What Actually Died, and Why It Still Matters for WordPress
Google reversed its third-party cookie deprecation in April 2025. After years of delays, warnings, and industry panic, Chrome will not block third-party cookies. Instead, users get a choice. Headlines called it a victory for advertisers. Reality: it changes almost nothing.
Safari has blocked third-party cookies since 2020. Firefox blocks known trackers by default. Brave blocks everything. Combined, these browsers represent roughly 30% of users—and that’s before accounting for the 31.5% running ad blockers (Statista, 2024). Third-party cookies were already dead for reliable cross-site tracking. Google’s reversal just means Chrome won’t join the funeral.
What Google Actually Announced
On April 22, 2025, Google confirmed it would abandon third-party cookie deprecation in Chrome. The plan that had been delayed from 2022 to 2023 to 2024 to 2025 was finally cancelled entirely.
Instead of blocking third-party cookies, Chrome will implement a “user choice” model. Users can opt to block third-party cookies if they want. No separate consent prompt will be added. The default behavior—allowing third-party cookies—remains unchanged.
The Privacy Sandbox APIs that were supposed to replace third-party cookies? All killed. In October 2025, Google deprecated all 10 remaining Privacy Sandbox APIs: Topics, Protected Audience (formerly FLEDGE), Attribution Reporting, and the rest. Six years of development. Billions in industry investment adapting to the new APIs. All gone.
Why? The UK Competition and Markets Authority (CMA) ran extensive testing. Results were brutal: 85% attribution inaccuracy, 30% publisher revenue decline, 42-67% reduction in advertiser spend. The cookie replacement that was supposed to balance privacy and advertising failed at both.
Why Chrome’s Policy Barely Matters
Here’s what the “Google saved cookies” headlines miss: third-party cookies already don’t work for a third of your visitors.
Safari implemented Intelligent Tracking Prevention (ITP) in 2017 and has blocked all third-party cookies since 2020. Safari holds 24% of global browser market share (StatCounter, 2024). On iOS, it’s even higher—and all iOS browsers must use Safari’s WebKit engine, so Chrome on iPhone follows Safari’s rules.
Firefox introduced Enhanced Tracking Protection (ETP) in 2019. It blocks third-party cookies from known trackers by default. Total Cookie Protection, rolled out in 2022, partitions any remaining third-party cookies per-site, preventing cross-site tracking even when cookies aren’t blocked.
Brave blocks all third-party cookies and clears them when you close the browser. It also strips tracking parameters from URLs and performs CNAME uncloaking to catch disguised trackers.
For any WordPress store owner trying to track customers across sites or attribute conversions via third-party cookies, 30% of traffic has been invisible for years. Google’s reversal doesn’t fix that. It just means Chrome—and only Chrome—continues allowing something that doesn’t work everywhere else.
The Real Casualty: Retargeting As We Knew It
Third-party cookies powered the retargeting ads that follow you around the internet. You browse shoes on one site, then see shoe ads on every other site you visit. That relied on ad networks setting cookies across all those sites, tracking your browsing, and serving relevant ads.
That’s dead. Not because Chrome blocked it, but because Safari, Firefox, and Brave did. Any retargeting strategy built on third-party cookies reaches only Chrome users who haven’t installed ad blockers. That’s a shrinking audience.
Meta lost an estimated $12.8 billion in 2022 from Apple’s App Tracking Transparency (ATT) alone (Meta earnings report). The iOS prompt asking “Allow this app to track your activity?” devastated cross-app attribution. Similar losses hit every platform dependent on cross-site tracking.
The response? Browser fingerprinting emerged as an alternative—and regulators immediately flagged it as more invasive than cookies. The UK ICO called Google’s fingerprinting policy “irresponsible” in February 2025. Universal IDs like UID2 require email logins, achieving only 13% opt-in rates. Every alternative has problems.
What This Means for WordPress Store Owners
If you’re running a WooCommerce store, third-party cookie drama matters less than you might think. Here’s why:
Your analytics are first-party. Google Analytics 4, when installed on your site, sets first-party cookies under your domain. Those cookies face Safari’s 7-day JavaScript limit (see our first-party cookie guide), but they’re not affected by third-party cookie blocking at all.
Your conversion tracking can be cookieless. When a customer completes a WooCommerce order, you have their email, name, shipping address, and purchase details. Facebook CAPI and Google Enhanced Conversions use this first-party data—hashed and sent server-side—to attribute conversions. No cookies required. No browser can block it.
