Prevent cross-site tracking: What it is and how to block it

Cross-site tracking is rampant across the web—those ads that follow you from site to site are no coincidence. Advertisers, websites, and data collection companies are eager to gather details about every click, scroll, and digital action. They use behind-the-scenes trackers to monitor your browsing on multiple websites, building a profile of your habits. The good news is that you can take back control of your privacy. 

In this guide, we’ll explain what cross-site tracking is and show you practical steps to prevent websites from tracking you across the internet. You’ll learn how to disable third-party cookies, block sneaky trackers, and use privacy tools to stop cross-site tracking in Chrome, Firefox, Safari, and more.

Take control of your data

One of the easiest ways to reduce cross-site tracking is to use ExpressVPN. It encrypts your internet traffic and hides your IP address, making it much harder for trackers to identify and follow you across sites. ExpressVPN can even block known trackers, adding an extra layer of privacy to your browsing.

Get ExpressVPN

What is cross-site tracking?

Cross-site tracking refers to methods used by advertisers, analytics providers, and other entities to observe your online habits across different domains. For example, have you ever shopped for an item online, then later saw an ad for that exact item on a completely different website? That’s cross-site tracking at work. A tracker associated with the shopping site remembered you and then informed the ad network, which then showed you a targeted ad on another site. 

Over time, these trackers compile a detailed digital profile of you—including your browsing history, preferences, and behaviors—which can be used for targeted advertising or even sold to data brokers.

This practice can be beneficial in certain cases; some users enjoy personalized promotions, but it can also feel invasive when data is collected without clear permission. Large amounts of browsing data can wind up in the hands of unknown third parties, raising questions about how that data is stored or shared. Many have concerns regarding personal information, web privacy, and digital fingerprinting. By understanding cross-site tracking better, you can identify the right steps to protect your data.

How cross-site tracking works

Cross-site tracking happens when small pieces of code—often embedded in web pages—follow you from one site to another. When you load a webpage, it may pull in content from third-party sources (like ads, scripts, or images). These third-party elements can plant unique identifiers in your browser or device. The next time you visit any site that uses the same third-party tracker, that identifier is recognized, allowing the tracker to link your visits together and know it’s the same person visiting both sites.

In practice, it works like this: Website A includes a piece of code from an advertising network—let’s call it Tracker X. When you visit Website A, Tracker X drops a unique cookie or identifier in your browser. Later, you visit Website B, which also loads a script from Tracker X. Tracker X sees the same identifier and realizes “Ah, this is the same user who visited Website A.” Now, Tracker X can record your activity on both sites and combine that information. Over dozens of sites and many visits, the tracker builds a comprehensive picture of your browsing habits.

Plenty of online services rely on these techniques to show relevant ads, track metrics, or improve user experience. Still, it can be unsettling when you realize someone is recording your every digital move.

That said, cross-site tracking isn’t limited to cookies or web ads. Trackers might use various techniques to mark and recognize you, even if you delete your cookies. They can fingerprint your browser based on its settings, use tiny hidden images called pixels to detect when you open an email or webpage, or store identifiers in your browser’s local storage. We’ll dive into these methods next.

Common tracking methods used by websites

Cross-site tracking relies on multiple techniques. Some are quite visible (like standard cookies), and others operate silently in the background. Below are the most prevalent approaches.

Third-party cookies and trackers

Third-party cookies are the most well-known method of cross-site tracking. Cookies are small text files placed on your device to remember website preferences or login details. When used by the site you’re directly visiting, they can be helpful. The real privacy issue tends to appear when third-party cookies come into play. These files might be set by advertisers or data platforms. They track each time your browser loads a page that carries their code.

For example, if you visit newswebsite.com, it might load an ad from adnetwork.com that sets a cookie. That cookie from adnetwork.com can be read on any other site that also loads adnetwork.com content. This lets the ad network track you across all sites where its ads appear. Over time, third-party cookies can record which pages you visit, how often you return, what interests you demonstrate, etc.

