In the 1990s when websites were struggling to remember who their users were or what they did in previous website visits, Lou Montulli, a network engineer, invented the HTTP cookie or what is widely known as internet cookies or simply as cookies. Cookies have now become an inevitable part of the internet, helping businesses accomplish a wide variety of purposes.
These days, you may often come across cookie popups on websites as the arrival of stricter privacy laws changed how cookies are used on websites. Therefore, it is important to understand what cookies are, how they function and how they affect user privacy.
What are internet cookies?
An internet cookie (HTTP cookie or browser cookie or web cookie) is a small piece of data that a website stores on a user’s browser. A cookie consists of a small text file with a unique ID which is an anonymous number (randomly generated). There are two copies of it, one is stored on your device and one is stored on the website.
Cookies are set on the user’s device while the user is browsing a website and are stored for a range of purposes such as uniquely identifying users, managing their browsing sessions, facilitating personalized user experiences, ad targeting, and much more.
How do internet cookies work?
When anyone visits a website or takes any action on a website, a small text file is transferred from the site and stored on the visitor’s web browser. When the visitor returns to the website again, the server can read the cookie stored in their browser and recall information about the visitor, such as their previous browsing activities on the site.
To find information on any cookie, check out CookieSearch, an open-source cookie database where you can find information on over 100,000+ cookies.
What are internet cookies used for?
Cookies are an important component that helps websites to function effectively. Cookies enable you to use basic features on the website and allow sites to personalize user experience, track how users browse the site and collect insights for improving the site, products and services.
Most often, websites use cookies to:
- Keep you logged in on the site
- Remember items in your shopping cart or wishlist
- Keep your payment information secure
- Personalize the content you see
- Save your preferred site settings and themes
- Track how users interact with a website
- Show users relevant, personalized ads
Types of internet cookies
Cookies are generally classified based on their characteristic attributes such as their mode of origin, the time period they remain on a user’s browser, and what purposes they serve. The most common types of cookies are described briefly below.
Cookies classified based on the source
First-party cookies
First-party cookies are set by the website you’re on, i.e. the domain of a first-party cookie will be the same as the domain in your browser’s address bar. Websites usually use these cookies to track the visitor’s surfing behaviour, to remember user activity on a website over multiple visits etc. For instance, you may have seen links to the pages you visited recently on the same website. This is enabled by first-party cookies.
Third-party cookies
Third-party cookies are set by any party apart from the website or a domain that a user visits directly. Third parties often include advertisers, publishers and ad tech companies who provide targeted ads and companies or services that help websites to add third-party elements like live chat, social media buttons, Google Maps etc.
Third-party cookies are often called tracking cookies because they are used to track user activity across the internet for the purposes of advertising marketing. Since third-party cookies can be set despite the user not visiting the site they originate from, their use has often been contentious because of concerns about user privacy.
Cookies classified based on the expiration period
Session cookies
Session cookies (also temporary cookies or non-persistent cookies) are temporary cookie files that expire once a user ends a session. A session starts when a user opens a website or web app and ends when they leave the website or close the browser window.
Session cookies are used to recognize users’ online behaviour and remember their actions or preferences during a browsing session. Primarily, session cookies allow websites to remember users within a website when they move between web pages. These cookies save a user’s item selection on their shopping cart list when they move between pages on a website even when the user is not logged in on the site.
Persistent Cookies
Persistent cookies (or permanent cookies) remain on a user’s browser for a considerably longer time, unlike session cookies. Persistent cookies usually come with an expiration period ranging between a single second to several years. Once these cookies reach their expiration date, they will get deleted automatically from the user’s browser.
These types of cookies are stored on a user’s device to recognize users and remember information, settings, preferences, or sign-in credentials on a user’s subsequent visits. This is how persistent cookies help websites provide better and faster user experiences.
Cookies classified based on the purpose
Strictly necessary cookies
Strictly necessary cookies (or essential cookies), as its name itself suggests, are necessary for a website to function effectively. These cookies help users to navigate the website and provide basic features such as signing in, adding items to the shopping cart, checking out and making payments etc. Strictly necessary cookies are cookies that are exempt from cookie consent.
Performance cookies
Performance cookies (or statistics cookies) allow websites to remember the users so that they can provide an enhanced user experience. These cookies enable websites to collect anonymous information about how visitors use the website, the types of pages you visit, and problems or friction the user experiences on the site, to evaluate the performance of a website. This information is then used to make improvements to the way the site works and to understand the interests and motivations of users to ensure effective communications and delivery of products or services.
