document.cookie before and after the embed loads. See the note at the bottom for what this can and cannot detect.This page reads document.cookie, which only sees first-party, non-HttpOnly cookies for this page's origin. It will not show:
oa.zawin.ch) — those are third-party cookies the parent page can't read via JS.HttpOnly cookies (invisible to JavaScript by design).For the authoritative picture, open DevTools → Application (Storage) → Cookies and look at both this page's origin and the oa.zawin.ch entry. Also check Network tab → filter the iframe.seamless request and any XHR → Response Headers → Set-Cookie. In Chrome, the Application panel groups cookies by domain so you can see exactly what zawin drops. Test in a fresh incognito window for a clean baseline, and note that third-party cookie blocking (default in many browsers now) may suppress them entirely.