Third-party cookie deprecation
Third-party cookie deprecation refers to browsers blocking or phasing out cookies set on domains other than the site a user is visiting. Safari and Firefox already block them by default; Chrome has documented its own plans and shipping changes. This page explains the state of play and what it means for analytics that relied on cross-site cookies.
Where the engines stand
Safari, via Intelligent Tracking Prevention, blocks third-party cookies by default. Firefox, via Total Cookie Protection / Enhanced Tracking Protection, partitions and blocks them by default. Google has published plans and shipped changes for Chrome through its Privacy Sandbox programme, and its public position on third-party cookies has evolved — always check the current Chrome and Privacy Sandbox documentation rather than relying on a past date.
- Safari ITP: third-party cookies blocked by default
- Firefox ETP: third-party cookies partitioned/blocked by default
- Chrome: see current Privacy Sandbox and Chrome docs
What it breaks and the durable path
Measurement that depended on a shared third-party cookie across sites — cross-domain user stitching, view-through attribution, third-party remarketing — degrades as those cookies disappear. First-party measurement (a cookie or identifier scoped to the visited site, or cookieless event counting) is unaffected by these blocks because it never relied on cross-site cookies in the first place. Proposed replacements for specific ad use cases live in the Privacy Sandbox APIs.
How it appears in analytics and logs
Gaps in cross-site reporting — missing cross-domain users, broken remarketing audiences — often trace back to third-party cookies being blocked rather than to a tagging bug.
Diagnostic use case
Audit which of your analytics and ad integrations depend on third-party cookies so you can move that measurement to first-party or consented alternatives before it breaks.
What WebmasterID can help detect
WebmasterID measures with first-party events only, so its counts do not degrade as browsers remove third-party cookies.
Common mistakes
- Assuming first-party cookies are affected the same way as third-party ones.
- Treating a single browser's timeline as the state of all browsers.
- Relying on a fixed deprecation date instead of current docs.
Privacy and accuracy notes
This page is educational and not legal advice. Deprecating third-party cookies reduces cross-site tracking but does not by itself satisfy any specific legal obligation.
Related pages
- Safari ITP and analytics privacy
Intelligent Tracking Prevention (ITP) is WebKit's privacy feature that partitions and limits storage to stop cross-site tracking in Safari. It blocks third-party cookies, caps script-set first-party cookie lifetimes, and constrains other client-side storage. This page summarises ITP's documented behaviours and what they mean for measuring audiences.
- Firefox Enhanced Tracking Protection
Enhanced Tracking Protection (ETP) is Firefox's default privacy defence: it blocks resources on a known-tracker list and, through Total Cookie Protection, partitions cookies into a separate jar per website so they cannot be shared across sites. This page explains what ETP blocks and how it shapes analytics data from Firefox users.
- Chrome Privacy Sandbox and analytics
The Privacy Sandbox is a set of Chrome web-platform APIs intended to support advertising and measurement use cases without cross-site tracking of individuals. It includes interest-based targeting, conversion measurement, and anti-abuse APIs that return aggregated or noised results rather than per-user identifiers. This page maps the pieces and what they mean for analytics.
- Privacy-first analytics
First-party measurement that survives cookie deprecation.
Sources and verification notes
- Google — Privacy SandboxChrome's programme and current position on third-party cookies.
- MDN — Third-party cookiesHow third-party cookies work and browser handling.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.