Functional cookies
Functional cookies (or preference cookies) are classified as cookies that ensure a website functions properly. These cookies, as the name suggests, help enhance a website’s performance and functionality. They help websites to remember user credentials like username and password for automatic login, and a user’s site preferences such as the user’s language preference, region etc. While functionality cookies are not used to track browsing activity on other websites, they can also be set by third-party providers whose services are used by the website.
Advertising cookies
Advertising cookies (targeting cookies or tracking cookies) are used by websites to track the browning activities and behaviour of users online to build a profile of the user’s interests and show them relevant advertisements on other websites. They are usually third-party cookies set by advertising networks (like Google Ads, Amazon Publisher Services, and Media.net) used by a website.
These types of cookies are often persistent and are usually installed on a user’s browser by third parties. They do not directly store personal information but can uniquely identify a user’s browser, device, location, browsing habits, browser preferences, and so on.
Internet cookies and user privacy
When cookies began to be widely adopted by websites in the late 90s, concerns were raised about user privacy and those concerns have not died down ever since. As personal data collected from cookies are aggressively being used by ad networks to target ads, privacy concerns regarding cookies have been increasing in recent times. In this regard, data protection laws and directives such as the General Data Protection Regulation (GDPR), ePrivacy Directive (ePD), CCPA, and LGPD have included provisions that regulate the use of cookies.
If you are a website owner or you are a developer, marketer or freelancer involved in building websites, you should be concerned about how cookie law affects you.
The ePrivacy Directive, also known as the EU cookie law is a directive passed by the European Union that regulates the use of cookies, email marketing, and other forms of electronic communication. Regarding cookies, the Directive requires websites to get prior consent before placing cookies and trackers on a user’s device, except for strictly necessary cookies that are essential for the basic function of a website. The Directive was adopted in the UK as Privacy and Electronic Communications Regulations (PECR).
Data privacy laws around the world have added provisions to regulate cookie usage.
Cookie consent refers to the requirement that websites need to obtain prior consent from users before dropping cookies on their browsers. For consent to be valid as per the GDPR, it has to be freely given, specific, informed and unambiguous indication of the user’s wishes through clear affirmative action. Consent should also be revocable i.e. users should have the option to withdraw consent at any time. To demonstrate that websites have received valid consent, they should record user consent for proof of compliance.
You can implement cookie consent on your website with CookieYes, a cookie consent solution trusted by over 1.4 million websites worldwide. With CookieYes you can fulfil the cookie consent checklist below for compliance with privacy laws like the GDPR, LGPD, CNIL and CCPA.
Cookie consent checklist
- Collect consent for using cookies on your website with a cookie banner or popup
- Give users full control to accept, decline or change cookie settings on the banner
- Customize the banner for desktop and mobile devices for accessibility
- Show cookie table (with name, type, purpose and duration) for full disclosure of cookies
- Show auto-translated banner to users as per their browser language
- Auto-block third-party cookies from loading till the user gives consent
- Record all user consents for proof of compliance
- Add a callback widget for the banner so users can withdraw consent at any time
- Generate a cookie policy with detailed disclosure of cookie use and link it to your cookie banner
- Scan your website for cookies to auto-update your cookie list and cookie policy
What are some other types of cookies?
Supercookies
Supercookies are not cookies per se because they are not downloaded and stored on browsers. They use something called Unique Identifier Headers or UIDH that inject information sent from a user’s device and the service it connects to. Unlike cookies that cannot be shared with another website, UIDH is available to any website that requests access. Supercookies have raised many privacy concerns because they are nearly impossible to remove. They cannot be cleared by deleting the browser cache or be blocked by ad blockers or privacy trackers.
Zombie cookies
Zombie cookies are named so because of their ability to come back from the dead! They are third-party cookies that are placed outside of the web browser’s designated cookie storage. They also don’t get cleared because they are hiding outside the regular cookie storage. Zombie cookies often bypass any restrictions or third-party cookie blocking enabled on browsers when they are re-created. These cookies are capable of tracking a user’s internet behaviour across all available browsers on their device. Ad networks use zombie cookies to gather personal profiles of website visitors.
