Cookiesentry

Cookie checkerFeaturesPricingBlogContact
Home/Cookies Guide/Social media cookies
Back to all cookies
Social MediaConsent required

Social media cookies

Social media cookies are usually set by embedded videos, sharing widgets, social login, or profile integrations that connect the site with a third-party platform.

Cookies in this hub

6

Provider families

2

Default consent view

Consent required

Legal position

Because these cookies often involve third-party tracking and cross-site identifiers, they generally require prior consent before the embed or widget loads.

Audit every embedded video, feed, share button, login provider, and widget that can contact a third-party platform before consent.

Banner copy tip: Explain which third-party platform is loaded and what interaction or embed triggers the cookie.

Common failures

  • Embedding social widgets directly in the page instead of using a click-to-load placeholder.
  • Assuming a passive share button is harmless while it still contacts the platform on page load.
  • Listing the platform in the policy but not the actual cookies created by the embed.

Audit checklist

  • Replace auto-loading embeds with placeholders that activate only after consent or explicit interaction.
  • Scan pages containing video embeds, social feeds, and log-in widgets separately from the homepage.
  • Document platform name, cookie purpose, expiry, and cross-site tracking implications in the policy.
  • Retest after plugin or embed updates because vendors frequently change cookie behavior without notice.

Providers commonly found here

Meta (4)TikTok (2)

Need platform-specific implementation advice? Review the matching hub for Shopify, WordPress, WooCommerce, PrestaShop.

Social media cookies reference list

datrSocial MediaConsent required

Browser identifier set by facebook.com. On third-party sites that embed Meta widgets (Like button, comments, Login) it enables Meta to recognise the browser across sessions — a cross-site tracking signal that requires consent.

Expires: 2 years
Meta Platforms Ireland Ltd.
Meta
sbSocial MediaConsent required

Browser identifier used by Meta for account-recovery flows and authentication security. Surfaced on third-party sites through Meta embeds, contributing to cross-site visitor identification.

Expires: 2 years
Meta Platforms Ireland Ltd.
Meta
c_userSocial MediaConsent required

Stores the Facebook / Instagram user ID of the signed-in visitor. When a third-party page loads a Meta embed, the cookie is sent to Meta — directly identifying the visitor across the web.

Expires: 1 year
Meta Platforms Ireland Ltd.
Meta
xsSocial MediaConsent required

Session token authenticating signed-in Facebook / Instagram users. Sent to Meta from any third-party page embedding a Meta widget while the visitor is logged in to Meta.

Expires: 1 year
Meta Platforms Ireland Ltd.
Meta
tt_csrf_tokenSocial MediaConsent required

CSRF protection token issued by TikTok. Although strictly necessary for TikTok-side interactions, on a third-party site it appears only when a TikTok video embed loads — making it part of the social-plugin tracking stack.

Expires: Session
TikTok Information Technologies UK Ltd.
TikTok
tt_chain_tokenSocial MediaConsent required

Internal TikTok request-routing token used to chain related requests across a session. On third-party sites it surfaces through TikTok embeds and contributes to cross-site identification.

Expires: Session
TikTok Information Technologies UK Ltd.
TikTok

Want evidence of where these cookies load?

Run a CookieSentry scan to see which social media cookies appear on your live pages before consent, and export a report your privacy team can act on.

Run a free scan →
Cookiesentry
About usFAQContactBlogCookies GuidePrivacyTermsEU Hosting

No cookies. No tracking. Analytics by EU-hosted Umami.

© 2025 CookieSentry. All rights reserved. Made with care for your privacy.