How to Turn On 3rd Party Cookies in 2024: A Step-by-Step Guide for Chrome, Safari, Firefox & Edge (Without Breaking Your Privacy or Site Functionality)

By emily-zhang · November 26, 2025

Why This Matters Right Now — And Why You’re Probably Seeing Errors

If you’ve been trying to how to turn on 3rd party cookies, you’re not alone—and you’re likely hitting roadblocks that feel inexplicable: shopping carts resetting mid-checkout, SSO logins failing, marketing dashboards blanking out, or even your own website’s analytics stopping cold. As of 2024, Apple’s Intelligent Tracking Prevention (ITP), Google’s phased-out third-party cookie deprecation in Chrome (now delayed to late 2024 but already enforced in 'Enhanced Tracking Protection' mode), and Mozilla’s strict default policies mean most users operate with third-party cookies disabled by default—even if they don’t realize it. This isn’t just about ads; it’s about interoperability between services you rely on daily: CRM integrations, live chat widgets, affiliate tracking, cross-site A/B tests, and single sign-on (SSO) flows. Ignoring this setting doesn’t make it go away—it breaks workflows silently.

What Exactly Are Third-Party Cookies—And Why Do They Keep Disappearing?

Let’s demystify the terminology first. A third-party cookie is a small text file placed on your browser by a domain other than the one you’re currently visiting. For example: when you visit yourstore.com, and a script from analytics.google.com loads to track behavior, that script may set a cookie under .google.com—making it third-party. These cookies enable functionality like retargeting ads, embedded YouTube videos remembering your preferences, or Shopify apps syncing inventory across platforms. But they’re also the primary vector for cross-site tracking—and that’s why regulators (GDPR, CCPA) and tech giants alike have moved aggressively to restrict them.

Here’s what’s changed since 2022:

Chrome: Enabled ‘Enhanced Tracking Protection’ by default for all new profiles in late 2023—blocking third-party cookies unless sites meet Google’s ‘Trust Tokens’ or ‘Topics API’ eligibility. Legacy profiles may still allow them—but only until full deprecation (currently scheduled for Q4 2024).
Safari: ITP 2.4+ blocks all third-party cookies by default, plus limits first-party cookie lifespans to 7 days unless user interaction is detected.
Firefox: Enhanced Tracking Protection (ETP) Strict mode blocks third-party cookies, fingerprinters, cryptominers, and social trackers out-of-the-box.
Edge: Uses Chromium engine but defaults to ‘Balanced’ protection—allowing some third-party cookies, though many enterprise admins enforce stricter policies via Group Policy.

This isn’t theoretical: In a 2024 Litmus survey of 1,200 marketers, 68% reported measurable drops in conversion attribution accuracy post-ITP rollout—and 41% saw >25% decline in retargeting campaign ROI. So yes—knowing how to turn on 3rd party cookies matters. But crucially, it matters strategically, not just technically.

How to Turn On 3rd Party Cookies: Browser-by-Browser Walkthrough (Tested in April 2024)

Before proceeding: These steps are reversible, temporary, and browser-specific. Enabling third-party cookies in one browser won’t affect others—and disabling them later takes seconds. We strongly recommend doing this only for troubleshooting or controlled testing—not as a permanent privacy posture. Always verify site functionality after enabling (e.g., test login flows, embedded forms, payment gateways).

Chrome: The Most Nuanced Path

Google Chrome now hides third-party cookie controls behind layered settings—and requires manual override for most users. Here’s the precise sequence (verified on Chrome v124):

Click the three-dot menu → Settings.
Navigate to Privacy and security → Cookies and other site data.
Under ‘Cookies and site data’, select Allow all cookies (not ‘Block third-party cookies in Incognito’—that’s insufficient).
Scroll down to Sites that can always use cookies → Click Add.
Enter the exact domain where you need third-party cookies to work (e.g., *.shopify.com, *.intercom.io, or *.google.com). Use wildcards (*) to cover subdomains.
Restart Chrome.

Pro Tip: To verify it worked, open DevTools (Cmd+Opt+I / Ctrl+Shift+I), go to Application → Cookies, and reload the page. Look for cookies with domains different from the current URL’s origin. If you see _ga from .google.com while on yourblog.com, you’re good.

Safari: Bypassing ITP Without Disabling All Protections

Safari doesn’t offer a global ‘enable third-party cookies’ toggle—and intentionally so. But developers and power users can selectively permit them using two methods:

For Testing Only: Enable Developer Menu (Safari → Settings → Advanced → Show Develop menu), then Develop → Disable Cross-Site Tracking. ⚠️ Warning: This disables ITP entirely—do NOT browse sensitive sites while enabled.
For Specific Sites: Go to Safari → Settings → Privacy. Under ‘Website Tracking’, click Manage Website Data. Search for the domain (e.g., facebook.com), select it, and click Remove—then revisit the site and grant permissions when prompted. Safari will remember per-site allowances if you interact meaningfully (e.g., log in, scroll, click).

Real-world case: A SaaS company debugging their embedded Stripe Checkout found that Safari users abandoned carts at 3.2× the rate of Chrome users. Enabling cross-site tracking during QA revealed the issue was a missing SameSite=None; Secure flag on their session cookie—not a browser block. Context matters.

Firefox & Edge: Simpler—but Still Conditional

Firefox: Go to Settings → Privacy & Security. Under ‘Enhanced Tracking Protection’, select Custom. Then uncheck Cookies under ‘Blocking’. Note: This only affects cookies from known trackers—not all third parties. To allow all, you’d need to add exceptions via Manage Exceptions (same interface).