In addition to cookies, third-party trackers include any scripts or tags embedded on websites for tracking purposes like analytics scripts, social media “Like” buttons, or advertising pixels. These trackers often drop cookies or use other means to collect data.

Read more: 3 browsers that block third-party cookies by default

Web beacons and pixel tracking

Web beacons are tiny, transparent images (often just one pixel) embedded in webpages or emails. Web beacons are essentially flags that signal your activity to a tracker. For instance, an email marketer might include a unique beacon in an email—when you open the email, the beacon reports back that you (identified by your email address) opened it, confirming you’re an active user. 

On websites, beacons work with cookies: the beacon calls the tracking server which can read or set a cookie to identify you. This technique is used for advertising (to see if you viewed or clicked an ad) and analytics (to measure page views and user behavior).

Browser fingerprinting

Browser fingerprinting is a more covert tracking method that doesn’t rely on stored cookies or files at all. Instead, it takes advantage of all the little details your browser and device reveal. When you visit a website, your browser shares certain information in order to display the page correctly—things like your operating system, browser version, screen resolution, installed fonts, time zone, language, and even hardware details. Individually, these data points seem harmless. But together, they can form a uniquely identifying “fingerprint” of your device. 

Those data points might seem harmless, yet the combination can create a digital fingerprint that’s unusually difficult to mask. Companies or advertisers that rely on browser fingerprinting can recognize a returning device, even when cookies or other trackers are disabled.

Browser fingerprinting is subtle and effective. It harvests enough configuration data to make your setup look different from thousands (or millions) of other systems. This method has gained popularity because traditional cookie-based tracking faces tighter restrictions in modern browsers.

Supercookies and local storage tracking

Supercookies are a more persistent form of online tracking. Unlike normal cookies that store data in predictable locations, supercookies might be placed in header fields, cache data, or other browser storage areas that are harder to clear. Some are stored in your device’s local storage, and others might be restored even when you’ve tried to delete them.

‘Local storage tracking” refers to data saved on your computer or phone using browser features like HTML5 storage. Sites can use this area to keep bits of code or records of your activity. A site can sometimes retrieve that information upon subsequent visits, enabling cross-site tracking that isn’t as easy to wipe out as a simple cookie.

Why should you prevent cross-site tracking?

With all these tracking methods in play, you might wonder why it matters. Some level of tracking can make your online experience more convenient—for example, remembering your login, or keeping items in your shopping cart. The thing is, cross-site tracking primarily benefits the companies doing the tracking, often at the expense of your privacy. Here’s why you should consider blocking or limiting it:

• To protect your personal data. Numerous unseen entities could collect your browsing habits, demographics, or even sensitive details. 
• To gain control. Those eerie ads that know too much? They’re fueled by cross-site profiling. By blocking trackers, you’ll see more generic ads and feel less monitored.
• To speed things up. Eliminating extra scripts can reduce page load times and data usage. Fewer third-party scripts also lower the risk of malware delivered via ad networks. 
• To claim your right to privacy. Regulations like GDPR or CCPA acknowledge your say in how data is collected. Blocking cross-site tracking asserts your wish not to be invisibly observed. Although not all tracking is harmful, it’s tough to know where your data may end up. Stopping cross-site tracking is a wise step toward a safer, less intrusive web experience.

When does cross-site tracking become problematic?

Cross-site tracking becomes problematic when it crosses the line from useful to intrusive. If a website remembers that you prefer dark mode, that’s a helpful form of tracking in a single context. But when dozens of unrelated sites pool their data to monitor everything you do online, your privacy erodes quickly. It’s especially concerning if:

• You never agreed to it: Most cross-site tracking happens without explicit user consent. You might click “Accept cookies” on one site without realizing it enables tracking on many sites. This lack of transparency is problematic—you often have no idea who’s watching or what they’re doing with your data.
• The profiling gets too personal: If you visit sensitive websites (health, finance, personal interests) and that data is tracked across sites, it can feel like a violation. For instance, researching a medical condition and then being targeted with related ads on a news site can be jarring. It’s problematic when tracking ventures into areas you consider private or sensitive.
• Data is shared or sold: Cross-site data doesn’t always stay with one company. It can be shared between advertisers, data brokers, and partners. This broad dissemination increases the risk of your information being misused, leaked, or breached. Once your profile is out there, you have little control over it.
• It impacts your web experience negatively: Beyond privacy, heavy cross-site tracking can lead to practical issues, like seeing the same annoying ad everywhere (ad fatigue), or certain site features breaking if you try to block tracking. This happens because some sites might not function properly if their third-party scripts are blocked, pressuring you to allow them.

