What is a third party-cookie ?
Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.
These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.
Technically, if the apex domain of the cookie domain property is:
- the same as the origin of the page you are on, it's a first-party cookie.
- different, it is a third-party cookie.
While the server hosting a web page sets first-party cookies, the page may contain:
- ad banners
- or other components stored on servers
in other domains which performs cross-oirgin request and may set third-party cookies.
Usage
Cross-site tracking
Cross-origin authentication
Third-party cookies may be used for cross-origin/cross domain authentication
Content personalization
Embedded HTML can be personalized.
Browser
Technical / Browser definition
For a browser, Third-party cookies are cookies:
- with the properties:
- SameSite=None;
- Secure
- without Partitioned attributes
- operating in cross-site contexts
Configuration
You should note that the browser configuration may deny third-party cookies.
- by configuration
- or by default as firefox do:
Cors and SameSite
The browser follows CORS and cookie samesite to allow or deny third-party cookies.
Devtool
In the devtool, you can check the cookie value that is sent and received.
- In the network cookies tab
- In the network headers tab
