Third-party cookies

[PaulB]

This Mozilla support site defines third-party cookies as follows:

3cookie.PNG

I have always been under the impression that third-party cookies were those set by site2.com (the third-party) when you were visiting site1.com.

Can anyone clarify this?

[Rudi]

This site seems to have all the facts

[HansV]

While you are visiting site1.com, it can set cookies for itself and for other sites such as site2.com (if you allow it to). A site such as site2.com cannot set a cookie if you're not visiting it.

Here is an example from HTTP cookie on Wikipedia:

Suppose a user visits http://www.example1.com" onclick="window.open(this.href);return false;, which sets a cookie with the domain ad.foxytracking.com. When the user later visits http://www.example2.com" onclick="window.open(this.href);return false;, another cookie is set with the domain ad.foxytracking.com. Eventually, both of these cookies will be sent to the advertiser when loading their ads or visiting their website. The advertiser can then use these cookies to build up a browsing history of the user across all the websites this advertiser has footprints on.

[PaulB]

Thank you both for clarifying that. From the links you gave, it appears that whatever meager protection Firefox provides by allowing you to reject third-party cookies can be (and is) easily circumvented by the use of such sites as Google Analytics.

[jscher2000]

I would think about it a bit differently.

These days, most web pages contain content (text, images, scripts, videos) from multiple web servers. Each request you make to each web server will send and potentially receive cookies for the domain name corresponding to that request. Thus, you may send and receive EileensLounge.com cookies to the lounge server, and Google-Analytics.com cookies to the big hit counter in the cloud, all in the loading of a single page.

(We call the Google cookies third-party cookies in this context because they are not from the site listed in the address bar. When the webmaster visits Google-Analytics.com for a report, then they aren't third party cookies in that context.)

The above description is a little more accurate than saying that EileensLounge.com sets a cookie for Google. The cookies should not cross domains (that would be a security problem).

(I once wrote an article on cookies for the Mozilla support knowledge base. It was deemed too complicated and scary, and has been revised dozens maybe hundreds of times since. Thus, I disclaim responsibility for whatever is currently written there. )

[PaulB]

Perhaps they should not have been so hasty to reject your submission!