How do Third-Party "tracking cookies" work?

cookies

I have read this question here: How Do Internet Advertisers Use Third-Party Cookies? on how third-party tracking cookies work, but am still very confused. I don't understand how if I visit Website A (a normal website with ads) how Website B (an advertising website) can assign my computer an ID, and then figure out that I was on website A, and other websites after it that have its ads.


First, cookies are set and retrieved through HTTP headers. If your browser sends a request to http://example.com, then the response might come back with a header that says Set-Cookie: foo=bar. Your browser stores this cookie, and on any subsequent requests to http://example.com, your browser will send foo=bar in the Cookie header. (Or at least until the cookie expires or is deleted.) The browser sends the foo=bar cookie with any request to http://example.com, regardless of who initiated the request or what the context is. If http://example2.com contains the tag <img src="http://example.com/img.jpg">, then the browser will send the cookie foo=bar when it fetches http://example.com/img.jpg, even though http://example2.com is responsible for the request being sent.

So, if website A contains an ad that is served by website B, then website B can set a cookie in your browser. For example, maybe website A uses <iframe src="http://websiteB.com/ad.html></iframe> to serve the ad from website B. Then when your browser goes to fetch http://websiteB.com/ad.html, the response will come back with a Set-Cookie header that sets a cookie with some unique random string. If website C also includes an ad from website B, then that unique cookie will be sent when the ad on website C is fetched from website B.

As far as how website B knows which actual website you're visiting, there are a variety of ways. In some cases, when the browser sends a request to one website, it tells the website which website you're coming from. So when the browser goes to fetch http://websiteB.com/ad.html, it might include the HTTP header Referer: http://websiteA.com that tells website B that the request was initiated by website A. Every time website B sees the unique random string that it assigned to you, it can check the Referer header to add to its log of where you've been. If website A is cooperating with website B, A can just directly tell B that you're coming from website A. For example, website A could include the ad from website B by using <iframe src="http://websiteB.com/ad.html?referer=websiteA.com">, and then website B will see the referer in the query string.

Does that help? Are there particular parts of the answer you linked that don't make sense to you?

Related

In C#, how can I create a TextReader object from a string (without writing to disk)
Python using enumerate inside list comprehension
A python class that acts like dict
How to escape quote marks in Exec Command in MSBuild
Xcode Unit Testing with Cocoapods
Using App namespace in style
Java: Static Class?
Check if character is number?
How much is the overhead of smart pointers compared to normal pointers in C++?
Chrome can't load web worker
How to convert ActiveRecord results into an array of hashes
How to compare only date in moment.js