The difference between 1st and 3rd party cookies

The question: What’s a third party cookie? OK, let’s assume I’m an expert at these things, which I’m not, but let’s just assume that I play an expert at these things. Here’s your answer….

Cookies are small pieces of information stored in your browser’s cached files. If you visit a site, say, that site might decide to store some state on your browser — a cookie. The cookie is a 1st party cookie because it is created and sent back and forth between your computer and that site,, in your browser’s url field.

So what’s a 3rd party cookie? Well, often a document will fetch additional pieces of information from other sites, maybe a javascript file or an image, or maybe even entire documents. Anytime the document from imports a file or script or image from a different web site (the 3rd party site), that site can also set cookies. Those cookies are 3rd party cookies.

Let’s look at this a little more closely. Imagine you browse to This site might send back a 1st party cookie: FOO=1. The cookie could be stored in the domain of, and only visits to that would prompt the browser to automatically send that cookie value to on subsequent visits. Because of the rules around cookie security, however, your browser would never send an cookie to another site like

Now imagine that the file has additional links to other sites. Maybe hello.html has an image link that pulls a photo from Now is being called from your document. Your browser will not send any cookie values to the referenced site. However, the example2 site may decide to drop a cookie as well. Since it is not the primary site of your document, which is, the cookie is called a 3rd party cookie.

Hmmm… so here we have examples of 1st party and 3rd party cookies. So, what’s a 2nd party cookie? I don’t actually know the answer to that question. If the site of your document is the 1st party and referenced sites are 3rd party, that really leaves the browser or its user as the 2nd party. Maybe a 2nd party cookie (which I’ve never really heard in any discussion) would simply be a cookie manually created by the user? Hmmmm…. probably not an important point. However, hopefully you know the difference between 1st and 3rd party cookies!

Cookie example