You mean your local terms of service, yes? Browsers dont care about who SET the cookie; they care about matching the DOMAIN of the cookie.
And your script's cookies are different from other cookies because....
As I often receive cyber attacks I will abort any requested page which contains any GET, POST or COOKIE data with variables I don't use and with any data that contains characters I would not use and if the string length of the variable is outside limits I set.
Sounds a -little- on the paranoid side to me, but thats your prerogative.
I'm worried some of my client base are not able to use the site due to this cookie issue.
And this is the consequence of your choice to abort.
By looking at the User Agent info I see spiders are mostly responcible for my site aborting a requested page.
Not surprising, as there are a lot of spiders out there.
Does anyone understand this behaviour and perhaps know the point of sending cookies unknown to a server?
Try capturing some of those cookies and take a look at their content. It might narrow down your question.