Browse All Articles

A Marketer’s Ultimate Guide to Web Cookies

There has been a lot of chatter around cookies recently, and not just because it’s Girl Scouts season. Web cookies — which, for years, have impacted how we shop, browse, and search online — are undergoing major changes with enormous implications for ad publishers, users, and brands. 

We know how difficult it can be for marketers to keep track of the flurry of activity surrounding web cookies. This guide provides an in-depth overview of how web cookies work, what’s changing, and how you can future-proof your business — no matter what transformations the digital marketing landscape experiences in the next few months. 


Why were web cookies created?

Lou Montulli, an employee of Netscape Communications, created web cookies in 1994. Working alongside a software engineer named John Giannandrea, Montulli wanted to establish a way to determine whether someone visiting Netscape’s website was a new or returning user. And voila — cookies were born and quickly became the go-to solution for ecommerce shopping carts.

How are web cookies used in digital marketing today?

In the last twenty-plus years since web cookies were created, their functionality has significantly expanded in scope. Nowadays, cookies are a robust tool in digital marketing used to track user data and behavioral information and allow marketers to target particular audience groups better. We use cookies for a whole range of day-to-day ecommerce functions, including:

  • Storing important data, such as the items you’ve added to your shopping cart, as you navigate a website. 

  • Session management. If you’ve ever had Google autofill your login details or autocomplete your address at checkout, those are cookies at work. They allow servers to recall that your unique session identifier had been previously authenticated, which then grants you access to its services. 

  • Streamlining the customer journey by offering personalized product recommendations based on what you had previously clicked on or shown an interest in. 

  • Personalizing a website experience based on each user’s preferences — whether it’s language, dark vs. light mode, or the number of results per page. 

  • Retargeting ads that remind you to finish shopping or notify you that the items you had browsed are selling out fast. 

  • Assessing and measuring marketing performance. Google Analytics is a robust tool (which you should be using!) that leverages cookies to help you pinpoint where your leads and conversions are coming from. 

What are the different types of cookies? 🍪

Much like chocolate chip, peanut butter, and oatmeal raisin cookies, there are different types of web cookies as well (which is unsurprising, given how their use cases are so broad!). 

Session cookies vs. persistent cookies

Session cookies are temporary, meaning they’re only stored in your browser’s memory when the window is open. Once it’s closed, the cookie will be removed from your browser’s history. 

Then there are persistent cookies, which are stored for a longer duration — the expiration date is set by the issuer (typically a few months to a few years). In other words, persistent cookies are stored in your browser even when you close the window, meaning every time you revisit the site that created the cookie or click on an ad, the cookie’s issuer will receive your data. 

First-party cookies vs. third-party cookies

First-party cookies are created by the site you are currently visiting, generally used to enhance the customer experience in terms of:

  • Adding items to carts correctly. If first-party cookies are disabled, users will be limited to one item per transaction (because the shopping cart is reset every time they visit new product pages).

  • Saving login passwords.

  • Remembering language preferences.

First-party cookies at work

First-party cookies at work. Image Source.

Comparatively, third-party cookies are not created by the site you’re currently visiting. Instead, they are identifiers placed on a page via a script or image tag and are used to associate digital ad clicks with the site where the ad is shown. 

Third-party cookies enable tracking across websites, used for behavioral targeting purposes (serving retargeting or personalized ads) as well as measurement and attribution (figuring out which user events led to conversions or other outcomes).

An infographic showing the cycle of retargeting works: #1 A visitor comes to your site, #2 They learn about your products but leave without purchasing, #3 AdRoll displays your ads on sites they visit later, bringing them back and keeping your brand top-of-mind

How AdRoll’s retargeting ads work.

Your web cookies 101 TL;DR:

A large infographic describing how cookies work around the web.

Part II: Challenges of Third-Party Cookies

By now, you’ve probably realized web cookies and digital marketing go together like Oreos and milk. But unfortunately, web cookies are not the perfect solution to our marketing needs and challenges. 

What are the privacy concerns surrounding third-party cookies?