How advertisers and websites use tracking

Advertisers use tracking to serve content that aligns with your patterns. It might be something simple, such as a local store ad, or a product you abandoned in an online shopping cart. Websites can apply these tactics to see which pages interest readers the most, improving user experiences through deeper insights.

The line between helpful personalization and invasive monitoring can be unclear. Some websites rely on these insights for revenue, so they’ll likely push tracking scripts. Others place minimal tracking tools, collecting only the data they require for analytics. A user’s perspective might vary from acceptance to discomfort, based on how each site handles privacy.

Privacy risks of cross-site tracking

1. Data collection and behavioral profiling

Every interaction you have online can potentially be added to a massive database. This type of behavioral profiling runs deeper than just your browsing history. It might include location patterns, device types, or even predictions about your lifestyle.

2. Personalized ads vs. privacy invasion

Personalized ads can remind you of items that you considered in the past, yet these ad networks might know far more about your preferences than you’d like. An innocent product search one day can follow you around for weeks.

3. GDPR, CCPA, and other privacy laws

Regulations in various regions aim to curb data harvesting by forcing websites to request explicit consent before running certain trackers. The General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) are high-profile examples. Penalties for noncompliance can be significant. Still, not every region has such rules, so there may be gaps that permit trackers to operate with limited oversight.

What does this mean for you? It validates that your concerns about tracking are legitimate. Even regulators see it as something that needs control. You might see some sites now automatically limit tracking unless you opt in (particularly in Europe). Others provide Do Not Sell My Info links (in the U.S.) for opting out of third-party data sharing. 

These are positive steps, but from a user standpoint, you should still take your own measures, like browser settings and tools to prevent cross-site tracking, especially when outside the reach of strict privacy laws. We look at how to do that next. 

How to prevent cross-site tracking in your browser

Some browsers provide settings to limit or block third-party cookies and trackers. While these features vary across platforms, even basic adjustments can help reduce online tracking. Below are specific instructions for major browsers.

Prevent cross-site tracking in Google Chrome

Chrome’s default mode permits many third-party cookies, making it easier for advertisers or analytics platforms to follow you. You can adjust settings for improved privacy:

1. Open Chrome on your computer.
2. Select the three-dot menu in the top right.
3. Choose Settings from the dropdown.
4. Click Privacy and security on the left panel.
5. Select Cookies and other site data.
6. Pick an option to block third-party cookies, like Block third-party cookies.
7. Scroll further to toggle Send a “Do Not Track” request on.

On mobile (Android devices, for instance), do something similar:

1. Tap the three-dot menu in Chrome.
2. Tap Settings.
3. Find Privacy and security.
4. Tap Do Not Track and switch it on.

Bear in mind that some sites may ignore Do Not Track Requests. It’s still worth enabling in case websites choose to honor it. Blocking third-party cookies in Chrome tends to offer more tangible results.

Stop cross-site tracking in Mozilla Firefox

Firefox stands out for stronger privacy settings by default. It gives you a few levels of Enhanced Tracking Protection.

1. Click the hamburger menu (≡) and open Settings.
2. Go to Privacy & Security.
3. Under Enhanced Tracking Protection, pick Standard or Strict. Strict may affect the functionality of certain pages, but it stops more trackers.
4. In the Cookies section, confirm that cross-site tracking cookies are blocked.

Firefox’s Enhanced Tracking Protection frequently covers third-party cookies, fingerprints, and social media trackers. You can switch settings for each site if something breaks or if you prefer partial restrictions.

