How to determine the third-party domain of another?

Question

Is bbb.xxx.com the third-party domain of aaa.xxx.com? Or Is bbb.xxx.com the third-party domain of xxx.com?

According to MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#third-party_cookies

A cookie is associated with a domain. If this domain is the same as the domain of the page you are on, the cookie is called a first-party cookie. If the domain is different, it is a third-party cookie.

So what does different mean?I'm confused with it.

I have had a Test

Environment Info

Browser: Chrome 89.0.4389.114

test steps

I hava a https://aaa.xxx.com website. And inside it there is an iframe whose src is https://bbb.xxx.com. The result shows https://bbb.xxx.com's cookies can be passed in it's request.

Does this answer your question? [How do browser cookie domains work?](https://stackoverflow.com/questions/1062963/how-do-browser-cookie-domains-work) — SuperStormer, Apr 17 '21 at 17:27

score 0 · Answer 1 · answered May 24 '21 at 18:44

Neither is the true.

Third-party cookies, are cookies that are stored under a different domain than you are currently visiting.

So if the outerpage is aaa.com and that page contains an iframe element that references bbb.com, then bbb.com is the 'third-party' and will be subject to all of the third-party cookie and storage restrictions.

The key is understanding the nesting of the frames, and any frame from an origin that doesn't match the url bar, is 'third-party'.

How to determine the third-party domain of another?

I have had a Test

Environment Info

test steps

1 Answers1