People don’t like to be tracked around everywhere they go on the web. So all major browsers give you the option to “block third party cookies”. And there’s a DNT header that your browser sends on your behalf to nicely tell the tracking parties that you don’t want to be tracked. However, the big question remains, does it work?
The following is what we did for four major browsers and what we observed. On our test page there were two cookies that should be considered third party: one from google-analytics.com, another from doubleclick.net.
You can ask Chrome to send the DNT header in the Privacy and security section of settings.
Further down from the “Do Not Track” flag there’s a Content settings section. Click on that and click Cookies. From there you can enable “Block third-party cookies”. Observations: With DNT flag on and “Block third party cookies” off, Chrome set both cookies. The DNT flag was sent by Chrome but ignored by both google-analytics.com and doubleclick.net. With both DNT flag and “Block third party cookies” on, no cookie was set, but the requests to google-analytics.com and doubleclick.net were not blocked.
For Internet Explorer, open the Internet Options dialog, click the Privacy tab, then click Advanced. In the Advanced Privacy Settings dialog, select Block Third-party Cookies.
To turn on the DNT header: click on the Settings icon, mouse over Safety, then select “Turn on Do Not Track requests”. Observations: These settings have no effect on the observed behavior, IE reported no cookies set either way. The requests to doubleclick.net and google-analytics.com were not blocked regardless of whether the flags were set or not.
Click the O icon on the top left corner, then click Settings to bring up the Settings page. Check “Block third-party cookies and site data”. Observations: With “Block third-party cookies and site data” unchecked, the browser saved the two cookies for google-analytics.com and doubleclick.net. With the option checked, no cookies were saved. However, requests to google-analytics.com and doubleclick.net were not blocked.
Bring up the Options page by clicking the Hamburger button on the top right corner. Click on the Privacy & Security link on the left. Scroll down to the Tracking Protection section and select Always.
Observations: When tracking cookies were blocked, Firefox displays a half shaded icon to the left of the URL. The DNT header was sent for every request. Requests to google-analytics.com and doubleclick.net were never sent.
Conclusion: The “Do Not Track” header is almost guaranteed to be ignored by the tracking servers. It is pretty much useless.
For Chrome, IE and Opera, even with “block third party cookies” turned on, the requests to the tracking servers were not stopped. The usefulness of this setting in these browsers is doubtful.
Firefox offers the best protection against third party tracking by blocking requests to the tracking servers.