So, you want to detect browser cookie third party support.

What is third-party cookies

Basically, third-party cookies are cookies that are set by a website other than the one you are currently on. For example, might have a Twitter like button. That button will set a cookie that can be read by Twitter. That would be considered a third-party cookie.

Some browsers (from specific versions), like Firefox and Safari, have this option disabled by default. However, see page “How to enable third-party cookies in your web browser” to get information’s how to enable third-party cookies in some browsers.

Potential options to detect if browser support third-part cookies

How to detect if browser allow to set third-party cookies or not? There is some options.

  1. Use iframe and window.postMessage method (cross-origin communication) to check if third-party cookies can be set.
  2. Use server-side solution.

I prefer server-side solution. The proof of concept is here:

How it works?

Basically, I load script file from other domain than site is currently on. In my example it is from domain On server-side I setting the cookie and make a redirect to the server where I read the cookie and echo the script method with result. So, first step is to get script on server side (see method loadJS in source code of above proof of concept URL) that contains PHP (in this case I use PHP on server-side) code:

setcookie('3rdparty_test', true, time() + (60 * 5)); // 1 minute
$url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']) : "http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']);
header('p3p: CP="CAO PSA OUR"');
header('Location: ' . $url .'/getresult/testcookie.php');

and redirect to file where I read the cookie and echo the name of global method which will be called after response from server:

header('p3p: CP="CAO PSA OUR"');
header("content-type: application/x-javascript");
echo "    
(function () {

if (isset($_COOKIE['3rdparty_test']) && !empty($_COOKIE['3rdparty_test'])){
    $cookie_value = 'true';
} else {
    $cookie_value = 'false';
echo "
    window.is3rd_cookie(" . $cookie_value . ");

Actually, it works in the same way as JSONP requests. Except that I do one redirect.

Note: IE requires you to set a P3P policy before it will allow third-party frames to set cookies, under the default privacy settings.


You can leave a response, or trackback from your own site.

4 Responses to “Detect browser cookie third party support using feature detection”

  1. Darin, 26 May 2014

    Nice solution. Could you please elaborate a little more about the first approach using iframe and window.postMessage?

  2. Cezary Tomczyk, 28 May 2014

    Thanks. As for first approach:

    1. Create iframe.
    2. Load page from different domain with client-side code that: 1) sets the cookie, 2) read the cookie and send the results to the parent using postMessage.

    Very similar to

  3. Cezary Tomczyk, 21 April 2018

    I’d be glad to update it, but I’d need to know what is obsolete there.

Before you add comment see for rules.

Leave a Reply

Your email address will not be published. Required fields are marked *