Imagine you're browsing a website looking for a new pair of sneakers. A few hours later, while scrolling through another site or Instagram, there it is: an ad showing you the exact same sneakers. Coincidence? Probably not. The “magic” behind this is powered by tiny data packets called cookies.

Cookies work like tags that websites leave in your browser. Some are helpful, others are just there to spy on you. Today, you'll learn what cookies are, how they track your online behavior, and why they can be harmful to your privacy.

Next, I’ll walk you through 5 free and practical ways anyone can check and protect their personal data from cookies, with easy step-by-step instructions. And to wrap it up, a bonus tip about hidden trackers inside mobile apps and how to block them.

What are cookies?

Cookies are tiny text files that websites save on your device when you visit them. In a positive light, cookies make your online experience easier. They keep you logged in, remember your language preferences, shopping cart items, and other conveniences. However, not all cookies are there to help you. Third-party cookies, placed by companies other than the site you're visiting, are widely used to track users across different websites. These tracking cookies fuel the online advertising ecosystem and let companies build a profile of your habits and interests as you browse.

Beyond the annoyance of personalized ads, there are real risks to your personal data. A cookie by itself is just an identifier and usually doesn’t contain your name or email directly, but it points to information stored on company servers. If that identifier is combined with personal data you’ve shared somewhere else, your identity and preferences can be revealed. That’s why managing cookies is essential to limit the unauthorized collection of your information.

Now that you know what cookies are and how they affect your privacy, let’s go through a step-by-step guide to check which cookies are stored in your browser and how to protect yourself from excessive tracking.

1 - See Which Cookies Have Been Collected in Your Browser

You can't fix what you don't control, so the first step is checking which cookies are already stored in your browser and, as a result, which sites (or third parties) have your data. The good news is that every major browser offers a way to view stored cookies. Here's how to find them in the most popular desktop browsers:

• Google Chrome (desktop): Click the Chrome menu (three dots in the upper right corner) and select "Settings". In the "Privacy and security" section, click "Cookies and other site data". Then look for the option "See all cookies and site data". When you click it, Chrome will display a list of all websites that have stored cookies in your browser. You can click on each site to view details like cookie name, content, domain, and expiration date.

  Tip: A quick way to access this list is by typing chrome://settings/siteData into the address bar and pressing Enter. Then go to "Privacy and security" and follow the same path.

• Mozilla Firefox (desktop): Click the Firefox menu (three horizontal lines in the upper right corner) and choose "Settings" (or "Preferences" on macOS). Go to the "Privacy & Security" section. Under "Cookies and Site Data", click the "Manage Data…" button. Firefox will open a window listing all websites with cookies or stored data. You can use the search field to filter for a specific site or scroll through the full list. Click on a site and then "Expand" to see the individual cookies stored by that site.

• Safari (macOS): With Safari open on your Mac, click "Safari" in the top menu and go to "Preferences". In the Preferences window, select the "Privacy" tab. Then click the "Manage Website Data…" button. A list will appear showing all websites that have stored cookies or other data (like cache) in Safari. You can search for a specific site or scroll through the list. To see details, select a site and click "Details" (in newer versions of Safari, there may not be a separate button, the list already shows cookie domains directly).

• Other browsers: Chrome-based browsers like Edge, Brave, and Opera have similar cookie settings to Chrome. Microsoft Edge, for example, lets you view cookies under Settings > Cookies and site permissions > See all cookies and site data.

Privacy-focused browsers like Brave also provide access to cookie settings, but they already block many third-party cookies by default.

2 - Identify Which Companies Are Behind the Cookies

When reviewing your browser’s list of collected cookies, you'll often come across names and domains that aren't easy to interpret. Many tracking cookies have generic names (_ga, _fbp, id, etc.) or domains that don't clearly reveal the company behind them, like doubleclick.net, adservice.google.com, casalemedia.com, and others. In this step, you'll learn how to figure out who's behind each cookie, or at least which service it belongs to. Knowing which company is collecting your data helps you understand where your information is going.

