Thursday, April 20, 2006

Do you have third party cookies enabled?

There's been a discussion over at GRC about a new service that Steve Gibson is going to offer automatically testing whether visitors have third party cookies enabled. These are probably the most annoying types of cookies because they are used by Internet marketers to secretly tag and follow your surfing habits and potentially aggregate all sorts of information about you.

While we wait for Steve to come up with a polished solution, here's a little thing that I hacked together with Javascript and an IFRAME to do third party cookie testing.

Of course, if you block Javascript or the IFRAME tag then it's not going to work for you (the space above will remain blank), otherwise it should detect whether you have third party cookies enabled. It works by having the IFRAME request a page from my site and then looking for the cookie and writing out an appropriate message.

The IFRAME is just the following:

<iframe src=""
height="40" width="300">

and the page that's loaded by the IFRAME has a small piece of Javascript:

document.cookie = "TestForThirdPartyCookie=yes;";
if ( document.cookie.indexOf( "TestForThirdPartyCookie=" ) == -1 ) {
document.write( "<b>You do not 3rd party cookies enabled</b>" );
} else {
document.write( "<b>You have 3rd party cookies enabled</b>" );

The cookie that's set is for the session-only so it won't be kept hanging around and contains nothing nasty. It's just TestForThirdPartyCookie=yes.

No comments: