How to check if third-party cookies are enabled javascript

JavaScript is not enabled.

JavaScript needs to be enabled in order to detect if Third-Party Cookies are allowed.

This page tells you if Third-Party Cookies are enabled in your current web browser.

Third-Party Cookie detection relies on JavaScript being enabled. So if you don't have JavaScript enabled then it's not possible to detect if Third-Party Cookies are allowed.

If you don't have JavaScript enabled, this site has a growing list of guides to show you how to enable JavaScript for your browser.

You've got Third-Party Cookies enabled. Remember; your Third-Party Cookies setting is a "per browser" setting; so you've got them enabled in Firefox, but they might be still disabled in a different web browser on your computer (...if you've got more than one web browser installed!)

You don't have Third-Party Cookies enabled. We have guides to show you how to enable Cookies for your browser if you want to change this setting.

Once you've got Cookies enabled, reload this page to confirm that they're enabled, or visit the Homepage to make sure your web browser is up to date and to get a full read-out of your web browser's capabilities.

What are Cookies?

Cookies are little bits of information that websites store on your computer when you visit them. They can help websites "remember" things about you. A website might use a cookie to store your Currency or Language preference. They are also usually required if you log in to a website.

What are Third-Party Cookies?

A "first-party" cookie (or just a "normal" cookie) is "set" by which ever website you are actually using at the time. A "third-party" cookie is set when you are using one website, but that website has embedded javascript from a different (ie a "third-party") website and the javascript sets a cookie.

There's actually nothing inherently different about a first or third party cookie, it really just depends on the context you are relating to that cookie. For example, a cookie set by Facebook -when you're using facebook.com- is a first-person cookie, but if you are on a different website which has a Facebook Like! button; that button will access the same cookie; but in this context it would be considered a third-party cookie.

Are Third-Party Cookies safe?

As with "normal" cookies, there's still nothing inherently "bad" about third-party cookies, however third-party cookies are a huge part of how different companies (typically advertising and social networks) track people's traffic, even when you're not directly using their website.

For example, say you've logged into facebook.com - facebook then knows who you are and sets a cookie after you log in - that's totally fine. But then - if you go and visit a completely different website, normally Facebook would have no idea about this... but if this other website has a Like! button on it, Facebook now knows that you've also accessed this otherwise unconnected website.

And so using this approach, Facebook can build an extended profile of your browsing habits, even if you never post any of it on facebook.com.

A lot of people find that unacceptable and so they choose to disable Third-party cookies.

Unlike first-party cookies (which are usually required to log into or use websites), disabling Third-party cookies tends to "break" a lot less websites and have much less negative impact on your browsing.

Enabling or disabling Cookies

We have guides which will show you how to enable or disable Cookies for your browser.

A note on Safari and Third-Party Cookies

After extensive testing and debugging, it seems that when you disable Third-Party cookies in Safari, it will still hold on to them and keep using them until you restart Safari.

So if you choose to disable third-party cookies in Safari, make sure you restart (and perhaps Reset Safari) to ensure that it doesn't keep using any third party cookies it may have cached. Chrome and Firefox don't have this problem.

More questions?

If you have any more questions, use the contact form and we'll answer it and add your question here.

We often use Single sign-on (SSO) on our website to increase users on the platform by giving them the ability to easily sign-in and sign-up, but sometimes the user might have disabled 3rd party cookies or cookies altogether.

Why do we need to check whether cookies are enabled or not?

Most SSO services dynamically insert iframe on the website to implement the functionality, when these scripts are unable to access cookies they throw weird errors and break without proper error handling mechanism, this may lead to bad UX. As pro developers 👩‍💻👨‍💻 we should handle such cases and provide proper feedback to the user along with some call to action.

Why simple JS way of detecting cookies status doesn’t work?

function checkCookie(){
    var cookieEnabled = navigator.cookieEnabled;
    if (!cookieEnabled){ 
        document.cookie = "testcookie";
        cookieEnabled = document.cookie.indexOf("testcookie")!=-1;
    }
    return cookieEnabled || showCookieFail();
}
function showCookieFail(){
  // do something here
}
// within a window load,dom ready or something like that place your:
checkCookie();

The above snippet can be used to check whether cookies are enabled or not, but this will result in true condition even if 3rd party cookies are disabled 😢. The reason for this is how JS resolves the scope of scripts, when the above snippet is added to our main application it will check the access of cookies for that scope, not for the dynamically inserted iFrame.

Then how should we accomplish this task?

The way that I come up with and which always works is adding an external iFrame which we will build now, it will detect whether iFrames can access cookies and will inform the parent application about the cookie's status. As weird as it sounds there is actually no way through which we can call parent functions through iFrame or visa-versa, but but but we have a superpower under our sleeves ⚡

We will use the Message Event provided by the window object, through this, we can send messages to other browsers based on the URL, in our case we will send the message from iframe to the parent application which may be on a different domain.

This may sound difficult and complex, but fear not we will through it together.

Step 1: Creating our custom iFrame

First, we add a function that will run as soon as the iFrame is loaded, this will add a message event listener which will fire when we will invoke it from the parent application. When invoked it will first validate the request (this is optional) then we call the checkCookiesEnable which checks the cookie status and returns it, now we will send a message to the parent application through parent.postMessage(); parent is implicit object available inside iframe.

Step 2: Using the iFrame and invoking functions

Here we will add the message event handler and then insert our iFrame before inserting any 3rd party scripts, as soon as the frame is loaded we will postMessage to our Iframe through the frame.contentWindow object and ‘*’ forallowing postMessage to any origin (different domain). Now the function inside iFrame checks the status of the cookies for iFrames and sends a message which is intercepted by our messagehandler. Check whether the message is sent by the IFrame or not (optional), the event will now hold the response from the result of the checkCookieEnable function inside iFrame.
Below I have shown a sample function that takes the iframeUri and a callback that will be called once the result is received.

You can directly use the above snippet inside your application and provide a callback that will render an appropriate message for the user.

How do you check if cookies are enabled JavaScript?

How do I make sure third party cookies are enabled?

Can JavaScript access third party cookies?

How do I disable third party cookies in JavaScript?