Cookie Sync Metrics and Thresholds

[muuki88]

Hi,

We had a partial outage on the 14. August 2025 for a day, because a cookie sync dropped a cookie that exceeded the header size limit. We weren't able to track down the exact cookie, but all data points lead to the conclusion that the cookie sync must have caused this issue.

Proposal

I would like to propose two features

1. Adding a cookie size metric, which lets you monitor uid cookie size percentiles. E.g. 99p is 2kb , 95p is 1.5kb. This allows for monitoring of a general increase in cookie size. The size should be broken down by bidder adapter to be able to disable malfunctioning bidders.
2. Adding a threshold size for the uid cookie. If reached, the cookie is either not set at all or uids will be remove

Background

The issue we faced was a sharp drop in requests on Google Chrome ( due to 3rd party cookies being allowed ). After a couple of days of debugging we figured that all systems of our advertising domain were affected. We use this top level domain to serve static assets ( cdn.xxx.com ) and host prebid server ( prebid-server.xxx.com ).

The malfunctioning user sync set the domain at the top level, rather than at the sub domain. The cookie appeared to have a life time of 24 hours, because after the issue started it took 26 hours until it stopped almost immediately.

Related

• #1985
• #1986
• #4185
• #4080

[bsardo]

Discussed at the backlog meeting. @Net-burst indicates that the setuid endpoint in PBS-Java should not write to the cookie if it determines that it will exceed the maximum size but perhaps there is a bug. Can you provide more detail?