Am I using third-party cookies on my website?

Google will be phasing out third-party cookies in Google Chrome by 2022. You may have seen several articles circling the web about this subject such as the impact this will have for advertising, and what is Google’s data collection solution to this change.

However, how can you tell if your website is using third-party cookies?

First, let’s cover what is a cookie?

Browser cookies are small pieces of code stored in the browser. They are primarily used for things like determining if a user is logged in to a website, user preference settings, and recording user data.

What type of cookies are there?

In the technical definition, there are two types of cookies. When a cookie is created it has an associated domain. This originating domain determines if the cookie is first or third-party.

First-party cookie – This cookie was created on the same website you are visiting. These are commonly used to help core website functionality such as determining if a user is logged in.

Third-party cookie – This cookie was created on an external website. It is not the same website you are currently visiting. These are commonly used to track activity between websites and serve targeted ads to users.

Second-party cookie…? – This does not have a real categorization in code, but has been referred to when one company shares their first-party cookie data with another company. AKA second-party data.

Are the tracking services on my website using third-party cookies?

Third-party cookies being phased out is not new in the industry. Firefox and Safari have moved towards blocking third-party cookies since early 2019 so tracking services have had time to react and implement solutions.

Here are some common tracking services you may be using and what type of cookies they use:


Google Analytics 
The analytics.js JavaScript library is part of Universal Analytics and uses first-party cookies…

Learn more


Google Tag Manager (GTM)

Out of the box GTM does not put cookies on your website. The tags and scripts you add to your GTM container may utilize third-party cookies however.

Google Tag Manager does NOT use cookies because GTM is just a middle man between your website and marketing/analytics tools you have installed.

Find out more
HubSpot doesn’t use third-party cookies to power the analytics user token we attach to contacts.

Find out more

More details on HubSpot’s cookies can be read here.


To function properly, Hotjar stores first-party cookies on your visitor's browser.

Find out more


You can now use both first and third-party cookies with your Facebook pixel.

Learn more

The Facebook Pixel uses both first and third-party cookies and they have introduced the Conversion API (CAPI) as their solution to third-party cookie blocking. It is currently recommended to use the Facebook Pixel and CAPI together.

What about services outside of the list above?

If you are serving ads on your website, you are most likely using third-party cookies. Other tools like live chats could also add third-party cookies to your website.

You can inspect the cookies on your website by using your browser’s Developer Tools. Listed sites that are not the same as the current website you are visiting are third-party cookies.

In Google Chrome, you can inspect your cookies by:

  • Pressing F12 on your keyboard
  • In the popup panel, click the Application tab
  • From the left sidebar, click the arrow beside Cookies to expand the list

Viewing cookies in Google Chrome's Developer Tools


Scanning your website's cookies:

You can also scan your website by using inputting your website’s URL into the scanner at The scan will give you a detailed break down about what kind of cookies you are using and if they are first or third-party.

Media Vendors and Cookies

Media vendors such as programmatic ad networks rely on cookie data for ad targeting and have had to come together to find a solution that identifies users across the internet.

One very likely solution is the Trade Desk’s Unified 2.0 which has buy in from across the industry and is modeled after the IAB’s Project Rearc framework. This methodology would store a hashed and anonymized email address from a user and have them opt in to be served relevant ads across each site which will allow for the creation of a unified identifier across browsers and devices.

On the ad server side, conversion tracking will also require a replacement for third-party cookies. EyeReturn, a highly popular ad server, is currently testing potential replacements and will have a solution in place in the next few months. Some ad servers, such as Extreme Reach, have relied only partially on cookies and are already poised to continue operations once they deplete.

So what should I do if my tracking or media vendors are using third-party cookies?

Most tracking or ad platforms have published articles on their stance and solution to third-party cookies being blocked. 

If you are unable to find this information, recommended next steps are to have a conversation with your tracking or media vendor about how they are handling third-party cookies. This will help you prepare for any code or tag changes coming your way based on your vendor’s cookie-less solution.

Testing different vendors and ad servers is also strongly recommended as an immediate plan of action. This allows time to compare current strong performers to new prospects and determine your optimal mix so that your campaign performance will not be heavily impacted once third-party cookies are entirely depleted at the start of 2022.

Watch our webinar: The Cookie-less Future

Watch Sara Kerr (ZGM's Senior Media Manager), Colby Doyle and Faustina Banh (both Data Insights Strategists) as they wade into how this is going to unfold and the best way to prep for what's about to happen in 2021.

View all posts

Want more stuff like this?