What is a Third-party (3P) Cookie and how it works?

What is a third party-cookie ?

Third party Cookies are cookies created by other sites (ie that comes from another domain (ie a third party) than the hosted web page.

These sites own some of the content, like ads or images, that you see and was included on the webpage you visit.

Technically, if the apex domain of the cookie domain property is:

• the same as the origin of the page you are on, it's a first-party cookie.
• different, it is a third-party cookie.

While the server hosting a web page sets first-party cookies, the page may contain:

• images
• ad banners
• third party script
• or other components stored on servers

in other domains which performs cross-oirgin request and may set third-party cookies.

Usage

Cross-site tracking

See How does a tracking cookie work? A step by step example

Cross-origin authentication

Third-party cookies may be used for cross-origin/cross domain authentication

Content personalization

Embedded HTML can be personalized.

Browser

Technical / Browser definition

For a browser, Third-party cookies are cookies:

• with the properties:
  • SameSite=None;
  • Secure
  • without Partitioned attributes
• operating in cross-site contexts

Configuration

You should note that the browser configuration may deny third-party cookies.

• by configuration

• or by default as firefox do:

Cors and SameSite

The browser follows CORS and cookie samesite to allow or deny third-party cookies.

Devtool

In the devtool, you can check the cookie value that is sent and received.

• In the network cookies tab

• In the network headers tab