Follow these steps to investigate suspicious cookies:

1. Check the domain or cookie name. Go back to the list of cookies you found in the previous step and pick one cookie or site to investigate. Focus on the “domain” or “source” column. The domain shows the origin of the cookie. For example, you might see cookies with domains like facebook.com, google.com, doubleclick.net, scorecardresearch.com, adnxs.com. If the domain isn’t from a site you visited directly, it’s almost certainly a third-party tracker.

2. Try to link the domain to a known company. Many cookie domains belong to big tech or advertising companies but use less obvious names. For example:

   
   Cookies from doubleclick.net are linked to DoubleClick, which is part of Google’s ad business. So if you see doubleclick.net, that means Google (via DoubleClick) is involved in tracking for advertising.

   
   Cookies named _ga or _gid are usually from Google Analytics, Google’s web traffic analysis service. The _ga cookie, in particular, is used to distinguish individual users and typically lasts for 2 years. If you find it, it means the website is sending visit data to Google.
   
   A cookie named fr with a facebook.com domain is tied to Facebook (Meta). It’s used by Facebook Pixel to track activity outside the social network.

   
   Domains like adsrvr.org belong to The Trade Desk (an ad platform), scorecardresearch.com belongs to Comscore (analytics), ads.linkedin.com is obviously from LinkedIn, and so on.
   

3. Use online tools to identify unknown cookies. If the domain or cookie name isn’t clear, you can use public cookie databases to get more info. There are websites that catalog common cookies and explain their purpose and owners. For example, CookieSearch.org has an open database with over 100,000 cookies. You can visit the site and use the search bar to look up a cookie name (like _fbp) or domain (like doubleclick.net). The tool will then show info such as the category (analytics, advertising, functional), a description of what the cookie does, and often who is using it.

   

   CookieDatabase (https://cookiedatabase.org) is also a great option.

   

4. Manual web search: If you can’t find the cookie in a public database, just search on Google using the cookie name or domain along with keywords like “cookie tracking” or “what is”. You’ll often find forums or articles where someone asked “what is cookie X” and found an answer. For example, searching “cookie doubleclick.net what is” will show explanations that DoubleClick is a Google ad service that tracks your browsing to display targeted ads. Similarly, searching for “cookie _ga Google Analytics” will confirm that it’s from Google Analytics.

5. Check the privacy policy of the source site: A more “official” approach is to see if the site that placed the cookie (or even the site you visited) has a cookie or privacy policy listing its partners. Many websites offer a “How we use cookies” page that lists the cookies in use and their purposes. There you might find third-party names like “We use Google Analytics (_ga, _gid), Facebook Pixel (_fbp), and DoubleClick (IDE)”. The level of transparency varies from site to site, but it’s worth checking if available.

After this investigation, you’ll start to map out who actually “owns” your cookies. You’ll likely find that most of them lead back to a handful of major adtech companies that track much of the internet: Google (Analytics, DoubleClick, etc.), Facebook/Meta, Amazon (ADS), data marketing firms like Oracle (BlueKai), Adobe (Analytics), and so on.

3 - Limit or Block Cookie Tracking in Browsers (Chrome, Firefox, Safari)

Most major browsers already offer cookie control options you can set up, especially when it comes to third-party cookies used for tracking.

• Google Chrome (desktop): Chrome lets you block third-party cookies. Go to Settings > Privacy and security > Cookies and other site data. You'll see a section with cookie settings. Select “Block third-party cookies”. This way, third-party cookies won’t be accepted during regular browsing. Chrome will still allow first-party cookies (those from the website you’re visiting) so the site can function properly. There’s also a middle-ground option called “Block third-party cookies in Incognito mode”, which only blocks trackers in private windows. But for stronger protection, go with the full blocking option.

