5 Browser Settings You Should Change Right Now to Stop Being Tracked

Fact-checked by the SnapMessages editorial team

Your browser tracking settings are the single most accessible line of defense between your health searches and the advertising ecosystem that profits from them. According to Pew Research Center’s October 2023 data privacy report, 81% of Americans believe personal information companies collect about them will be used in ways they are not comfortable with, and browser tracking is a primary mechanism for that collection.

What makes this urgent in late 2025 is Google’s confirmed decision to keep third-party cookies in Chrome permanently, meaning your browser will never automatically protect you. These five settings changes are not optional if health privacy matters to you.

Why Your Browser Is Quietly Leaking Your Health Searches

Every symptom search, medication lookup, and telehealth page you visit is being observed, not just by the site you intended to use, but by third-party trackers embedded in that page’s code. The misconception that incognito mode fixes this is widespread and wrong. Incognito prevents your browser from saving a local history, but it does nothing to stop external trackers from recording your device type, location, and activity in real time.

Health and wellness sites are not exempt from this reality. A 2021 study of the largest U.S. hospitals found that every single one used advertisement trackers, and 90% used third-party cookies. That means the hospital portal where you schedule a cardiology appointment or look up a mental health resource is feeding data to advertising networks. The Federal Trade Commission advises consumers that adjusting browser settings to limit third-party tracking and device fingerprinting is one of the most direct controls available. The FTC has also taken active enforcement under the Health Breach Notification Rule for unauthorized sharing of personal health information, so the legal stakes are documented, not hypothetical.

One honest caveat before you proceed: browser settings alone will not stop browser fingerprinting, a technique that builds a unique identifier from your screen resolution, installed fonts, plugins, and timezone, even when cookies are completely blocked. The Electronic Frontier Foundation’s Cover Your Tracks tool tests your browser against real fingerprinting techniques and recommends pairing browser settings with a dedicated tracker blocker. Think of the five settings below as the foundation, not the ceiling.

Setting 1: Block Third-Party Cookies (Chrome Will Never Do This for You)

Blocking third-party cookies is the highest-impact single toggle in your browser’s privacy settings, and in Chrome, you must do it yourself, permanently. Google confirmed in April 2025 that third-party cookies will remain in Chrome indefinitely, and no automatic user prompt will ever be introduced following the collapse of the Privacy Sandbox initiative. This is not speculation; it is a documented policy position that makes manual configuration non-optional.

How to block third-party cookies by browser

• Chrome: Settings > Privacy and Security > Third-party cookies > Select “Block third-party cookies”
• Firefox: Settings > Privacy & Security > Enhanced Tracking Protection > Select “Strict” (this also blocks cookies as part of the broader protection set)
• Safari: Preferences > Privacy > “Prevent cross-site tracking” is on by default; confirm it remains enabled
• Edge: Settings > Cookies and site permissions > Manage and delete cookies > Toggle “Block third-party cookies”

The honest trade-off here is real: blocking third-party cookies can break embedded video players, cross-site login buttons (such as “Sign in with Google”), and some fitness portal integrations. The practical fix is to whitelist specific trusted sites on a per-site basis rather than toggling the setting off entirely. In Chrome, you can do this under Settings > Privacy and Security > Third-party cookies > “Sites that can always use third-party cookies.” Add your telehealth platform or health insurance portal there, and leave the global block in place for everything else.

Setting 2: Upgrade Tracker Blocking From Standard to Strict

Most readers are on Firefox’s Standard mode or Chrome’s default configuration, both of which let a significant category of trackers pass through unblocked. Switching to Strict mode in Firefox is one of the most effective single changes available in any mainstream browser.

Mozilla’s Enhanced Tracking Protection documentation explains that Strict mode blocks tracking content, fingerprinters, cryptominers, and redirect trackers across all browsing windows, not just private browsing sessions. Standard mode, by contrast, only blocks tracking content inside private windows. That distinction matters enormously for health browsing, which most people do in a regular window.

What is bounce tracking, and why does it matter?

