What is a Third-party (3P) Cookie and how it works?

Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.

These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.

Technically, if the apex domain of the cookie domain property is:

While the server hosting a web page sets first-party cookies, the page may contain:

in other domains which performs cross-oirgin request and may set third-party cookies.


Cross-site tracking

See How does a tracking cookie work? A step by step example

Cross-origin authentication

Third-party cookies may be used for cross-origin/cross domain authentication

Content personalization

Embedded HTML can be personalized.


Technical / Browser definition

For a browser, Third-party cookies are cookies:

  • with the properties:
    • SameSite=None;
    • Secure
    • without Partitioned attributes
  • operating in cross-site contexts


You should note that the browser configuration may deny third-party cookies.

  • by configuration
Chrome Cookie Configuration

Firefox Cross Site Cookie Tracking

Cors and SameSite

The browser follows CORS and cookie samesite to allow or deny third-party cookies.


In the devtool, you can check the cookie value that is sent and received.

  • In the network cookies tab

Chrome Dev Tool Chrome Filtered Out Cookies

  • In the network headers tab

Third Party Cookie

Discover More
Card Puncher Data Processing
Analytics - (Cross-site | Cross-domain) tracking - Site linking

cross-site tracking is a tracking technique that permits to follow a user across web sites (ie to follow users from site to site) Cross-domain measurement makes it possible for Analytics to see sessions...
Authentication - Cross Origin Authentication

When the authorization_endpoint is not from the same origin, this is a cross-origin' authentication. A redirect to the endpoint where the authentication happens there. The user's credentials...
Cookie Scope Name
Cookie - Scope

The scope of a cookie name is a calculated property defined by the concatenation of the and attributes. If the request URL matches the scope (ie domain and path expression), the user agent (browser)...
HTTP - Cross-Origin Request

A cross-origin request is a request that was not created by code (html page, javascript, ...)) of the same origin. cross site requestsame origin requestcross-originsame origin A page may contain images...
Devtool Tracking Cookie Identifier Counter
How does a tracking cookie work? A step by step example

This page shows you a basic example of a tracking ... cookie so that you can understand and implement the underlying mechanisms. These cookies are third-party cookie. A tracking cookie is also known...
Security - Third Party

A third party is an external entity to your organization or to your code. In HTTP, a third-party is identified via the origin and if it needs or not to make cross-origin request Example:
Set Cookie Block Bad Domain Att Vs Current Host Url
The domain property of a cookie in depth

This article is about the domain property of a cookie and defines what is a domain, how it's used and what's permitted.
What is the SameSite Cookie property? First-Party and third-party cookie control

What is the SameSite Cookie property? First-Party and third-party cookie control samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when...

Share this page:
Follow us:
Task Runner