With the ever-changing landscape of online tracking, it can be difficult to keep up with the latest developments. In this article, we explore how third-party cookies, first-party cookies, and other tracking techniques are used to track and attribute conversions and how browsers are responding to these techniques. We also look at how these techniques are affecting the way advertisers and social media networks are able to reach their audiences.
History of third-party cookie tracking and initial blocking attempts
Traditionally, tracking was done by setting a cookie for the ad platform's/tracker's domain and then displaying a tracking pixel, which was literally a transparent pixel, on the advertiser's website. The pixel had access to information such as the calling page (passed by the browser via the HTTP protocol as a referrer URL), as well as the user's identity, as all calls to the pixel contained a cookie set for the pixel's domain rather than the website's domain –– which is why it's referred to as "third-party".
Ad platforms figured out they could build very precise interest profiles by adding tracking pixels onto as many websites as possible and collecting users' entire visitor history this way.
This caused pushback amongst users, and browsers restricted third-party cookies roughly between 2017 and 2020, depending on the browser. This is why you no longer see as many "like/share" buttons on websites; they have no value for social networks anymore.
They're not blocked entirely, though; for example, most browsers with default settings still effectively allow third-party cookies from the website you often interact with. You may have seen a "sign-in with Google" pop-up displaying your name on websites you've never visited before - that's how it's done.
So ironically, these restrictions harmed smaller players and Facebook more than they did Microsoft, Google, and Apple, which can still track what websites you're visiting because they control the browsers.
How to track conversions in the post-third-party cookie world
While today's tracking pixels still attempt to use third-party cookies in the hope that the browser may allow them (blocking of which is enthusiastically reported by Safari), in actuality they mostly rely on JavaScript code that sets a first-party cookie on the domain on which it's run.
During a visit to a page with UTM parameters, Google Analytics code runs, sets a first-party cookie with the client ID, sends the URL/parameters to the page, and you now have all the visitor's activity attributed without any third-party cookies.
The same is true for the Facebook Pixel and others. The ad platform assigns a click ID, links it with its user in its database, then the visit goes to the website with the ID in the URL parameter, where the FB Pixel script runs, setting up a first-party cookie and sending a tracking event to the FB server that has both the click ID and the first-party cookie value. So, as long as the first-party cookie is kept, any conversions that reference it are now attributed to the click and the user by the ad platform.
Webkit (Safari, etc.) Intelligent Tracking Prevention is aware of this and restricts how long first-party cookies set by third-party scripts that touch unique click identifiers in URLs are kept, which is usually 24 hours to 7 days. The reason they tolerate it is that if you start blocking these, the web would essentially fall apart, since there are tons of legitimate, non-tracking uses for hosting website scripts on a different domain, and it is extremely common.
Combined with the fact that proper tracking pixels/tags have some sort of enhanced conversion based on personal details, IP address and browser name, ad platforms can get a very good picture of click-through and view-through conversions if they occur in the short window while the cookie is available, or the advertiser has attributed them to the click and first-party cookie and sent these data to the conversion API, or was attributed via enhanced conversion details.
Although browsers have put restrictions on third-party cookies, tracking technology has adapted and still allows for accurate tracking of user behaviour for ad platforms, even if it is within a limited window of time. This is possible through the use of first-party cookies and enhanced conversion details, allowing ad platforms to continue to build precise interest profiles and measure the success of their campaigns.
Learn more about how Able CDP helps advertisers to attribute conversions to the first-party cookies and send them to Google Analytics 4, Facebook Conversions API, Google Ads API and TikTok Events API.