Quote:
Originally Posted by madslug
Since I enabled browser logging and started looking at browser requests and server responses in those logs, I find that some tracking scripts are setting cookies even though they are what I would think of as 3rd party scripts / cookies. For example, scripts called from tracker.domain.tld are setting cookies in the domain domain.tracker.tld. Some even go so far as to set cookies for domain.tracker2.tld.
(Most cookies are set when images are called so surfing without images greatly reduces the risk of cookies, even when javascript is enabled.
Visit bt.com home page.
Without images, bt.com only sets cookies in the domain .bt.com.
With images enabled, the home page sets cookies in the domains:- .doubleclick.net, .2o7.net, btow.touchclarity.com, .bt.com.
|
Not for me with third party cookies blocked in Opera or firefox 3.
With third party cookies blocked - IE, Safari and firefox allow cookies to be accessed after a redirect to a third party site (which Phorm relies on to access its webwise.net cookies).
IE 7 also leaks third party cookies using other methods with third party cookies blocked.
There's a "cookie forensics" test here, unfortunately it doesn't test if cookies can be set after a redirect to a third party domain - which Opera would pass, but IE, Safari and Firefox 3 would fail
http://www.grc.com/cookies/cookies.htm