Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does google set first party cookies for analytics tracking?

Suppose I search for a website Website1 on google. When I click on a search result link, it takes me first to a google server URL and then redirects me to the actual site i.e. Website1.

From this I understand, that before redirecting to the actual website, google stores information like keyword used for search, etc in cookies for the website domain (which I am searching i.e. Website1) using cookies. Then, when the actual website loads, the analytics script extracts this information from the cookies and pushes it to Google Analytics server.

My question here is how can google store cookies on behalf of the other site. As per my understanding, first party cookies can be created and accessed by the domain itself.

Just to confirm if cookies can be set for other domains, I searched and found links similar to this.

Any pointers please?

like image 962
Vishal Avatar asked Sep 14 '13 09:09

Vishal


People also ask

How does Google Analytics set first party cookie?

Google Analytics can set first party cookies for you domain because by embedding their javascript code in your website you have basically handed them the key to the city - Google can write and read cookies, they can - and do - load other scripts, they could steal sessions, deface your site etc.

How are Google Analytics cookies set?

The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable.

How does Google Analytics cookie work?

For example, Google Analytics uses a set of cookies to collect information and report site usage statistics without personally identifying individual visitors to Google. '_ga', the main cookie used by Google Analytics, enables a service to distinguish one visitor from another and lasts for 2 years.

How does a first party cookie work?

First-party cookies are directly stored by the website (or domain) you visit. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions that provide a good user experience.


1 Answers

You misunderstand the mechanism - the Google Analytics script gets keywords etc from the referring url (the click url in the search engine resulte page contains a lot of info like keyword and position of the search result in the serp).

The analytics script extracts the information from the referrer and (apart from sending it to google) stores it in a cookie (actually the new universal analytics does not do this anymore). But this happens on you own domain.

Google Analytics can set first party cookies for you domain because by embedding their javascript code in your website you have basically handed them the key to the city - Google can write and read cookies, they can - and do - load other scripts, they could steal sessions, deface your site etc. Not that Google has ever done that, but if you're out for world dominantion you should start by hacking the servers that deliver the analytics javascript code.

However Google cannot set a first party cookie from a google domain, and they do not need to. It's all in the referring url.

like image 118
Eike Pierstorff Avatar answered Oct 13 '22 22:10

Eike Pierstorff