For years the third-party cookie was declared dead. The 2026 surprise is that it is still alive in the browser that matters most. Safari and Firefox block third-party cookies by default, and have for years. Google spent six years promising to kill them in Chrome — then reversed course, and in October 2025 shut down Privacy Sandbox, the elaborate replacement it had built. The tracking cookie did not die on schedule. It fragmented: buried in two browsers, quietly alive in the one with the most users.

  • Safari (2020) and Firefox (2019) block third-party cookies by default; Chrome — roughly two-thirds of the market — still allows them.
  • Google abandoned its removal plan in 2024, dropped the promised Chrome "choice prompt" in April 2025, and shut down Privacy Sandbox in October 2025.
  • Chrome keeps a few narrow pieces — CHIPS, FedCM, Private State Tokens — but the grand cookie-replacement project is over.
  • Net effect: cross-site tracking is degraded, not gone — and the real shift is the industry's move to first-party and server-side data.
Default third-party-cookie policy by browserSafari and Firefox block third-party cookies by default; Chrome still allows them. Default third-party-cookie policy SafariFirefoxChrome Apple · WebKitMozilla · GeckoGoogle · Blink BLOCKEDBLOCKEDALLOWED default since 2020default since 2019kept · reversed 2025 ~18% of browsers~3% of browsers~65% of browsers genztech.blog
Fig 1 The cookie's fate depends entirely on which browser you use. Safari and Firefox block third-party cookies by default; Chrome, the largest browser, still allows them under a user-choice model after Google reversed its deprecation plan. Browser shares approximate.

Why third-party cookies were supposed to die

A third-party cookie is set by a domain other than the one in your address bar — the mechanism that lets an ad network recognise you across every site that embeds it, and the backbone of cross-site tracking and retargeting. Privacy regulators (GDPR, ePrivacy) and privacy-minded browser makers spent a decade treating it as the web's original sin. Apple and Mozilla acted first and unilaterally, blocking it by default. Google, whose advertising business depends on it, promised a gentler path: kill the cookie and ship a privacy-preserving replacement so ads still worked. That replacement was Privacy Sandbox.

RelatedFirefox Halves Its Release Cycle to Two Weeks

BrowserSafariFirefoxChrome
3rd-party cookiesBlocked by defaultBlocked by defaultAllowed (user choice)
Since2020 (full ITP)2019 → 2022Kept — reversed 2025
MechanismIntelligent Tracking PreventionTotal Cookie ProtectionPrivacy Choice prompt
~Browser share~18%~3%~65%
ReplacementNone — just blocksNone — just blocksPrivacy Sandbox (cancelled)

Why Google blinked

Three forces converged. First, money: third-party cookies still underpin a large slice of digital advertising, and Google sits on both sides of that market. Second, regulators: the UK's competition authority scrutinised the plan precisely because removing the cookie while Google controlled the replacement could entrench Google, not weaken it — an antitrust trap. Third, adoption: Privacy Sandbox's APIs tested poorly and the ad industry never embraced them. Faced with a replacement nobody wanted and a removal regulators distrusted, Google chose the path of least resistance — keep the cookie, drop the project.

The six-year road to a U-turn

  1. 2019Two paths diverge. Firefox turns on Enhanced Tracking Protection; Google announces Privacy Sandbox.
  2. 2020Safari blocks fully; Chrome sets a deadline. Google says it will phase out third-party cookies "within two years."
  3. 2021–2023Delay, delay, delay. The Chrome deadline slips repeatedly amid regulator and industry pushback.
  4. Jul 2024Google won't remove them. Plan changes to a user-choice prompt instead of deprecation.
  5. Apr 2025Even the prompt is dropped. Chrome will not ship a standalone third-party-cookie choice screen.
  6. Oct 2025Privacy Sandbox shut down. Google retires most Sandbox APIs, keeping only CHIPS, FedCM and Private State Tokens.

So are third-party cookies dead or not?

Both, depending on where you look. On Safari and Firefox they are effectively gone and have been for years. On Chrome they persist, but on borrowed time — reliability is eroding as more users opt into stricter privacy settings and as regulation tightens. The cookie is not being killed by decree; it is dying by attrition, unevenly, while the advertising industry quietly rebuilds on foundations that never depended on it. "Slow death" turned out to be the literal truth — just slower, and messier, than anyone predicted.

What to watch · 2026 onward
  • First-party & server-side data. The real migration: brands collecting their own data and moving tracking server-side, cookie or no cookie.
  • Contextual advertising's comeback. Targeting the page instead of the person is resurging precisely because it needs no cross-site identity.
  • Regulation, not browsers. With Chrome opting out of enforcement, privessure shifts back to lawmakers and data-protection authorities.
  • Chrome's privacy dials. Watch how many users tighten settings — that opt-in rate, not a deprecation date, now decides the cookie's fate.

Our take

The third-party cookie's story is a case study in how the web actually changes: not by a single decree from a dominant vendor, but by unilateral action at the edges, regulatory friction in the middle, and commercial self-interest slowing everything down. Apple and Mozilla could block the cookie because they do not sell ads; Google could not, because it does. The lesson for anyone building on the web is to stop waiting for Chrome to force the issue and design for a world where cross-site identity is unreliable everywhere and absent on nearly half of traffic. That world is already here — it just arrived by erosion instead of announcement.

Primary sources

Original analysis by GenZTech. Current as of July 2026.