As users grow more accustomed to personalized and cross-channel advertising, they’re also on guard to third-party tracking and its effect on digital privacy — specifically the amount of data that companies have on them, what they do with it, and whether or not they’ll sell it to other advertisers. As the saying goes, “data is the new oil” in the digital economy. 

To combat these concerns, the EU passed the General Data Protection Regulation (GDPR) in 2016, while California passed a similar state statute, the California Consumer Privacy Act (CCPA), in 2018. And we’ll likely see even more legislation in the coming years. 

What are the challenges marketers have with cookies today?

You see, cookies were never the perfect solution to begin with. Beyond privacy concerns, they’ve always had technical drawbacks:

  • Inaccurate identification for multiple people. For example, if you have three users sharing a household computer, cookies don’t come in handy in terms of digital marketing. Unable to differentiate between users, cookies will just serve up a hodgepodge of ads only semi-relevant to each person. 

  • Poor identification for multiple computers/browsers. If a user shuffles between different browsers, cookies aren’t that useful of a tool either. That’s because each browser uses a separate storage area for cookies — multiple sets of cookies won’t paint a complete portrait of a user’s interests and behaviors. This is also applicable for those with multiple computers as well. 

  • Varying web experiences for different browsers. Consistency is a key variable in any marketing campaign, yet given how different browsers now handle first- and third-party cookies differently, you may be serving different web experiences for users who use Firefox versus Google Chrome. 

Google Chrome’s third-party cookies changes

What did Google announce? 

In January of 2020, Google announced that its browser, Google Chrome, will follow the footsteps of Safari and Firefox and phase out support for third-party cookies. They have recently updated their timeline for the phasing, with an estimate of second half 2024. With over 60% of the market share, Chrome’s decision will expedite the transition toward new tracking and measuring solutions. Google is taking a collaborative approach to developing an advertising solution that is healthy for users and everyone else in its ecosystem, from ad companies to publishers to digital brands. 

What is Google’s timeline?

When Google made its announcement last year, they estimated a two-to-three year timeline. However, it later clarified that this was not a hard deadline but rather a recommended timeline for companies to begin taking action and exploring alternatives to third-party cookies. 

Fast forward to 2021, and Google is already encouraging companies to test potential replacements for third-party cookies in its “Privacy Sandbox” initiative. The early data for one proposal, FLoC (“Federated Learning of Cohorts”), seems promising, and marketing experts monitoring Google’s progress are cautiously optimistic. 

Part III: Digital Marketing Without Third-Party Cookies

With the cookie jar shut, is this the end for digital marketing? Nope. In fact, it’s far from it. Although digital marketers face profound changes to how they approach their craft, there are a whole host of digital marketing tools and tactics you can use to plug the hole left by third-party cookies. 

What are some alternatives to third-party cookies? 

Contextual targeting

Unlike behavioral targeting, contextual targeting does not rely on third-party cookies to track and serve relevant ads based on users’ behaviors. Instead, contextual targeting involves placing ads in specific web pages with relevant content or images to your brand or product.

For example, suppose you’re a sneaker company. In that case, contextual targeting means your ad will show up on the sidebar of a news article about the NBA or possibly a blog post about the benefits of running a marathon. A user will see this ad placement regardless of whether they had visited your website, Googled your brand, or clicked on another one of your ads previously.

Visual representation of keyword contextual targeting.

Visual representation of keyword contextual targeting. Image Source.

Contextual marketing is a powerful tool because it achieves two things simultaneously: 

  • You’re meeting customers where they already are. 

  • You’re reaching customers with the potential to engage with your brand, even if they currently have zero brand awareness. 

Email marketing

Emails should be a mainstay in every marketers’ toolbox for good reason — it’s one of the most stable and future-proof methods to reach your target audience. As we shift away from third-party cookies, email marketing has become more relevant than ever. 

However, this will mean marketers looking to stand out from the crowd must drastically improve the quality of their emails — No more spamming! No more boring templates with just text! — and instead find innovative ways to collect email addresses at a meaningful scale while still complying with privacy regulations. 

