Third party Cookie (Tracking Cookie)

What is a third party cookie ?

Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.

These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.

Technically, If the domain property of the cookie is:

• the same as the domain of the page you are on, it's a first-party cookie.
• different, it is a third-party cookie.

While the server hosting a web page sets first-party cookies, the page may contain:

• images
• ad banners
• third party script
• or other components stored on servers

in other domains which performs cross-oirgin request and may set third-party cookies.

Articles Related

See

You can see them in the browser devtool

where:

• domain is The domain property of a cookie in depth

Example

• A tracking file example (Javascript mixed with php that set a cookie)

<?php
header('content-type: text/javascript');
$uniqueId = uniqid();
setcookie("bytle_uniq_id", $uniqueId, time()+3600*24*30, '/'); 
?>

console.log('The bytle tracking javascript was executed');

• The htaccess to redirect an URL to tracking.js to tracking.php

RewriteBase /
RewriteRule ^tracking.js$ tracking.php

• When this script is added to a page, it will return each time that the page is loaded the unique Id.

<script src="https://tracking.bytle.net/tracking.js">

• Unfortunately, the code below does not work because it's runned in a iframe but if you open the devtool (See below), you can see the cookie send for each request of tracking.js

var cookie = document.cookie.split(";").filter( (item) => item.trim().startsWith('bytle') )[0];
if (typeof cookie != 'undefined') {
    console.log('The bytle cookie was found with the value '+cookie.split('=')[1]);
} else {
   console.log('The bytle cookie was not found');
}

• The devtool that shows the cookie sends

Documentation / Reference

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Third-party_cookies