Skip to main content
Skip table of contents

What differentiates first- and third-party cookies, and what are the consequences of subdomain restriction?

Please note that Piano recommends using first-party cookies, their third-party counterparts being blocked on an increasing number of browsers.

The use of a first-party cookie limits your ability to recognize a user to a single domain, subdomain or folder on a site. The ability to read and write the cookie is restricted by the browser to the scope defined within the cookie. Thus, cross-domain analyses are not possible.

Third-party cookies are deposited on a domain separate from the website's. Piano deposits unique visitor identification cookies on the pa-cd.com, .xiti.com or .ati-host.net domains depending on the collection server.

This means Piano’s servers have the ability to read all cookies on those domains, no matter which site the visitor is accessing, allowing for cross-domain analysis.

First-party cookies do not allow any information to be communicated to other parties. The exchange of information is solely between the client (browser) and the server providing the pages upon loading the URL. In this case, the site itself must set the cookies (Piano’s tag manages this automatically).

When a visitor returns, the site gathers the value contained in the cookie and sends it in the hit to Piano’s servers (&idclient= parameter).

For example, visitor ID 123 loads the following URL: http://www.piano.io. A cookie is set on their browser with the domain “.piano.io”. The next day, the same visitor reloads http://www.piano.io on their browser, and the site gathers the value "123" from the cookie and sends it in the hit (&idclient=123). Once this information is processed, the visitor will be recognized as visitor ID 123.

The use of a CDDC (custom domain data collection) allows one last case: it is possible to deposit a first-party cookie via the server, provided that the collection domain chosen is the same as that of the site. In this case, the cookie value will not be returned in the hit, but in the request headers as for a third-party cookie.

If you set cookies from several subdomains with the same site ID, you will get conflicting and duplicated IDs. Since the subdomains cannot share cookie information between them, a new cookie will be set for each. To avoid this effect, using piano.io and analytics.piano.io as an example, make sure to use the domain rather than the subdomains when setting the cookieDomain configuration key of the SDK, with a period in front to include all possible subdomains: ".piano.io".

For subdomains with differing site IDs, this will only have an effect for multi-site analyses based on unique visitors. In that case, it would be best to use users tracking, which is the most precise visitor tracking feature to date.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close