Your retargeting options changed. Traditional pixel-based retargeting (drop a Facebook pixel, remarket later) is unreliable. But customer list retargeting—uploading hashed email lists from your WooCommerce orders—works fine. You’re targeting known customers, not anonymous browsers. Same result, different mechanism.
The stores struggling are those still relying on third-party pixels to do all the work. Stop apologizing for cookies and start collecting the data that actually matters: first-party customer information.
The Irony: Cookies Were Never the Problem
Lou Montulli invented cookies in 1994 to protect privacy. Seriously. The original purpose was to maintain state (shopping carts, logins) without storing user data on servers where it could be accessed by others. Cookies kept data local.
The problem was third-party cookies—a hack invented by ad networks in 1996 to track users across sites. The technology Montulli built to protect privacy was repurposed for surveillance within two years. Everything since then—ITP, ETP, GDPR cookie banners, the Privacy Sandbox disaster—has been trying to undo that hack while preserving cookies’ legitimate uses.
First-party cookies doing first-party things remain fine. Your session cookies, login cookies, preference cookies, and properly-configured analytics cookies aren’t going anywhere. The apocalypse only hits cross-site tracking, which was never what cookies were designed for.
Server-Side: The Solution That Works Everywhere
The common thread across every browser’s privacy changes: they target client-side tracking. Code running in the browser—JavaScript pixels, third-party cookies, tracking scripts—is what gets blocked, limited, or restricted.
Server-side tracking operates differently. Data collection happens on your server first, before reaching browsers where it can be blocked. Your server sends data directly to GA4, Facebook, and Google Ads via their server-side APIs. No browser ever sees or blocks the transmission.
This isn’t a workaround or exploit. It’s the intended architecture. Facebook CAPI (Conversions API) was built for server-to-server communication. Google’s Enhanced Conversions expect server-side data. The platforms want reliable data; server-side delivers it.
For WordPress, Transmute Engine™ captures conversion data server-side from WooCommerce events, then routes it to all your destinations—GA4, Facebook, Google Ads, BigQuery, Klaviyo. No GTM complexity, no browser-side restrictions, no reliance on third-party cookies that don’t work anyway.
Key Takeaways
- Google reversed third-party cookie deprecation in April 2025—Chrome won’t block them, but Safari and Firefox already do
- 30% of browser users have third-party cookies blocked before accounting for ad blockers (another 31.5%)
- Privacy Sandbox died in October 2025 after CMA testing showed 85% attribution inaccuracy
- Your WooCommerce analytics use first-party cookies, which face different restrictions (Safari 7-day limit) but aren’t blocked
- Server-side tracking and first-party data collection work across all browsers regardless of cookie policies
Yes. In April 2025, Google announced it would not block third-party cookies in Chrome. Instead, Chrome will offer a “user choice” model allowing users to opt in or out. However, Safari and Firefox already block third-party cookies, so the practical impact for cross-site tracking is minimal.
For practical purposes, yes. While Chrome still allows them, Safari (24% market share) blocks them entirely, Firefox (5%) blocks known trackers, and Brave blocks all third-party cookies. Combined with 31.5% ad blocker usage, cross-site tracking via third-party cookies is unreliable for any business making data-driven decisions.
Google killed all 10 remaining Privacy Sandbox APIs in October 2025, including Topics, Protected Audience (FLEDGE), and Attribution Reporting. After 6 years of development, CMA testing showed 85% attribution inaccuracy and 30% publisher revenue decline. The industry’s cookie replacement attempt failed.
Focus on first-party data collection. WooCommerce order data (email, name, address) provides cookie-independent conversion tracking via Facebook CAPI and Google Enhanced Conversions. Server-side tracking captures data before browser restrictions apply. This approach works across all browsers regardless of cookie policies.
If you’re relying solely on client-side pixels, yes. Third-party cookie blocking and ad blockers mean 30-40% of your conversion data is already missing. Implementing server-side tracking and using WooCommerce order data for Facebook CAPI and Google Enhanced Conversions recovers this data and future-proofs your tracking.
Third-party cookies are a distraction. The real question is whether your tracking works across all browsers, all privacy settings, and all ad blockers. Understand what’s happening with first-party cookies—they’re your actual concern. Then see how Seresa makes WordPress tracking work everywhere.