Disable cross-site tracking in Apple Safari

Safari includes an intelligent tracking system to fight cross-site monitoring. This feature is often called Intelligent Tracking Prevention (ITP).

On macOS:

1. Open Safari.
2. Click Safari at the top, then pick Preferences.
3. Click the Privacy tab.
4. Check the box named Prevent cross-site tracking.

On iOS (iPhone or iPad):

1. Open Settings.
2. Scroll to Safari.
3. Find the option Prevent Cross-Site Tracking and switch it on.

Safari aims to reduce trackers by default, but double-checking these settings ensures everything is set correctly. Many Apple users search for advice on ways to prevent cross site tracking Safari in order to strengthen privacy, and toggling these controls is a fast fix.

Read more: Google Chrome vs. Safari: Which browser is better for iPhone and Mac?

Block trackers in Microsoft Edge and Brave

Both Microsoft Edge and Brave present tracking controls:

Microsoft Edge

1. Select the three-dot menu in Edge.
2. Open Settings.
3. Pick Privacy, search, and services.
4. Under Tracking prevention, pick Balanced or Strict. Strict stops more trackers but might affect certain websites.
5. Scroll to Cookies and site permissions if you want to block third-party cookies fully.

Brave

Brave is a privacy-focused browser. It has Shields that are active upon installation.

1. Open Settings.
2. Select Shields.
3. Opt for Standard or Aggressive. The second option blocks more scripts and trackers.
4. You can also toggle fingerprinting defenses and other extra protections.

Brave is a popular pick for those who prioritize web privacy, since it goes after third-party cookies, fingerprinting, and trackers right away.

Best privacy extensions to prevent tracking

Relying solely on built-in settings might not be enough for some users. There are notable extensions built to block trackers, ads, or suspicious scripts. Pairing them with your existing browser features can produce a stronger shield against online tracking.

uBlock Origin, Privacy Badger, Ghostery & More

• uBlock Origin: Blocks a wide range of ad scripts and helps reduce resource usage. Keep in mind though that Chrome recently discontinued uBlock Origin.
• Privacy Badger: Learns to block trackers automatically, courtesy of the Electronic Frontier Foundation.
• Ghostery: Offers real-time tracker analysis, letting you see who’s tracking you and stop them at will.
• AdGuard: Provides general ad blocking plus helpful privacy features.

When choosing extensions, try not to go overboard. Having too many can conflict or slow down browsing. A combination like uBlock Origin + Privacy Badger, for instance, is a great one-two punch that covers list-based blocking and heuristic blocking. And remember, if you’re using a very privacy-centric browser like Brave or Firefox with strict ETP, some of these benefits are already built-in. Still, an extra extension can add redundancy and catch what the browser might miss. The result is much cleaner, tracker-free browsing where you remain in control.

Read more: How our blockers against trackers, ads, and adult sites work

Does a VPN prevent cross-site tracking?

You might have heard that a VPN can help protect your privacy online. It’s a service that encrypts your internet connection and routes it through a server in another location. VPNs are fantastic for security (especially on public Wi-Fi) and for hiding your IP address from the websites you visit. But does using a VPN prevent cross-site tracking? The answer: Partially, but not completely.

A VPN can complement your other anti-tracking measures, and in some cases (depending on the VPN’s features) it can block certain trackers. However, it’s not a silver bullet for avoiding cookies or browser-based tracking, because those operate within your browser. Let’s break down how a VPN fits into the anti-tracking puzzle.

How VPNs work against trackers

A VPN hides your IP address from the websites you visit. It also encrypts the traffic passing between your device and the VPN’s server. This process thwarts eavesdroppers on unprotected networks, blocking them from seeing what you do or collecting data that links you to your browsing.

This can interfere with some tracking attempts because advertisers or analytics providers can’t see your real IP. On the other hand, cookies and scripts in your browser can still gather data about your activity. The VPN helps cloak your connection from outside watchers but doesn’t directly purge third-party cookies or block fingerprinting.

VPN vs. browser privacy settings

Browser privacy settings directly target the scripts, cookies, and hidden trackers on websites while a VPN secures the link between your device and the internet. These methods are complementary:

• Browser controls block or limit tracking scripts.
• VPN hides your real IP and encrypts your traffic.