  Chrome also offers a strict setting called “Block all cookies”, but even Google itself warns that many sites may break or not work properly if no cookies are saved at all. So unless you're aiming for a very high level of restriction and are okay giving up some convenience, it’s best not to enable “block all”.

Once you select “Block third-party cookies”, you can just close the settings tab. There’s no need to restart the browser. From that point on, Chrome will stop known tracking cookies from being saved when you visit sites.

• Mozilla Firefox: By default, Firefox already offers stronger protection through its Enhanced Tracking Protection. In the standard mode, it blocks known third-party tracking cookies using curated lists. To check or strengthen this setting, go to Settings > Privacy & Security. Under “Enhanced Tracking Protection,” you’ll see three levels: Standard, Strict, and Custom. If you choose “Strict,” Firefox will block all known third-party tracking cookies, along with other types of trackers. This might cause minor issues on some websites but gives you better privacy. The “Custom” option lets you fine-tune what gets blocked. For example, you can choose to block “Cross-site tracking cookies” or even all third-party cookies, not just known trackers.

• Safari (macOS): Safari, both on Mac and iPhone, includes a built-in feature called Intelligent Tracking Prevention, which automatically blocks third-party cookies. Still, it’s good to double-check the settings. On a Mac, open Safari Preferences > Privacy. Make sure “Prevent cross-site tracking” is enabled. This setting blocks third-party tracking cookies while allowing first-party cookies necessary for websites to function. With this enabled, Safari stops third parties from using cookies to follow you across different sites. Note that recent versions of Safari already restrict or expire most third-party cookies by default, so this setting is usually active out of the box

  Safari on Mac also includes a “Block all cookies” option. Like in other browsers, it’s not generally recommended since it breaks logins and site features, but it’s available if you want maximum restriction.

  Finally, a helpful feature in Safari is the Privacy Report (found under Safari > Privacy Report), where you can see a summary of blocked trackers from the past 30 days and which websites tried to use them. It’s a great way to visualize how many unwanted cookies were stopped.

4 - Use Extensions to Control Cookies (Cookie AutoDelete, Ghostery, uBlock Origin, etc.)

In addition to your browser’s built-in settings, you can install extensions (add-ons or plugins) that give you even more powerful and smarter control over cookies and trackers. Many of these free tools can block tracking cookies, automatically delete cookies after you leave a site, and stop tracking scripts from running. They give you an extra layer of protection and flexibility. Here are three popular and reliable extensions you can use individually or combine, depending on what you need:

Cookie AutoDelete: As the name suggests, this extension automatically deletes cookies. It's great for cleaning up after your browsing sessions. Here’s how it works: install the extension (available for Firefox and Chrome/Edge). After installing, click the Cookie AutoDelete icon and go to the options. Turn on the “Auto-clean” feature. The idea is that every time you close a site’s tab, all cookies set by that site are automatically deleted, unless you’ve added that site to an exception list. You can whitelist sites you trust or want to stay logged into (like your email, social media, or frequently visited services). For those, cookies will be kept. Everything else gets wiped as soon as you leave.

You can also use the greylist option, which keeps cookies only until you fully close the browser.

Cookie AutoDelete basically brings the concept of session cookies to everything: once you're done using a site, it clears the data. This stops trackers from following you during future visits because those cookies no longer exist in your browser. The extension also lets you manually trigger a cleanup anytime by clicking “Clean” in the popup, and it offers more advanced settings if needed, but the default behavior is simple and effective: install it and forget it, it takes care of the cleanup.

Ghostery: Ghostery is one of the most well-known privacy extensions. It's free and open-source, and it works mainly as a tracker and ad blocker. Once installed (available for all major browsers), Ghostery automatically detects and blocks tracking scripts and related cookies. You don’t need to configure anything if you don’t want to, the default settings already block a wide range of trackers and apply smart ad blocking (either allowing only non-intrusive ads or blocking everything, depending on your preference).

