First Party vs Third Party Tracking Cookies

Let's look at the differences

The Birth of the Cookie

As we covered in an earlier article, the internet cookie was a Netscape innovation, created by Lou Montulli in 1994, originally to enable Netscape to recognise returning visitors. The potential for this browser-based technology was quickly realised; in that environment of course, it was a ‘first party’ device, set by and for Netscape, initially with limited functionality as a ‘tracking cookie’.

He expanded on the rationale for creation in his own blog post on the Reasoning behind Web Cookies which is well worth a read. The catalyst was from a group that wanted to build a shopping cart functionality into the server. Montelli’s cookie idea “extended the concept of the session identifier into a general payload that would get sent back to the server”.

They also added the functionality so that each user could have control over what cookies to accept and from whom. A key consideration for Montulli was to avoid allowing third parties to track people’s browsing activity.

The Third Party Decision

In fact in 1996 he was faced with the decision of whether to allow or disable third party cookies as he explained further in his blog: ‘In the end the decision to disable 3rd party cookies or keep them on was left to me. I agonized about the decision for weeks and in the end I chose to keep them”.

He expanded on his reasoning “If 3rd party cookies were disabled ad companies would use another mechanism to accomplish the same thing, and that mechanism would not have the same level of visibility and control as cookies. We would be trading out one problem for another”.

This robust solution still forms 95% of what cookies do today. As to the name, he’d heard a ‘magic cookie’ referred to in his college course, and said “Cookies was the first thing I came up with and the name stuck.” Cookies have remained as a core part of browser functionality for the last 26 years.

Third Party Cookies

The third party cookie was a simple solution, as Lou Montulli identified. Advertising companies such as DoubleClick were finding the cookie solution invaluable in enabling more accurate advertising delivery and targeting.

There have of course also been instances of less than honest use of cookie tracking which have contributed to the public and regulatory backlash against their use. Which of course has brought us to the point of the impending deprecation of the third-party cookie across all major browsers.

Affiliate Cookies

In the early days of affiliate marketing, the cookies were always set by the network so that tracking could happen. It was a much simpler world where browsers placed no restrictions on any web service reading pretty much any cookies.

As the internet developed of course and privacy technologies started to become more widely applied, this made life more difficult for third party tracking to work. Most affiliate tracking systems have been moving over to using first party cookies as a default, either completely as Webgains has since 2019* or it’s still a work in progress.

Most networks also publish updates on how they are delivering continuous improvement in their tracking. Webgains moved quickly to 100% first party cookies in 2018 to counter the effects of ITP and other privacy issues. Others such as TUNE have always promoted what they term as ‘cookieless’ or postback tracking over any pixel-based offering.

You’ll probably have spotted the obvious omission from this discussion and be asking “what about second party cookies?”. They of course do exist and are usually used in data-sharing agreements, although their usage is unpopular. Many of them represent data collection partnerships.

The First Party Cookie

In many cases these are set to enable functionality within the website, such as remembering basket contents and user login details to smooth the web experience of that website.

For a cookie to be an effective first party one for tracking affiliate activity, it has to be set by the advertiser’s website domain. It also needs to contain enough information in its value to enable the network to understand the advertiser and affiliate identities so the tracking of the event can be recorded.

Allowing ‘only essential cookies’ should inhibit the setting of any cookies that aren’t essential. Currently different advertisers have different approaches with many deeming affiliate cookies within their ‘essential’ bucket and others ensuring consent is needed.

Tracking providers have presented the issues in a variety of ways from the Webgains and Awin approach to those that look to rely on unique referral codes. Again, it’s worth stating that despite some similarities, most networks are adopting different technical approaches.

Beyond Affiliate Marketing

For many in the wider advertising industry, the view is that the big limitation of first-party cookies is that they can only be read when the user is visiting the actual website. Meaning cookies, that are deemed to be third party by virtue of the website the user’s reading, work for general advertising purposes (e.g. retargeting) on such websites.

Affiliate marketing is different and the success of first party methods for affiliate marketing present a strategic opportunity for the method, both now and particularly after Chrome’s deprecation of third party support.

It is positive that the first party cookie is being widely used for affiliate tracking, however that hasn’t meant that all the issues have gone away. Moonpull in its monthly analysis across over 1000 advertisers, identifies significant instances of tracking being compromised in a variety of ways.

Some of these were outlined in the article on Reading Affiliate Cookies, and whilst publishers need to be vigilant for any changes in sales volumes and conversion rates they should also undertake assessment of an advertiser’s tracking capability before putting new campaigns or content live.

Using Moonpull

Moonpull is working with a number of affiliate networks to assure accuracy and effectiveness of tracking on behalf of affiliates. Publishers can also open a Moonpull account. This provides a broader understanding of issues across all network tracking and the ability to provide technical details of any issues to network and advertiser partners for quick resolution.

Moonpull at PI Live 2022

Moonpull exhibited at PI Live in October 2022 to bring the conversations and analysis of affiliate tracking to a wider audience. Moonpull founder, Steve Brown was also speaking at PI Live in an interactive Q&A session ‘Identifying and Understanding Compromised Tracking‘. Many of the large number of questions in the session have given rise to more recent articles on affiliate tracking.