In simpler terms: Browser anti-tracking stops the what (the actual tracking process), while a VPN stops the where (conceals where it’s coming from). You’ll want both, especially if you’re aiming for strong privacy online. By blocking third-party cookies and using a VPN at the same time, you reduce your overall exposure in the digital environment.

When to use a VPN for maximum privacy

Using a VPN is generally a good idea whenever you’re concerned about privacy or security, but there are specific situations where a VPN can significantly enhance your privacy and help against tracking:

• On public Wi-Fi or untrusted networks: If you’re at a café or airport, or using any network you don’t control, a VPN is a must. Not only can others on the network potentially snoop on your data (if not encrypted), but network providers might inject ads or trackers. A VPN encrypts everything, so you’re safe from prying eyes and any inserted tracking by the hotspot.
• When you want to conceal your location/IP: Many trackers use IP addresses to geolocate you, so they can show you region-specific ads or content. If you’d rather not reveal your real location, a VPN can assign you an IP from a server elsewhere. This can also help avoid certain forms of price discrimination (some travel sites have been known to show different prices based on location). It also prevents websites from logging your real IP, which could be tied to your identity or used to recognize you later.
• Alongside other privacy measures: If you’re already using private browsing modes, anti-tracking extensions, and strict browser settings, a VPN is the cherry on top to cover anything those miss. For instance, say you’re using a hardened browser that blocks cookies—a tracker might still try to fingerprint you by your IP and browser specs. The VPN will at least make your IP inconsistent or shared by many, reducing the fingerprinting accuracy. Essentially, you should use a VPN when you want maximum anonymity for a browsing session.

A VPN is a powerful tool, so choose a reputable one that will enhance privacy instead of a sketchy free VPN that could itself log your data. ExpressVPN, as a top-tier provider, does not log your activity and has undergone independent audits to verify its privacy claims. 

Get ExpressVPN

Advanced methods to stop tracking beyond browsers

Browser settings and extensions are your first line of defense, but what if you want to go even further?

Privacy-focused browsers that block tracking

Not all browsers are created equal when it comes to privacy. Some browsers are built from the ground up to stop trackers and protect your anonymity. If you’re serious about blocking tracking, you might consider using one of these privacy-focused browsers (either as your main browser or for certain activities):

Brave, Firefox Focus, Tor Browser

• Brave: Blocks third-party scripts and ads right from the start.
• Firefox Focus: A minimal mobile browser that discards your browsing data after each session.
• Tor Browser: Routes your traffic through the Tor network, providing significant anonymity. It blocks many forms of fingerprinting too.

Each of these browsers takes a slightly different approach, but all have the same goal: make it extremely hard for anyone to track what you do online.

Private search engines that don’t track you

Search engines can gather vast amounts of data, including your queries, clicks, or location. Some alternatives pledge to avoid storing logs or sharing your queries with advertisers:

DuckDuckGo, Startpage, Brave Search

• DuckDuckGo: Doesn’t keep logs of your searches.
• Startpage: Delivers Google results without sending your data to Google.
• Brave Search: Integrated into Brave, with an emphasis on user privacy.

Switching to a privacy-oriented search engine cuts back on one of the biggest data collection points on the web.

Adjusting device & app settings to prevent tracking

Beyond browsers and web searches, our devices and apps themselves can be sources of tracking. Smartphones, in particular, come with advertising identifiers, location services, and app permissions that can leak data if not configured thoughtfully. Here are some device and app-level settings to tweak for better privacy and reduced tracking:

• Limit ad tracking on iOS or Android: both platforms let you reduce the personal details associated with your ad id.
• Review permissions for each app: check if that app truly needs location or microphone access.
• Disable or restrict background activity: some apps run trackers continuously.

Combining robust browser settings with device-level privacy adjustments can cut down on online tracking in a meaningful way.

Have any further questions? Below are answers to typical questions that arise around cross-site tracking, including what it means, whether it’s illegal, and practical steps to block it.