Demystifying 1st vs. 3rd Party Cookies

February 7, 2018 Jesse Nobbe

An important part of Marketing Automation solutions is Visitor tracking. Oracle Eloqua refers to this as “Digital Body Language” – actions taken by a visitor on the website (among other things) that can then be filtered upon and used by the Eloqua user. While there are unique identifiers for each visitor through the cookie creation, there are two sub-categories of visitors: Known and Unknown. Known visitors are those whose email address and cookie have been associated (via a click or by completing a form etc.,) whereas unknown visitors are those where the cookie-contact association has not been made.

Cookies are a way for websites to save small pieces of information for Visitors. They are helpful for such things as keeping a user logged in and tracking shopping cart entries. Without cookies, these common use cases would be much more difficult to configure. Eloqua uses cookies to identify a Visitor’s browser to obtain information like pages visited, browser type, and geographic location. This information becomes useful in Eloqua when a Visitor clicks on a link in an email, or submits a form because these actions identify the user and link their cookie to their Eloqua Contact creating unique identifiers about who they are.

Unique identifiers can be stored as what we call a “3rd Party Cookie”, or a “1st Party Cookie”. 3rd Party Cookies are the default method used by Eloqua whereas 1st Party Cookies require more configuration and can solve some issues that 3rd Party Cookies can’t. 3rd Party Tracking is a useful starting point for many Eloqua implementations; it can be used alone or in tandem with 1st Party Tracking. 1st Party Tracking can be seen as a “next step” move for many Eloqua use cases while its feasibility is assessed. It is recommended, whatever decision is made, that Cookie Tracking be addressed and leveraged with Eloqua. How do you decide which of the two is the best fit? Let’s review each option.

3rd Party Cookies

Eloqua provides JavaScript that can be implemented on any webpage to enable cookie tracking. By default, this script uses 3rd Party Cookies. As the name suggests, this type of cookie is set by Eloqua (referencing “//” in the cookie) and not the domain being visited (referencing your domain i.e. “”).

There are pros and cons to this approach:

  • Pro: Ease of implementation – simply place the script onto the target webpage
  • Pro: Eloqua’s domains use SSL – Eloqua makes a secure connection to the target page
  • Pro: 3rd Party scripts can be placed on many domains without additional configuration
  • Con: Perceived as less trustworthy – since the cookie is being set by a third party, it is seen as less trustworthy

The primary downside to using 3rd Party Cookies is that Apple blocks them in its browsers by default. This may be a disadvantage to websites that have a significant amount of traffic from these sources (iOS and macOS Safari users). However, the ease of deployment and ability to place the script on various web properties can outweigh this disadvantage. A 3rd Party solution can also be a useful starting point to begin “cookieing” Visitors.

1st Party Cookies

1st Party Cookies differ from 3rd Party Cookies because they are set by your website, so they are perceived to be more trustworthy, but there are drawbacks to 1st Party Cookies as well.

  • Pro – Existing 3rd Party script requires minimal changes to work with 1st Party Cookies
  • Pro – Allow tracking of browsers with 3rd Party Cookies disabled
  • Con – Longer, more complex configuration process. SSL is strongly recommended, and must be configured within Eloqua using a Secure Microsite (one per domain being tracked)
  • Con – You must have Secure Microsites and purchase a special SSL certificate if your website uses SSL (or if you plan to in the near future). This will ensure that no unwanted messages are shown to end users. However, Secure Microsites are an add-on package and have to be purchased through Oracle. SSL certificates can be purchased through any 3rd party vendor.

SSL is an important part of this configuration. Without it, an already secured page would indicate to a Visitor that something malicious may be happening. Adding SSL into the mix increases implementation time and complexity because it involves more stakeholders. Oracle will enable SSL and also 1st Party Tracking for different domains.

Knowing the differences between 3rd or 1st party cookies by understanding their pros and cons to each is an important step in deciding which of the two your organization really needs. At Tegrita, we recommend starting with 3rd Party so you can obtain behavioral data within Eloqua while you decide whether you want to move to 1st Party. From there, switching to 1st Party can enable deeper insights into what your website visitors are doing. A 1st Party implementation can be a lengthy process, so having something in place while doing so is important. Once you have configured website tracking, you can then move on to things like Page Tagging, Website Visit based Segmentation, and improved Prospect Profiler data among many other things.

At Tegrita, we work with our clients to solve problems. We can help you evaluate your website tracking needs and support you through the implementation process. Contact us today to schedule time with one of our subject matter experts.


About the Author

Jesse is a Former Sr. Technology Lead at Tegrita. He helps design, build, and maintain robust Rev Tech solutions. In his free time he likes to power lift and dabble in piano.

Follow on Linkedin
Previous Article
Challenges CMOs Face: The CMO’s Guide to Facing Budget Challenges
Challenges CMOs Face: The CMO’s Guide to Facing Budget Challenges

CMOs! facing challenges with your marketing budget spend? Learn how a digital marketing strategy roadmap ca...

Next Article
Challenges CMOs Face: 5 Common Customer Experience Fails (with Solutions)
Challenges CMOs Face: 5 Common Customer Experience Fails (with Solutions)

Customer Experience (CX) is critical for modern businesses but CMOs face serious CX disconnects and struggl...