Third-party cookies provide an invasive way for websites to track what you do online. In this article, we look at what they are, how they work, and how you can block them on all major browsers. 

Find out which browsers are best for your privacy(new window)

If you want to keep your online activity private, a virtual private network (VPN), such as Proton VPN, will prevent the websites you visit from knowing your IP address, the unique number assigned to your internet connection by your internet service provider (ISP). 

This is good because websites can easily use your IP address to uniquely identify you, know your rough geographic location, and track you when you visit other websites.

However, your IP address is not the only way websites can track you across the internet. Despite the rise in browser and device fingerprinting(new window), the most common method for such tracking is still third-party cookies. 

What are cookies?

Cookies are small text files that are stored on your browser when you visit a website. When you revisit the website, it can retrieve and read its cookies, letting it remember things about you. 

Cookies can perform many useful tasks, such as remembering that you’re logged in, what your preferences are, which language you speak, what’s in your shopping basket, and so on.

Cookies used by a website to facilitate and enhance its own functionality are known as first-party cookies. These are usually benign, and attempts to block them will likely reduce a website’s usability or even break it entirely. That’s why it’s not usually a good idea to block first-party cookies. 

What are third-party cookies?

Much more insidious are third-party cookies. These cookies are stored on your browser by websites other than the ones you visit (in other words, by third parties). Their purpose is almost entirely to track your behavior on different websites.

These third parties are typically advertising companies such as Google, or social media networks such as Facebook, TikTok, and Twitter, all of which rely heavily on knowing as much about you as possible to keep you engaged and serve you with highly-targeted ads.

Get Proton VPN!

How do third-party cookies work?

Websites often host JavaScript from other (third-party) websites. Typical examples include social media Like buttons, third-party live chat support windows, and website analytics platforms such as Google Ads(new window) and Adsense(new window) (also run by Google). 

Although these cookies can improve the functionality of a website, they can also expose your information to parties you didn’t even know were present. For example, if a website uses Google Analytics, that website can trace your activity on its site, but so can Google(new window)

This allows whoever created the cookie in the first place to keep track of all the websites you visit, and often also what you did on those websites. If you visit a shopping website for example, third-party cookies can record which items you look at and pass this information on to its creators. 

Cookies and EU law

The ePrivacy Directive(new window) (known often as the “EU cookie law”) came into effect in 2012. It requires all websites to ask anyone who visits them using a European Union (EU) IP address for explicit consent before placing cookies on their browser. 

In theory, this should give EU citizens control over all third-party cookies placed on their browsers. However, this hasn’t been an effective policy for the following reasons: 

  • Not all websites respect the law. 
  • Many websites make it difficult to quickly block third-party cookies without blocking all cookies. 
  • Bombarded with extensive cookie consent options for every website they visit, many (if not most) people simply accept all cookies because it’s the easiest option.

Netshield Ad-blocker

If you have a paid Proton VPN plan, you can use our NetShield Ad-blocker feature. This DNS filter doesn’t specifically block third-party cookies, but it does block many of the third-party scripts that load cookies onto your browser.

Learn more about NetShield Ad-blocker

How to block third-party cookies on your browser

Firefox (desktop)

1. Go to SettingsPrivacy & SecurityBrowser PrivacyEnhanced Tracking ProtectionCustom

2. Ensure the Cookies checkbox is selected and select the level of cookie protection you’d like from the dropdown menu. 

Block third-party cookies on Firefox for Windows, macOS, and Linux

Firefox provides several options to block the worst types of third-party cookies, making it easier for you to protect your privacy without breaking the websites you visit. You can also just block all third-party cookies. 

Firefox (Android)

1. Go toSettingsPrivacy and securityEnhanced Tracking ProtectionCustom

Block third-party cookies on Firefox for Android 1

2. Ensure the Cookies checkbox is selected and choose the level of cookie protection you’d like from the dropdown menu. 

Block third-party cookies on Firefox for Android 2

The Firefox Android app provides several options to block the worst types of third-party cookies, making it possible to browse privately without breaking the websites you visit. You can also block all third-party cookies. 

A similar setting can be found on Firefox Focus for Android by going to SettingsPrivacy and securityCookies and Site DataBlock cookies

Firefox (iOS and iPadOS)

On iOS and iPadOS, all third-party cookies should be blocked by default. However, Firefox and Firefox Focus on iOS/iPadOS have an additional setting:

1. Go to Settings → PrivacyTracking ProtectionStrict.

Strict tracking protection on Firefox for iOS

This setting blocks a great deal more than just third-party-cookies, but the in-app documentation notes that it blocks “Cross-Site Trackers — These cookies follow you from site to site to gather data about what you do online. They are set by third parties, such as advertisers and analytics companies”. 

