Third-party cookie phase-out: current status
The phase-out of third-party cookies has unfolded unevenly across browsers. Safari (ITP) and Firefox (Total Cookie Protection) block or partition third-party cookies by default. Chrome originally planned to remove them via the Privacy Sandbox, but in 2024-2025 changed course toward a user-choice prompt rather than automatic deprecation. This page describes the data-model consequences even-handedly, not a timeline or winner. This page is educational.
Where each major engine stands
WebKit (Safari) has blocked third-party cookies by default for years through Intelligent Tracking Prevention. Firefox's Total Cookie Protection partitions third-party cookies into per-site jars by default, which neutralises cross-site tracking even where a cookie is set. Chromium-based browsers historically allowed third-party cookies; Google's Privacy Sandbox set out to remove them, but in 2024-2025 Google announced it would not auto-deprecate them and would instead introduce a user-choice experience. The practical state is a patchwork.
What it means for your data model
Because behaviour varies by browser and user choice, any analytics or advertising feature that relies on third-party cookies sees inconsistent coverage — present for some users, absent or partitioned for others. This is a structural reason to build measurement on first-party data you collect and control, which behaves consistently regardless of cross-site cookie policy. The Privacy Sandbox APIs (Topics, Attribution Reporting, Protected Audience) address advertising use cases via privacy-preserving mechanisms rather than cross-site cookies.
This page avoids any timeline claim; verify the current status against the sources, which evolve.
- Safari and Firefox: blocked or partitioned by default
- Chrome: shifted to a user-choice model, not auto-removal
- First-party data behaves consistently across all of them
How it appears in analytics and logs
If cross-site cookie-based features work for some visitors and not others, differing browser policies — not a bug — explain it; first-party data is consistent.
Diagnostic use case
Understand that cross-site cookie behaviour now differs by browser, so analytics that depends on third-party cookies behaves inconsistently across users.
What WebmasterID can help detect
WebmasterID's first-party, cookieless model is unaffected by third-party cookie changes; its data model never depended on cross-site cookies.
Common mistakes
- Assuming third-party cookies were uniformly removed everywhere.
- Building core measurement on cross-site cookies.
- Stating a fixed deprecation date that has since changed.
Privacy and accuracy notes
This page is educational, not legal advice. The trend reduces cross-site tracking; first-party, minimised measurement is unaffected by these changes.
Related pages
- Third-party cookie deprecation
Third-party cookie deprecation refers to browsers blocking or phasing out cookies set on domains other than the site a user is visiting. Safari and Firefox already block them by default; Chrome has documented its own plans and shipping changes. This page explains the state of play and what it means for analytics that relied on cross-site cookies.
- Partitioned cookies (CHIPS) in depth
Partitioned cookies, standardised as CHIPS (Cookies Having Independent Partitioned State), let a cookie opt into per-top-level-site storage with the Partitioned attribute. A cookie set by an embedded third party is then stored under a partition key tied to the top-level site, so the same third party cannot read it across different sites. This preserves legitimate cross-site embeds while removing the cross-site tracking ability. This page is educational.
- Chrome Privacy Sandbox and analytics
The Privacy Sandbox is a set of Chrome web-platform APIs intended to support advertising and measurement use cases without cross-site tracking of individuals. It includes interest-based targeting, conversion measurement, and anti-abuse APIs that return aggregated or noised results rather than per-user identifiers. This page maps the pieces and what they mean for analytics.
- Privacy-first analytics
First-party measurement is unaffected by cookie-policy changes.
Sources and verification notes
- Privacy Sandbox — The Privacy Sandbox timeline (Chrome status)Primary source for Chrome's evolving approach. Status changes over time.
- Mozilla — Total Cookie ProtectionPrimary description of Firefox's default cookie partitioning.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.