Bounce tracking (also called redirect tracking) is a newer technique that standard protection settings miss entirely. When you click a link, the tracker briefly routes you through its own domain before delivering you to the destination site, logging your identity in the process without setting a cookie. Firefox’s Strict mode includes Bounce Tracking Protection, which catches this class of tracker that has become common on wellness and health content sites.

For Chrome users, the browser’s more aggressive protections only apply inside Incognito mode as of Chrome 140 (September 2025). If you use Chrome, make it a habit to open any sensitive health browsing, symptom searches, mental health resources, fertility information, in an Incognito window. It is not a complete solution, but it activates the additional protections Chrome otherwise withholds in a standard window. For a broader look at building consistent privacy habits, see how to build a personal digital security routine that actually sticks.

Setting 3: Turn Off Browser Telemetry

Most privacy guides focus entirely on what external websites collect. They ignore the fact that your browser itself, particularly Chrome, collects and transmits your usage data back to the browser’s owner by default. This is a distinct privacy exposure that deserves its own setting change.

Chrome’s telemetry includes diagnostic reports, crash data, and usage statistics that can capture browsing patterns. Firefox and Microsoft Edge also collect telemetry, though with different scope. The critical point for health and wellness readers: your browsing patterns on mental health forums, addiction support sites, or fertility trackers flow through this data stream. Chrome’s parent company, Google, is not a healthcare provider and is not bound by HIPAA obligations when handling this data.

How to disable telemetry by browser

• Chrome: Settings > Privacy and Security > Sync and Google services > Toggle off “Help improve Chrome’s features and performance” and “Make searches and browsing better”
• Firefox: Settings > Privacy & Security > Firefox Data Collection and Use > Uncheck all boxes
• Edge: Settings > Privacy, Search and Services > Optional Diagnostic Data > Toggle off

There is a genuine trade-off with Chrome’s Enhanced Safe Browsing, which was upgraded in May 2025 with Gemini Nano AI to provide real-time phishing and malware protection. Enhanced Safe Browsing does send some browsing data to Google to function. If you receive suspicious links through apps, the kind of threat covered in fake QR code scams that steal your information, keeping Enhanced Safe Browsing active while disabling the other diagnostic and usage toggles is a reasonable middle position. Disable what you can; weigh the security benefit of what you keep.

Setting 4: Disable or Audit Site Permissions

Browser site permissions, location, microphone, and camera, represent a category of tracking exposure that operates entirely separately from cookies and scripts. Health and wellness apps are among the most aggressive requestors of these permissions: telehealth platforms need camera access, mental health chatbots request microphone input, and fitness portals ask for location. The problem is what happens to that data after the session ends.

Location data is the most sensitive permission to audit. When a health website receives your precise location, that data can be used to infer whether you visited a clinic, pharmacy, or reproductive health facility, even if you never explicitly disclosed that information. This type of inferred health data is frequently sold to data brokers. A class-action lawsuit was filed after Covered California’s health exchange was found sending user health data to LinkedIn, which illustrates that even regulated health platforms can mishandle location and session data.

How to audit and tighten permissions

• Chrome: Settings > Privacy and Security > Site Settings, review each category (Location, Camera, Microphone) and revoke any permissions you do not actively use
• Firefox: Settings > Privacy & Security > Permissions, click “Settings” next to each permission type to see which sites hold access
• Edge: Settings > Cookies and site permissions, scroll through each permission category and remove outdated grants

The default for new permission requests in Chrome and Edge is not “Ask”, it varies by permission type, and some are set to allow on first request without a persistent reminder. Change the default for Location, Microphone, and Camera to “Ask before accessing” in each browser’s site settings panel. This one change ensures no future site receives a sensitive permission without an active decision on your part.

The same principle applies to the apps on your phone that pair with health platforms. If you want a broader view of how permissions work at the device level, the guide on Android developer options worth enabling covers permission monitoring tools that complement what you configure in the browser.

Setting 5: Change Your Default Search Engine and Understand Do Not Track

Every health query typed into Google Search is logged to your account profile, even if you never click a result. The search engine field in your browser settings is one of the highest-leverage changes available, and switching it takes under 30 seconds.