While you browse, the Ghostery icon will show a number, that’s how many trackers were detected and blocked on that page. If you click the icon, you’ll see a breakdown of who the trackers are (by company or service name) and their status (blocked or allowed). For example, visiting “example.com,” Ghostery might show something like: 5 trackers blocked, including Google Analytics, Facebook Connect, Google Ads, and others. This gives you clear visibility into who’s trying to follow you online.

Ghostery also blocks tracking cookies automatically and signals to websites that you don’t want to be tracked. It includes extra features like the “Never Consent” mode, which hides or auto-rejects cookie banners so you don’t have to deal with annoying consent pop-ups. You can also whitelist specific sites if you want to disable blocking on trusted pages. Overall, Ghostery is simple to use, just install it and let it run. It significantly cuts down on the amount of data third parties can collect about you.

uBlock Origin: uBlock Origin is another must-have extension. While it's best known as an ad blocker, it also blocks a wide range of unwanted elements, including tracking scripts and tracking cookies. It’s praised for being extremely efficient and lightweight, so it doesn’t slow down your browser. After installing it (available for Chrome, Firefox, Edge, Opera), it comes with several filter lists activated by default, covering ad domains, known trackers, malware, and more. That means uBlock Origin will immediately prevent many third-party cookies and scripts from even loading in your browser. In other words, ads and trackers don’t get the chance to run, so they can’t drop cookies on your system.

Independent tests confirm that uBlock blocks ads and prevents trackers from accessing your data, all automatically. You can click its icon in the browser toolbar to see how many items were blocked on a page (for example, “25%” meaning one-quarter of requests were blocked for being ads or trackers). uBlock Origin also supports advanced customization. You can add extra filter lists, create manual rules (like blocking all requests to a specific tracking domain), and even use the element zapper mode to hide specific parts of a webpage. But if your main goal is to stop tracking, the default setup already includes lists like “EasyPrivacy” that block known tracking scripts and cookies. With uBlock, you’ll browse faster (fewer elements to load) and with stronger privacy.

Other options: In addition to the three mentioned above, it’s worth pointing out Privacy Badger (from the EFF). It learns tracker behavior over time and automatically blocks any cookies or scripts it detects following you across sites. It doesn’t require any setup, but it takes a few days of use to “learn” new trackers. There’s also Disconnect, whose tracker list is the base for many other tools. And privacy-focused browsers like Brave and Firefox Focus already come with many of these protections built-in. But for the average user, combining Cookie AutoDelete, Ghostery, and uBlock Origin is a solid, free, and easy setup.

5 - Set Cookie Permissions on Your Phone (Android and iOS)

We can’t forget that we spend a big part of our time browsing on mobile too. Mobile browsers collect cookies just like desktop browsers, and trackers love smartphones, after all, we’re logged into multiple apps, browsing over 4G, and carrying the device everywhere, which makes the profile even more detailed. So it’s essential to apply similar protections in Chrome or Android browsers, and in Safari or iPhone browsers. Here's how to adjust those settings:

Google Chrome on Android: If you use Chrome on your Android phone, you can (and should) block third-party cookies there as well. Open Chrome on your phone, tap the three-dot menu (top right corner), and go to “Settings”. Scroll down and tap on “Site settings”. Look for the “Cookies” option or directly “Third-party cookies” (in newer versions, Chrome separates this setting). You should see options similar to desktop: “Allow third-party cookies”, “Block third-party cookies in Incognito”, and “Block third-party cookies”. Select “Block third-party cookies”. With this on, Chrome for Android will block the same trackers you would avoid on desktop, just now in your mobile browsing. This is especially useful when visiting ad-heavy mobile sites, since those extra cookies won’t be accepted.

If you only see a general cookie toggle, turning it off likely includes blocking third-party cookies too, but usually Chrome shows all three options , choose the one that blocks third-party cookies only.

