What is a Third-party (3P) Cookie and how it works?

Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.

These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.

Technically, if the apex domain of the cookie domain property is:

While the server hosting a web page sets first-party cookies, the page may contain:

in other domains which performs cross-oirgin request and may set third-party cookies.

Usage

Cross-site tracking

See How does a tracking cookie work? A step by step example

Cross-origin authentication

Third-party cookies may be used for cross-origin/cross domain authentication

Content personalization

Embedded HTML can be personalized.

Browser

Technical / Browser definition

For a browser, Third-party cookies are cookies:

  • with the properties:
    • SameSite=None;
    • Secure
    • without Partitioned attributes
  • operating in cross-site contexts

Configuration

You should note that the browser configuration may deny third-party cookies.

  • by configuration
Chrome Cookie Configuration



Firefox Cross Site Cookie Tracking



Cors and SameSite

The browser follows CORS and cookie samesite to allow or deny third-party cookies.

Devtool

In the devtool, you can check the cookie value that is sent and received.

  • In the network cookies tab

Chrome Dev Tool Chrome Filtered Out Cookies

  • In the network headers tab

Third Party Cookie




Discover More
Authentication - Cross Origin Authentication

When the authorization_endpoint is not from the same origin, this is a cross-origin' authentication. A redirect to the endpoint where the authentication happens there. The user's credentials...
Cookie Scope Name
Cookie - Scope

The scope of a cookie name is a calculated property defined by the concatenation of the and attributes. If the request URL matches the scope (ie domain and path expression), the user agent (browser)...
HTTP - Cross-Origin Request

A cross-origin request is a request that was not created by code (html page, javascript, ...)) of the same origin. cross site requestsame origin requestcross-originsame origin A page may contain images...
Devtool Tracking Cookie Identifier Counter
How does a tracking cookie work? A step by step example

This page shows you a basic example of a tracking ... cookie so that you can understand and implement the underlying mechanisms. These cookies are third-party cookie. A tracking cookie is also known...
Security - Third Party (3P)

A third party is an external entity to your organization or to your code. In HTTP, a third-party is identified via the origin and if it needs or not to make cross-origin request Example:
Set Cookie Block Bad Domain Att Vs Current Host Url
The domain property of a cookie in depth

This article is about the domain property of a cookie and defines what is a domain, how it's used and what's permitted.
Chrome Cookies
What is a Cookie? (HTTP Set-Cookie Header )

A cookie is: a key-value data with some associated that control how the browser should manage them. set by a HTTP response via the set-cookie header The received cookies by the browser can be...
Map Of Internet 1973
What is a DNS CNAME (Canonical Name) ?

A CNAME (Canonical Name) is the DNS alias functionality that maps a domain name to another name. More ...
What is the SameSite Cookie property? First-Party and third-party cookie control

samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when the origin of the code (HTML, Javascript, ..) that created the request (generally the...



Share this page:
Follow us:
Task Runner