The main privacy-respecting alternatives for health searchers are DuckDuckGo, Brave Search, and Startpage. DuckDuckGo does not cache your query history or serve ads based on past searches. Brave Search runs its own independent index and blocks tracking pixels on result pages. Startpage proxies Google results without passing your identity to Google, a useful option if search quality concerns you. None of these serve the hyper-personalized results Google does, and that is actually an advantage for health searches: an unfiltered result set is less likely to reinforce prior assumptions or show symptom information shaped by your past browsing profile.

Do Not Track vs. Global Privacy Control: a critical distinction

The Do Not Track toggle appears in every major browser’s settings and sounds authoritative. It is not. Do Not Track is a voluntary signal that websites are legally free to ignore, and most do. Enabling it provides no measurable privacy benefit and creates a false sense of protection. Safari quietly removed the option in recent versions, a signal that the browser industry has abandoned it as a serious tool.

Global Privacy Control (GPC) is the legally enforceable successor. In California and several other states with consumer privacy laws, GPC can legally require covered businesses to stop selling or sharing your personal data, including health data collected on wellness sites. Firefox supports GPC natively. Enable it under Settings > Privacy & Security > Tell websites not to sell or share my data. For Chrome, the Privacy Badger extension from the Electronic Frontier Foundation transmits GPC as part of its protection set.

The data underlines why this matters: Pew Research found that only 44% of U.S. adults have used a browser or search engine that doesn’t track them, which means the majority are still relying on default settings that provide no protection. Meanwhile, GDPR enforcement in 2024 totaled EUR 2.1 billion in fines, reflecting how seriously regulators are treating cross-border tracking violations. That regulatory pressure has not yet changed default browser behavior for American users, which is exactly why these manual changes matter.

For context on how spyware-class threats exploit the same data exposure points these settings address, see what spyware is and how to remove it from your phone.

Frequently Asked Questions

Do these browser settings changes stop all tracking?

No. Browser settings reduce tracker exposure significantly but do not stop browser fingerprinting, which identifies your device from screen resolution, fonts, timezone, and plugins without cookies. Pairing these settings with an extension like uBlock Origin (or uBlock Origin Lite on Chrome, due to Manifest V3 restrictions) closes most of the remaining gap.

Does incognito mode protect my health searches?

Incognito mode prevents your browser from saving a local history, but it does not block third-party trackers from collecting your location, device type, and browsing activity in real time. Chrome’s more aggressive tracker protections do activate in Incognito as of Chrome 140, making it a better environment for sensitive health browsing, but not a complete solution.

Which browser has the best default privacy settings for health browsing?

Firefox with Strict Enhanced Tracking Protection enabled is the strongest mainstream option as of November 2025. It blocks fingerprinters, cryptominers, bounce trackers, and cross-site tracking cookies across all windows by default once Strict mode is selected. Safari is a close second for Apple users due to Intelligent Tracking Prevention, though it lacks GPC support natively.

What is Global Privacy Control and how do I turn it on?

Global Privacy Control is a browser signal that legally requires covered businesses in California and other states with consumer privacy laws to stop selling or sharing your personal data. In Firefox, enable it under Settings > Privacy & Security > “Tell websites not to sell or share my data.” Chrome users can get GPC through the Privacy Badger extension from the Electronic Frontier Foundation.

Is uBlock Origin still safe to use in Chrome after Manifest V3?

Yes, but with a caveat. Chrome’s switch to Manifest V3 means the full uBlock Origin extension no longer runs on Chrome, only uBlock Origin Lite, which has reduced blocking capabilities due to MV3’s API restrictions. Firefox still supports the full uBlock Origin, which is one concrete reason privacy-focused users prefer it for health browsing.

How do I know if my browser is leaking data right now?

Visit the Electronic Frontier Foundation’s Cover Your Tracks tool, which tests your browser against real tracking and fingerprinting techniques and shows exactly what information is exposed. Run it before and after making these settings changes to see the measurable difference.