Just like on desktop, it’s not a good idea to block all cookies completely on mobile Chrome, because many mobile sites won’t work right (banking sites, for example, may not even allow logins without cookies). So stick with blocking third-party tracking cookies only. Once this is set, just keep browsing as usual. You probably won’t even notice a difference, except for fewer creepy personalized ads.

For other mobile browsers, the settings are very similar to the desktop versions, so make sure to adjust them too.

6 - Bonus Tip: Check for Trackers in Mobile Apps and Block Them

So far we’ve talked about browsers and cookies, but don’t forget that mobile apps have their own versions of “cookies”, unique identifiers that track you. Many apps include SDKs from analytics or ad networks that collect data while you use the app, and sometimes even when you’re not using it, running in the background. So as a bonus, let’s quickly cover how to check for these trackers inside your smartphone apps and what you can do to block them.

DuckDuckGo App Tracking Protection (Android): DuckDuckGo has released a feature for Android called App Tracking Protection. It’s a free tool built into the DuckDuckGo browser app that works like a system-wide tracking firewall. When you turn it on, Android sets up a local VPN connection (this doesn’t route your traffic elsewhere, it just uses the VPN API to filter data). From that point on, it monitors network traffic from all your apps and blocks requests going to known tracking servers. In other words, if a weather app tries to send data to analytics.facebook.com or googleads.g.doubleclick.net, this protection stops the connection. According to DuckDuckGo, this even works when you're not actively using the app, blocking background tracking as well.

To use it:

- Install the DuckDuckGo Privacy Browser from the Google Play Store.
- Open the app and go to Settings (usually a gear icon).

Find the “App Tracking Protection” section. Since the feature is now publicly available, just tap and follow the steps to enable it. You’ll be asked to allow VPN permission (Android will warn you that DuckDuckGo wants to set up a VPN connection, confirm it).

That’s it. The protection will start running. The app will display a live report showing what it’s blocking. You might be surprised by how many tracking attempts it catches. DuckDuckGo has shared that the average Android user, with around 35 installed apps, faces between 1,000 to 2,000 tracking attempts per day, coming from around 70 different tracking companies. With protection on, all of that gets blocked automatically.

Inside the App Tracking Protection dashboard, you can also see which apps recently tried to track you and which companies were receiving the data. For example, you might see “Facebook Graph blocked in WeatherApp - 50 times,” meaning the weather app tried to contact Facebook servers 50 times and was stopped.

This DuckDuckGo feature acts as a universal anti-tracking shield for Android. It’s comparable to Apple’s App Tracking Transparency prompt (“Allow app X to track you?”), but on Android, DuckDuckGo goes further, it actually blocks the connections instead of just asking for permission.

Exodus Privacy (Android): Another useful tip is to use Exodus Privacy, an open-source platform that scans Android apps for embedded trackers. It helps you see which trackers and permissions are built into the apps installed on your device, giving you more transparency.

On iPhone (iOS): Apple introduced App Tracking Transparency (ATT) in iOS 14.5+, which requires apps to ask for your permission before tracking you across other apps and websites. Whenever an app shows the pop-up “Allow tracking?”, you probably tap “Ask App Not to Track”. This blocks access to your iPhone’s advertising identifier and supposedly stops apps from sharing your data with third parties for profiling, at least through official channels. To make sure this is enforced, go to Settings > Privacy > Tracking and turn off “Allow Apps to Request to Track”. This way, apps won’t even be allowed to ask, tracking is blocked by default.

In iOS 15+, there’s also the App Privacy Report (found under Settings > Privacy > App Privacy Report), where you can check which domains each app is contacting. If you see that a health app is reaching out to “facebook.com” or “adservice.google.com”, that should raise a red flag.

Unfortunately, iOS doesn’t let you block tracker connections as broadly as Android does with DuckDuckGo (unless you use an external VPN or firewall). But keeping an eye on these reports and denying tracking permissions already makes a big difference.

And you, do you still think nobody cares about privacy?