Emerging channels

Beyond the typical digital marketing channels — Facebook ads, email marketing, content marketing — we’re seeing more and more emerging channels with massive potential. From SMS marketing to connected TV (e.g., ads on Hulu) to podcast advertising, these channels are yet to be heavily saturated. Think outside of your comfort zone, and don’t be afraid to get creative. 

Double down on first-party data

As we pivot away from third-party cookies, first-party data will gain even more value. This includes information that brands collect directly from customers, such as phone numbers and email addresses. Equipped with first-party data, you can directly connect with your targeted audience without relying on the targeting afforded by third-party cookies. 

However, customers have become stingier with their first-party data. We’re all familiar with how spammy our inboxes have gotten, with some brands abusing their customers’ goodwill by sending upwards of three promotional emails a day. Unsurprisingly, it’s become more challenging for new brands to obtain first-party information without new and creative tactics. Here are some ideas on how to build your email or SMS list:

  • Opt-in first-party data sharing before users can access free content, such as tutorials or downloadables. 

  • Newsletter sign-ups that unlock a discount. 

  • Post-purchase surveys. 

Remember: The easiest way to get someone to hit the “unsubscribe” button is by destroying their trust and misusing their data. Treat people’s email and SMS inboxes like how you want to treat yours. Sometimes, less is more. 

We’re facing seismic shifts, but that’s not new in the history of marketing. From the introduction of digital channels to the rise of social media, these changes typically breed exciting opportunities. With everyone putting their innovative thinking caps on, we see new opportunities arise, and key players emerge. 


Google’s Privacy Sandbox, an initiative where the company explores cookie-less tracking solutions, includes a proposal to move all user data into one’s personal browser, where it will be stored and processed. In other words, all data stays on the user’s device, ensuring that it’s privacy compliant. Additionally, Engadget states Google is “exploring how to track ad conversions (that is, clicks that lead to sales) without allowing cross-site tracking. 


Apple is, hands-down, the biggest tech company putting user privacy first. Not only has the company made its cookie blockers active by default in Safari, but it’s also introducing enhanced cookie blocking technologies with Intelligent Tracking Prevention (ITP) and Enhanced Tracking Protection (ETP). Both ITP and ETP prevent third-party cookies from being stored in a browser and disguise themselves as third-party cookies. 


Here at AdRoll, we’re familiar with the ever-changing nature of the marketing industry. After all, we’ve tackled Facebook’s replacing of the Facebook Exchange with Web Custom audiences. We’ve adhered quickly to both GDPR and CCPA. We’ve addressed Safari Tracking changes as they occur. 

Likewise, we’re well-prepared for the phasing out of third-party cookies. Strong first-party assets, including first-party cookies and emails, play a huge part in our marketing platform. Beyond that, all our teams — product management, engineering, marketing, and more — have collaborated to redesign our web-based offerings in the last year. We’ve also been an active participant and critical technical stakeholder in Google’s working group, helping shape how the advertising, analytics, and publisher ecosystem will look like moving forward into the cookie-less future. 

How can marketers prepare for the transition?

Industry leaders are prepared for the transition, but that doesn’t mean ecommerce brands can sit back, relax, and wait for instructions. As marketing leaders, you must actively future-proof your business with concrete actions beyond familiarizing yourself with the changes regarding third-party cookies. Start by asking yourself: 

  • How many of my marketing channels currently rely on third-party cookies? How will my revenue be impacted once third-party cookies are no longer supported? 

  • Which other user identifiers can I lean on besides third-party cookies?

  • What are the non-third-party-cookies marketing tools and channels that I can invest in? What is the timeline required to begin these new efforts? 

Equipped with these answers, start researching and experimenting with the alternatives to third-party cookies outlined above (we recommend starting with contextual marketing!). 

The next few months will be challenging for all of us, but this is far from being a death knell for digital marketing. A new era of our industry is on the horizon, where there will be new tactics, new tools, and new opportunities to connect with customers while prioritizing data privacy. 

Here at AdRoll, we’re excited for what a future without third-party cookies will look like, and we can’t wait to see the creative solutions that platforms, ad providers, and brands devise. 

If you’re looking for more strategies to future-proof your business, check out our Marketing Resource Library today.