Third party Cookie (Tracking Cookie)

Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.

These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.

Technically, If the domain property of the cookie is:

  • the same as the domain of the page you are on, it's a first-party cookie.
  • different, it is a third-party cookie.

While the server hosting a web page sets first-party cookies, the page may contain:

in other domains which performs cross-oirgin request and may set third-party cookies.


Cross-site tracking

They allows cross site tracking

These are mainly used for advertising and tracking across the web.

This cookie are cookie identifier and are send back at every future HTTP request (fetch) of the third party script to their origin (the third-party server - advertiser).

They are also referred to as tracking cookies.

cross-origin authentication


You can see them in the browser devtool



  • A tracking file example (Javascript mixed with php that set a cookie)
header('content-type: text/javascript');
$uniqueId = uniqid();
setcookie("bytle_uniq_id", $uniqueId, time()+3600*24*30, '/'); 

console.log('The bytle tracking javascript was executed');
  • The htaccess to redirect an URL to tracking.js to tracking.php
RewriteBase /
RewriteRule ^tracking.js$ tracking.php
  • When this script is added to a page, it will return each time that the page is loaded the unique Id.
<script src="">
  • Unfortunately, the code below does not work because it's runned in a iframe but if you open the devtool (See below), you can see the cookie send for each request of tracking.js
var cookie = document.cookie.split(";").filter( (item) => item.trim().startsWith('bytle') )[0];
if (typeof cookie != 'undefined') {
    console.log('The bytle cookie was found with the value '+cookie.split('=')[1]);
} else {
   console.log('The bytle cookie was not found');
  • The devtool that shows the cookie sends

Documentation / Reference

Powered by ComboStrap