Flash cookies
These are cookies stored and accessed by Adobe Flash, the browser plug-in used by sites such as YouTube. Flash cookies are Local Shared Objects (LSOs) that provide Flash applications with options to save data to the local system. Flash cookies are used to personalize user experience, but they also can store information about the websites you visit and can persist even after you block web cookies or opt out of ad tracking.
Secure cookies
Secure cookies or HttpOnly cookies have a secure attribute to ensure that cookies are only sent over a secure SSL connection. The secure attribute is always activated so that the cookies are transmitted with encrypted connections, without security issues. These cookies only work for HTTP and HTTPS, hence the name HTTPonly.
What are the alternatives to third-party cookies?
Cookies are here to stay, but third-party cookies are facing the heat in an increasingly privacy-conscious world. Websites, advertisers and even search engines are seeking alternatives to third-party cookies.
First-party data
First-party data is the information that a business collects directly from its users or customers such as data from users’ interactions on a website or app, demographics, data from web forms, in-site search queries, purchase history etc. First-party data can also include data collected offline through in-person events, point of sale, conferences, calls etc. First-party data stays in the hands of those who collect it, and that gives more control and transparency over what happens with that data. Businesses are actively looking at utilizing first-party data to create hyper-personalized experiences for users.
Unified ID
Unified ID or UID 2.0 is an open-source identity framework developed by The TradeDesk Unified ID that will enable cross-site targeting and will provide businesses with the ability to run targeted and personalized ads but with stricter privacy control for users. Unified ID 2.0 will have a single sign-in with the user’s email address when they visit a publisher’s page that supports UID 2.0. An encrypted identifier is created.
Contextual advertising
Contextual advertising or targeting refers to placing ads based on their relevance to the content on a web page. It involves advertisers making use of keywords and key phrases on a webpage. The content on a web page acts as a proxy for personal data. Advertisers use machine learning and cognitive technologies such as natural language processing (NLP) to predict which pages are best to target. Without collecting personal data from users, contextual advertising can help ad networks target users through the content they consume and not serve irrelevant ads.
Google FLoC
FLoC or Federated Learning of Cohorts is a privacy-focused alternative to third-party cookies, part of Google’s proposed Privacy Sandbox. Google FLoC anonymizes users by grouping users with similar interests and browsing habits together into “cohorts”. Each cohort corresponds to groups with similar browsing histories with a specific cohort number for identification. This means Google will target ads to cohorts based on the cohort’s interests rather than targeting it for specific individuals. FloC is designed to show relevant ads to users without collecting personal data through third-party cookies.
How to block Internet cookies
Google Chrome
In Chrome, click on the three dots in the top right corner, then select: Settings> Privacy and security > Cookies and other site data, then Disable Allow all cookies
Chrome (Android)
Open the Chrome browser, click on the three dots in the top right corner, then select: Settings > Site settings > Cookies and enable Block all cookies
Mozilla Firefox
By default, Firefox blocks third-party tracking cookies, social media trackers etc. To enable additional settings, open Firefox, click on the menu bar on the top-right corner, select: Settings > Privacy & Security, then choose the relevant option under Cookies and Site Data
Apple Safari
Safari blocks cookies used for cross-site tracking by default. To block all cookies on the browser, open Safari and select: Preferences > Privacy. Then enable Block all cookies
Safari (iOS)
From your home screen navigate to: Settings > Safari , then turn on Block All Cookies, and then tap on tap on the Block All
Microsoft Edge
To block all cookies on the browser, open Edge and select: Settings > Cookies and Site permissions > Manage and delete cookies and site data and then disable Allow sites to save and read cookie data
For a step-by-step guide to block or clear cookies, refer to How to block cookies on your browser
FAQ on Internet cookies
What is a cookie on the internet?
A cookie or internet cookie is a text file with a small piece of data that is stored on the web browser by websites we visit. Cookies are used for many different purposes, but the most important ones are for managing user sessions, personalization, and ad tracking.
What are cookies on websites?
Cookies are small text files stored on a user’s web browser on their device when they visit a website. These files contain data that can be accessed by the website to remember user’s login information, their shopping cart and other preferences. Cookies enable websites to provide a personalized user experience by storing information about the user’s interactions with the site.
Does every website have cookies?
Not every website uses cookies, but most websites utilize them for basic website performance, enhanced user experience, tracking analytics, and other purposes.
Generally, the use of cookies is prevalent, especially on websites that require user authentication and personalization. Websites that do not use cookies typically have less functionality and features.
When does a website need cookies?
