websites you visit and online applications you use.

Blocking third-party cookies in Internet Explorer

If you're using Internet Explorer you can block third-party cookies by doing the following:

  1. Open the Tools menu on the menu bar (which in Internet Explorer 9 appears as just a cog icon immediately below the window-close button) and then click Internet Options.
  2. Select the Privacy tab in the top row of the options dialogue.
  3. Click the Advanced button.
  4. A window about cookies will appear. Make sure the box labelled Override automatic cookie handling has a tick in it. You can now choose what the browser does when it is asked to set each type of cookie. To block third-party cookies, just select the Block option in the Third-party Cookies column on the right.
  5. If you wanted to be asked each time, select Prompt instead of block. This might quickly drive you mad, though.
  6. Once you've chosen your settings, click Okay at the bottom of the small dialogue, then Okay at the bottom of the main options dialogue.

Blocking third-party cookies in Opera

Opera is an excellent choice for people who need more accessibility options. To block third-party cookies in Opera:

  1. Open the Tools menu on the menu bar and click Preferences...
  2. Select the Advanced tab in the top row of the options dialogue.
  3. Select Cookies in the column on the left.
  4. Make sure that the button labelled Accept only cookies from the site I visit is the one selected.
  5. If you want to be asked before each cookie is set, tick the box labelled Ask me before accepting cookies (but be warned that this will happen a lot).
  6. Once you've chosen your settings, click Okay at the bottom of the options dialogue.