How redirectors solve the third-party cookie problem

Recently, one of our competitors brought up a good point about third-party cookies and tracking.  They pointed out that some browsers, on iOS-based devices in particular, do not accept third-party cookies by default.  This makes tracking conversions on those devices challenging for tracking methods that rely on third-party cookies.  We completely agree with that part of their analysis.

However, they associated using an http redirect with third-party cookies and suggested that using redirect-based tracking is susceptible to the same pitfalls.  This indicates either a misunderstanding of what a third-party cookie is or a lack of understanding of how a redirect-based system should work.  We wanted to clear that up for them.

First, what is a third-party cookie?  A third-party cookie is a cookie from any domain other than the domain of the original page request.  So if the original request is for, and there is an image on the page from, a cookie set by would be a third-party cookie.  One from would not be a third-party cookie.  It is the same base domain as the original request, so it is considered a first-party cookie.

Who cares?  Privacy advocates care a great deal.  Feel free to skip to the next paragraph if you already understand why.  Web sites often use cookies to keep track of users so they can remember what they put in their cart, or display breadcrumbs, or otherwise keep track of an individual browser.  But since a cookie can be read any time the browser makes a request to the server it can be used to track the browser between multiple sites.  For example if and both use tracking, the cookie will allow to track them on both sites and possibly correlate their behavior across both, as well as any other sites that use them.  This gets interesting when you consider how many sites use Google Analytics...

This concern has prompted the major browser makers to include an option to restrict third-party web servers from setting cookies for objects on pages that are not their own.

Section of Google Chrome options page where one controls third party cookie behavior

Mozilla Firefox options page where one controls third party cookie behavior

Internet Explorer Options page where one controls third party cookie behavior

What does this mean?  Any tracking solution that relies on setting third-party cookies will not be able to set a cookie (and therefore will not be able to track) browsers with that setting turned on.  This is true whether the request is done through a server-generated img tag or a JavaScript-generated element.

How does a redirector solve this?  When a browser requests a page from a redirector, the redirector is the first party.  So if a browser requests, the server could respond with "Actually go to, and by the way please set a cookie for"  Since the request is to "" and the cookie is for "", the browser does not consider it third-party so it accepts the cookie (unless the browser has all cookies turned off, in which case they won't be able to add anything to their cart on the client site so won't be able to convert anyway).  When the customer reaches the conversion page that contains a tracking tag, the browser is then happy to present the existing cookie to the third-party server, although it would not accept any new cookies that server tried to set at that time.

As with any solution, there are some additional technical gotchas, so this method may not be something just any company can get to work.  But we have tested and verified it with many browsers, including Safari on iOS devices, so we are confident in our understanding of how best to track the performance of our customers' ads.

Join the Discussion