Websites use cookies for various purposes such as:
- Authentication: Cookies allow websites to recognize users, authenticate them and allow them to log in when they return to the site later.
- Personalization: Cookies help websites remember user preferences, such as their language settings, items in their shopping cart etc.
- User analytics: Cookies can collect data for website analytics and to improve website performance.
- Advertising: Cookies are used to track user behaviour such as pages they visit, products they click on etc. for targeted advertising purposes.
When were internet cookies invented?
The history of cookies can be traced back to Lou Montulli, a web browser programmer at Netscape Communications, one of the first internet browsers. In 1994, he came up with the idea of using text files to store information. The idea behind cookies was to help store items in a virtual shopping cart by storing the data in the user’s local computer.
The name “cookie” was coined by Lou Montulli himself and is derived from the term “magic cookie”, which is the package of data received and sent by a program.
Do internet cookies track you?
Yes, some cookies can track you on the internet. These cookies are often called advertising cookies or tracking cookies and allow websites to collect information about your browsing habits, websites you visit, and your on-site behaviour such as scrolling speed and mouse clicks. They are most commonly used for targeted advertising that shows display ads across the sites you visit.
What are HTTP cookies?
HTTP cookies or internet cookies are small pieces of data sent from a website and stored on a user’s browser. These cookies are used for session management, personalization, remembering and tracking user information etc., and help websites to perform different tasks required. HTTP cookies are also referred to as web cookies and browser cookies.
What are cookies on mobile?
It’s no surprise that you can find internet cookies on your smartphones too. These are stored in your mobile browser just like desktops.
Different mobile browsers have different default settings for cookies. Here’s how you can clear cookies on your mobile:
Chrome (Android)
Open the Chrome browser, click on the three dots in the top right corner, then select: Settings > Site settings > Cookies and enable Block all cookies
Safari (iOS)
From your home screen navigate to Settings > Safari, then turn on Block All Cookies, and then tap on tap on the Block All
Should you delete internet cookies?
You may delete cookies if you no longer want the browser to have information saved such as account password, preferences and settings. If you use a shared computer or device, you may choose to delete cookies if you don’t want other users to see your browsing history. If you perform sensitive tasks such as online transactions or investments or don’t want to be shown targeted ads, you may periodically delete cookies.
Should you accept internet cookies?
You may accept or reject website cookies depending on your privacy preferences. Typically, cookies are harmless and are used to provide basic functionalities and improve user experience on a website. However, other cookie categories such as analytics or advertising cookies are used to collect data for targeted advertising.
Most websites in the EEA & UK will display a cookie banner or popup that allows you to choose whether to accept cookies or not. Strictly necessary cookies or essential cookies will be set on your browser regardless of your preference as they are exempt under the GDPR and hence do not require your explicit consent.
If you are concerned about third parties collecting your data via websites, you can also disable third-party cookies on your browser’s settings. Internet browsers like Chrome, Safari, Firefox and others have settings to disable tracking.
Are internet cookies illegal?
No. Internet cookies are not illegal. Cookies are however subject to certain regulations on their use as per privacy laws such as the ePrivacy Directive, GDPR, CCPA and so on. This primarily requires websites to seek prior consent for setting cookies on users’ browsers and only using cookies that the user has consented to. Strictly necessary cookies are exempt from the requirement of consent as they are essential for a website to function properly. Other cookie categories like performance, analytics and advertising need explicit consent from the user.
Can cookies be blocked?
Yes. Cookies can be enabled or disabled on your browser. All modern web browsers have privacy settings that allow users to restrict or block cookies.
Chrome:
In Chrome, click on the three dots in the top right corner, then select: Settings> Privacy and security > Cookies and other site data, then Disable Allow all cookies
Firefox:
By default, Firefox blocks third-party tracking cookies, social media trackers etc. To enable additional settings, open Firefox, click on the menu bar in the top-right corner, select: Settings > Privacy & Security, and then choose the relevant option under Cookies and Site Data
Safari:
Safari blocks cookies used for cross-site tracking by default. To block all cookies on the browser, open Safari and select: Preferences > Privacy Then enable Block all cookies
Why do cookies require consent?
Online identifiers like cookies, IP addresses, advertising IDs, pixel tags, account handles, device fingerprints, and radio frequency identification (RFID) tags, can be used in combination and used to create profiles of individuals and identify them. Hence, cookies can be considered personal data and are subject to privacy laws like the GDPR, LGPD (Brazil), CCPA etc.