You can find a similar setting in Firefox Focus for iOS by going to SettingsTracking ProtectionEnhanced Tracking Protection. Third-party cookies are not specifically mentioned, but you can block various trackers and scripts based on their purpose (advertising, analytics, and social blocking are enabled by default). 

Chrome, Chromium, Brave, and Opera (desktop)

Go to or Settings (or Go to full browser settings on Opera) → Privacy and security → Cookies and other site data and select Block third-party cookies.

Block third-party cookies on Chromium-based browsers for Windows, macOS, and Linux

Brave (Android)

Go to SettingsBrave Shields and privacyBlock Cookies and select Block cross-site cookies

Block third-party cookies on Brave for Android

As with all browsers on iOS and iPadOS, third-party cookies on Brave are blocked by default (see below). There is an additional option to block cross-site trackers (SettingsBrave Shields & Privacy Block Cross-Site Trackers). 

Opera (Android)

Go to Settings (gear icon) → PrivacyCookies and select Enabled, excluding third-party.

Block third-party cookies on Opera for Android

Microsoft Edge (Windows)

1. Go to SettingsCookies and site permissionsCookies and data storedManage and delete cookies and site data Block third-party cookies.

Block third-party cookies on Edge for Windows

Safari (macOS)

Safari on macOS blocks all third-party cookies (and many other forms of cross-site tracking) by default. To check this, open Safari and go to the macOS menu barSafariSettingsPrivacy tab and ensure Website tracking: Prevent cross-site tracking is enabled

By default, macOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it in the Privacy tab by unchecking Web advertising: Allow privacy-preserving measurement of ad effectiveness

Confirm that website tracking is blocked on Safari for macOS

iOS and iPadOS (all browsers)

As part of the WebKit engine that all browsers on iOS and iPadOS must use, all third-party cookies are blocked by default on iOS 14+ and iPadOS 14+. To check this setting is enabled, go to Settings → [your browser] → and Allow Cross-Website Tracking is switched off

Confirm that cross-website tracking is blocked iOS and iPadOS

Safari on iOS and iPadOS allows advertisers to measure their performance without associating your ad activity with you. If you’re not comfortable with this, you can disable it by going to SettingsSafariPrivacy & Security and toggling the Privacy Preserving Ad Measurement switch off

Disable Privacy Preserving Ad Measurement for Safari on iOS

Vivaldi (desktop)

Go to Settings (gear icon to the bottom left) → Privacy and SecurityThird-Party Cookies and select Block All

Block third-party cookies on Vivaldi for Windows, macOS, and Linux

Final thoughts

Blocking third-party cookies in your browser is an important part of preserving your privacy online. Other important steps you can take are:

  • Use a VPN (such as Proton VPN) to hide your real IP address
  • Use a script-blocker (such as Proton VPN’s built-in NetShield Ad-blocker feature) to prevent advertising, trackering, and other malicious scripts on web pages
  • Use a browser that is resistant to fingerprinting. Fingerprinting is hard to block, but some are better at it than others(new window).

Frequently asked questions

How can I tell that websites use third-party cookies

It is easy to see what third-party cookies are hosted on a web page using the Chrome browser. Hit F12 to open Developer Tools and go to the Application tab (you may need to click to see it) → StorageCookies

Any cookies that belong to domains other than the website you’re visiting are third-party cookies.

Hpw to look for third-party cookie scripts using Chrome

This example shows a reddit page that hosts a third-party cookie from Twitter. 

Can third-party cookies be useful to the user?

The scripts that set third-party cookies can be useful. For example, scripts that load a live chat support window make it easier for you to get help. Third-party cookies themselves, however, are almost invariably used by advertisers to track your browsing history and online activity (with the end goal of using that data to show you personalized ads)..  

These tracking cookies offer you no benefit besides (questionably) more relevant ads. 

Are third-party cookies safe?

Cookies are safe in that they cannot carry viruses or other malware, so they can’t directly harm you or your device. The danger they represent is to your online privacy — they allow advertisers and social media services to identify you, track your online activities, and even to monitor your interactions on websites (for example, by logging everything you look at on a website).

Do I need to block third party cookies and use NetShield Ad-blocker

It’s a good idea. NetShield Ad-blocker blocks scripts from a list of domains that we consider to be actively malicious, or simply of no value to most people who use Proton VPN. 

However, it doesn’t block domains that people actually want to use, such as Twitter or Facebook, and so does not block all third party cookies.

On the other hand, NetShield Ad-blocker can block many non-cookie-related scripts that can track you in other ways (such as fingerprinting) or which may otherwise harm you (such as scripts that inject malware onto your device). 

In addition to this, NetShield Ad-blocker helps protect your entire internet connection, not just threats from inside your browser. For example, mobile games often load ads from third-party domains. NetShield Ad-blocker can block these, but changing the cookie preferences in your browser won’t. 

We therefore recommend blocking third party cookies in your browser and also using NetShield Ad-blocker. 

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati