Browser privacy is not about becoming invisible. It is about reducing unnecessary exposure — the steady trickle of identifiers, behavioral signals, and permission grants that accumulate in the background while you browse normally.
The goal here is a small set of changes that meaningfully reduce tracking surface without breaking the sites you actually use. Most of these settings live in your browser's main settings menu under "Privacy and security" or a similarly named section.
Third-party cookies
Third-party cookies are the classic cross-site tracking mechanism. A script loaded from one domain can drop a cookie that follows you onto unrelated sites that load the same script.
Most modern browsers can block third-party cookies entirely. Look for a setting labeled "Block third-party cookies" or "Strict tracking protection." Some sites still rely on third-party cookies for legitimate functionality (auth flows, embedded widgets), so a small number may break — usually with a clear error you can resolve by allowing the specific site.
What this is not: a fix for first-party tracking, fingerprinting, or server-side identifiers. It only addresses one common channel.
Tracking protection
Built-in tracking protection has improved across all major browsers in recent years. The "Strict" or "Enhanced" mode typically blocks known trackers, fingerprinting scripts, and crypto miners using a curated list maintained by the browser vendor.
This is one of the highest-leverage settings for most users. It runs automatically, requires no maintenance, and rarely breaks sites in practice.
Site permissions
Site permissions accumulate. Each time you allow camera, microphone, location, notifications, or clipboard access for a site, the grant usually persists indefinitely.
Periodically open your browser's site permissions panel and review what is actually allowed. Revoke anything you no longer need. Sites that need a permission again will simply re-prompt.
Notification prompts
The "Allow notifications?" prompt is one of the most exploited surfaces in the browser. Spam sites use it to push ads directly to your desktop long after you have left the page.
Set notification prompts to "Ask" only when you actively trust the site, or disable prompts globally and re-enable per-site as needed. Most browsers expose a toggle named "Use quieter messaging" or "Don't allow sites to send notifications" that handles this.
Location access
Most sites that ask for precise location do not need it. Even sites that do can usually function with a city-level estimate.
Set location access to "Ask" by default, and audit any sites currently granted persistent access. If a site genuinely needs location for a single action (a delivery flow, a store locator), grant it once and revoke afterward.
Autofill and saved payment data
Autofill is a productivity feature with a real privacy tradeoff. Saved addresses, phone numbers, and payment cards are convenient but they can also be silently filled into forms you did not intend to submit, or scraped by malicious scripts on compromised sites.
Two practical steps:
- Disable autofill for payment cards. Type them manually when you actually need to.
- Periodically review saved addresses and remove anything stale.
Extension hygiene
Browser extensions are one of the largest privacy attack surfaces most users have. Each extension typically requests broad access to page content, browsing history, or both. An extension that started useful can change ownership and become a tracking pipeline overnight.
Practical hygiene:
- Audit installed extensions every few months.
- Remove anything you no longer use.
- Prefer extensions from reputable vendors with an active maintenance history.
- Be cautious with extensions that request access to "all sites" if a more limited scope would suffice.
Quick checklist
A short list to walk through once and revisit twice a year:
- Third-party cookies blocked or set to strict.
- Tracking protection set to strict / enhanced.
- Site permissions reviewed; unused permissions revoked.
- Notification prompts disabled or quieter messaging on.
- Location set to "Ask" by default.
- Payment autofill disabled.
- Stale saved addresses removed.
- Unused extensions removed.
Summary
These settings will not make you invisible online, and that is not the goal. They reduce the volume of low-effort tracking that piggybacks on default browser behavior, which is where most everyday exposure happens. Spend twenty minutes once, revisit twice a year, and the ratio of effort to reduction is hard to beat.