Home  Articles  Videos  Classes  Support 


Understanding First- and Third-Party Cookies

By Dane Christensen

Cookies... They're Not Just for Snacking
Chocolate chip, peanut butter, macadamia—I love them all. I'm not too picky when it comes to cookie flavors, as long as they're sweet and plentiful! But those aren't the cookies I'm going to talk about today—instead, I'll cover cookies of an electronic flavor: web cookies.

Web cookies make web tracking easier—but they can also leave a bad taste in visitors' mouths if they aren't utilized in accordance with your privacy policy. Just like chocolate chip cookies have weight-gain implications, web cookies have serious security implications. We'll discuss those momentarily, but first let's cover a few basics.

What is a Cookie?
First, let's start with a quick look at what a cookie is. A cookie is simply a piece of information that a web site sends to a visitor's browser. Typically, cookies are used in one of two ways:

  • Store information for future use: Cookies can store visitor information like name, address, online buying patterns, login details, etc. This information can then be used by the web site to provide dynamic interaction as the visitor surfs through the site.
  • Maintain visitor sessions: By using cookies, one can determine how long a visitor stays on a web site, and if the visitor is a new or returning visitor.

Types of Cookies
First-party cookies: A first-party cookie is a cookie that is issued by the web site that you are visiting. For example, if you visit ClickTracks' famous 'Bob's Fruit Site' (www.bobsfruitsite.com), Bob's site will directly place a cookie on your computer. This cookie can only be read by Bob's site-the information that cookie contains cannot be accessed or read by any web site other than Bob's.

Third-party cookies: A third-party cookie is issued by a site other than the one you are currently surfing. To continue with our example from above: Imagine if Bob's site had an alliance with XYZ Ad Network, posting banner ads at the top of the home page. In this case, XYZ Network could issue you a cookie—a third-party cookie. XYZ Ad Network's third-party cookies follow a standard format that makes them readable by any web site, regardless of what web site issued the cookie.

Cookies and ClickTracks
ClickTracks supports the use of both first- and third-party cookies, whether you use a hosted or log file based system. There are reasons for using each type of cookie, the most significant of which coming into play when dealing with multiple domains.

When you are analyzing a web site that's hosted on a single domain (as most sites are) then issuing a first-party cookie to track a session is the right thing to do. Visitor info and session info can both be gleaned from this first-party cookie.

What if your site is hosted across multiple domains? The practice is not uncommon, especially among larger e-commerce web sites. When dealing with more than one domain, tracking your visitors becomes more complex. Why? Because, a cookie can't follow a visitor and be read from one domain to another due to the security risks involved. If Domain A issues a first-party cookie, then Domain B can't (and shouldn't be allowed to) read it.

For example:

Domain A: www.bobsfruitsite.com = main web site domain

Domain B: www.bobsfruitsiteshop.com = domain for the shopping cart system

While both domains are part of the same site unit, they're still separate domains. That means that a first-party cookie issued by Bob's fruit site won't be readable by bobfruitsiteshop.com.

In this case, a third-party cookie would be issued. As explained earlier, third-party cookies are allowed to be read by web pages that live outside of issuing domain. Normally, this would be a security risk since any web page can read this cookie, but generally, sensitive information is not stored in third-party cookies, and are strictly used for things like web site analytics tracking.

The Future of Cookies
Are web visitors saying 'no thanks' to cookies? No, and yes. First-party cookies are still widely accepted by users because the user has a relationship with a particular site and benefits from the cookie-like a cookie that saves them from having to re-input their user name every time they visit. Third-party cookies, however, are likely to be blocked because users don't trust other miscellaneous sites.

The percentage of users who block cookies depends largely on what kind of business they're in. In general, the amount of users blocking cookies is relatively low, but in government agencies or larger corporations that have stricter security guidelines, the percentage is most likely higher. The trend we see is one where the majority of web site providers inevitably move to first-party cookies.

# # #

 

Dane Christensen is a Professional Services guru at ClickTracks. Our Professional Services department offers one-on-one interactive sessions to help you with search engine optimization, campaign management, and web analytics. Contact Professional Services or call us 877-773-2249 (+831-621-6380 outside the U.S.).


Search The InsideTrack

Lyris HQ

As an online marketer, you
manage your email marketing,
your web content, landing pages, and PPC along with analyzing each for effectiveness. With Lyris HQ, you can manage all your online marketing programs easily and effectively from a single integrated toolset.

Request a demo >>

ClickTracks Pro 6.7.3

ClickTracks Pro 6.7.3 (software/log file edition) includes several feature updates, including: forensics for all campaigns, improved user and group controls, and an upgraded Campaign Manager.

Contact your sales rep for details on upgrading.

Live Interactive Demo

Four times a week, we present a live, interactive demonstration of ClickTracks' key features.

Reserve your seat today >>


See us @

02/26 - 02/28
SMX West - Santa Clara

03/17 - 03/20
SES - New York


Receive the Newsletter