FIRST-PARTY

foo.com bar.foo.com foo.bar.foo.com

THIRD-PARTY

doubleclick.net webtrendslive.com foo.112.2o7.net

JavaScript HTTP header response

First-party

Third-party

New Firefox default is to block third-party cookies

Safari has done this for a while Detail:

Blocks setting cookies from third-party domains that have no existing cookies set as first-party

i.e., Facebook will still be able to track you

Reliably(*) track the shared audience between separate domains

foo.com

ooo.combar.com

* Except Safari

Google Analytics uses first-party cookies exclusively

Passes cookie ID between domains only when users click from one to the other

Can’t reliably measure audience overlap

Web analytics vendors need to find a solution Data brokers are screwed Small publishers will lose data-enhanced ad

revenue

Moving to HTML5 localStorage late this week Interesting side effect:

localStorage is isolated by scheme + hostname + port (HTML5 Origin)

Not really a problem though

See: http://htmlui.com/blog/2011-08-23-5-obscure-facts-about-html5-localstorage.html

If the domain already has cookies, it can set them third-party Facebook will be fine Google will be fine Fairfax, News will problably be fine Web analytics can probably find a workable

solution

Iframe hack: Google got caught using this Browser fingerprinting Bounce users through your domains? iJento

do this HTML5 localStorage

From iPhone or Firefox Nightly:

http://arseh.at/cookie

Vendors:

David Jordine @Adobe

Mark Allison @WebTrends

Sauli Happonen @Nielsen

Chaoming Li NarbehYousefian