What is a third party cookie ?
Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.
These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.
Technically, If the domain property of the cookie is:
- the same as the domain of the page you are on, it's a first-party cookie.
- different, it is a third-party cookie.
While the server hosting a web page sets first-party cookies, the page may contain:
- ad banners
- or other components stored on servers
in other domains which performs cross-oirgin request and may set third-party cookies.
Articles Related
Usage
Cross-site tracking
They allows cross site tracking
These are mainly used for advertising and tracking across the web.
This cookie are cookie identifier and are send back at every future HTTP request (fetch) of the third party script to their origin (the third-party server - advertiser).
They are also referred to as tracking cookies.
cross-origin authentication
See
You can see them in the browser devtool
where:
- domain is The domain property of a cookie in depth
Example
- A tracking file example (Javascript mixed with php that set a cookie)
<?php
header('content-type: text/javascript');
$uniqueId = uniqid();
setcookie("bytle_uniq_id", $uniqueId, time()+3600*24*30, '/');
?>
console.log('The bytle tracking javascript was executed');
- The htaccess to redirect an URL to tracking.js to tracking.php
RewriteBase /
RewriteRule ^tracking.js$ tracking.php
- When this script is added to a page, it will return each time that the page is loaded the unique Id.
<script src="https://tracking.bytle.net/tracking.js">
- Unfortunately, the code below does not work because it's runned in a iframe but if you open the devtool (See below), you can see the cookie send for each request of tracking.js
var cookie = document.cookie.split(";").filter( (item) => item.trim().startsWith('bytle') )[0];
if (typeof cookie != 'undefined') {
console.log('The bytle cookie was found with the value '+cookie.split('=')[1]);
} else {
console.log('The bytle cookie was not found');
}
- The devtool that shows the cookie sends