In order to understand the way we determine the provider value, it is important to know the difference between 1st party and 3rd party cookies.
Data collected by 3rd party cookies can be read by the 3rd party on any website that includes a script from the 3rd party, while the data gathered by a 1st party cookie can only be read by the website it originates from.
In the scan report the "provider" is stated as the domain name from which a cookie originates. To see which domain this is, we look at who is actually providing the exact script that sets the cookie. For 1st party cookies this will be the domain name of the current website. For 3rd party cookies this will be the domain name of the embedded 3rd party service setting the cookie.
Example with Google Analytics cookies _ga:
The _ga cookie is set by Google Analytics. Since this is a Google product you would understandably expect "Google" to be the cookie provider.
In this context "provider" implies which entity sets the cookie, not the author of the software that sets the cookie. The Google Analytics "_ga" 1st party cookie is set by your own domain, as you can see in this example from cookiebot.com:
If the cookies was set from a 3rd party domain, like google-analytics.com, the provider of this cookie would be Google.
The provider of a cookie is determined by how the cookie is set:
- For 1st party cookies, the domain itself is considered the provider.
- For 3rd party cookies, the 3rd party domain is considered the provider.
- When the script is loaded via a different tool into your website, for example a tag manager, it is possible that this tool will be stated as the provider for this cookie.