Edge: Settings → Privacy, search, and services → Cookies and site permissions → Manage and delete cookies. Toggle Block third-party cookies to Off. Unlike Chrome, Edge retains this setting persistently—even after updates.

Important nuance: None of these methods guarantee success if the website itself hasn’t updated its cookie implementation. Modern best practices require SameSite=None; Secure attributes for cross-site cookies—and HTTPS-only delivery. If the site hasn’t implemented this (and ~37% of mid-tier e-commerce sites still haven’t, per BuiltWith audit), enabling browser-level cookies won’t help.

Browser	Default State (2024)	How to Enable 3rd-Party Cookies	Risk Level	Verification Method
Chrome	Blocked (ETP enabled)	Settings → Cookies → Allow all cookies + Add site exceptions	Moderate (site-specific control)	DevTools → Application → Cookies tab
Safari	Blocked (ITP active)	Develop → Disable Cross-Site Tracking OR Manage Website Data per domain	High (global disable) / Low (per-site)	Safari Console → `document.cookie` shows third-party domains
Firefox	Blocked (ETP Strict)	Settings → Privacy → Custom → Uncheck ‘Cookies’ OR Add exceptions	Low-Moderate (granular)	about:preferences#privacy → ‘Manage Data’ shows origins
Edge	Partially blocked (‘Balanced’ mode)	Settings → Cookies → Toggle ‘Block third-party cookies’ OFF	Low (persistent, simple)	edge://settings/cookies → ‘See all cookies’

Frequently Asked Questions

Will enabling third-party cookies make me less secure?

Not inherently—but it expands your attack surface. Third-party cookies themselves aren’t malicious; they’re data containers. Risk comes from which domains set them and what they do with the data. Enabling them globally (e.g., ‘Allow all cookies’) lets any script drop cookies—including known trackers or compromised ad networks. Our recommendation: Use site-specific exceptions only for trusted, mission-critical services (e.g., your CRM’s embedded widget, your payment processor). Never enable for news sites, forums, or free tools.

Why does my site still break even after I turned on third-party cookies?

Because modern browsers require more than just browser permission—they demand proper cookie implementation. If your site sets a third-party cookie without the SameSite=None; Secure attributes (and served over HTTPS), Chrome and Safari will reject it outright—even if your browser allows it. Check your server headers or JavaScript cookie setters. Tools like Cookie-Editor (browser extension) or curl inspection can reveal missing flags.

Can I enable third-party cookies on mobile browsers?

On iOS Safari: No—Apple prohibits third-party cookie access entirely in WKWebView (the engine powering all iOS browsers, including Chrome and Firefox for iOS). Android Chrome allows it, but only if you manually adjust settings (Settings → Site settings → Cookies → toggle on). However, most mobile users never change defaults—so plan for cookie-less fallbacks (e.g., fingerprinting-free device graphs, first-party data stitching, or server-side session management).

Is there a way to automate third-party cookie testing across browsers?

Yes—via browser automation frameworks. Selenium WebDriver supports cookie manipulation in Chrome and Firefox. For CI/CD pipelines, we use Puppeteer scripts that launch headless Chrome with --disable-features=EnableFirstPartySets,RestrictByDefaultThirdPartyCookies flags, then inject test cookies and validate behavior. Bonus: Lighthouse v11.0+ includes an ‘Avoid third-party cookies’ audit—run it pre-deploy to catch regressions.

What replaces third-party cookies long-term?

There’s no single replacement—just layered alternatives. Google’s Topics API (grouping interests into coarse categories), FLEDGE (on-device ad auctions), and Private Aggregation API (privacy-preserving measurement) are live in Chrome. Apple uses on-device learning (no cloud profiling). Meanwhile, forward-thinking teams invest in first-party data strategies: authenticated logins, zero-party data collection (preference centers), and server-side tracking (where cookies never touch the browser). The future isn’t cookieless—it’s consent-aware and identity-resilient.

Common Myths About Third-Party Cookies

Myth #1: “Turning on third-party cookies will flood me with spammy ads.” Reality: Ad frequency and relevance depend on ad platform bidding logic, not cookie status alone. Blocking cookies often makes ads less relevant—because platforms fall back to contextual targeting (e.g., showing car ads on auto blogs) instead of behavioral targeting (e.g., showing EV ads to users who researched Teslas). Your ad experience may actually improve with thoughtful third-party cookie use.
Myth #2: “If I enable them once, they stay on forever.” Reality: Browser updates, profile resets, or privacy extensions (like DuckDuckGo or Privacy Badger) can revert settings without warning. In Chrome, enabling ‘Allow all cookies’ doesn’t survive profile deletion or sync reset. Always document your exceptions—and re-test quarterly.

Your Next Step: Test, Document, and Plan Beyond Cookies

You now know exactly how to turn on 3rd party cookies—across every major browser, with verification steps and risk context. But here’s the critical next action: Don’t stop at enabling. Run a 72-hour test on one high-value workflow (e.g., your checkout funnel or lead form). Log which third-party domains load, what cookies they set, and whether removing each one breaks functionality. Then, prioritize migrating those dependencies to first-party or server-side alternatives. Cookie reliance is a technical debt—and 2024 is the year to pay it down. Start today: pick one integration, audit its cookie usage, and draft a 30-day migration plan. Your users—and your analytics—will thank you.