Technical Background The third party sets & reads cookies over HTTP (not in JavaScript). So we need two requests to an external domain to test if third-party cookies are enabled: One where the third party sets the cookie(s) The second, with a differing response depending on whether the browser sent the cookie(s) back to the same third party in a second request. We cannot use XMLHTTPRequest (Ajax)