fbpx
Guide to Internet Cookies

All About Internet Cookies

Published on November 26, 2021

In the 1990s when websites were struggling to remember who their users were or what they did in previous website visits, Lou Montulli, a network engineer, invented the HTTP cookie or what is widely known as internet cookies or simply as cookies. Cookies have now become an inevitable part of the internet, helping businesses accomplish a wide variety of purposes. 

These days, you may often come across cookie popups on websites, the arrival of stricter privacy laws have changed how they are used on websites. Therefore, it is important to understand what cookies are, how they function and how they affect user privacy.

What are internet cookies?

An internet cookie (HTTP cookie or browser cookie or web cookie) is a small piece of data that a website stores on a user’s browser. A cookie consists of a small text file with a unique ID which is an anonymous number (randomly generated). There are two copies of it, one is stored on your device and one is stored on the website.

Cookies are set on the user’s device while the user is browsing a website and are stored for a range of purposes such as uniquely identifying users, managing their browsing sessions, facilitating personalized user experiences, ad targeting, and much more. 

What are internet cookies used for?

Cookies are an important component that helps websites to function effectively. Cookies enable you to use basic features on the website and allow sites to personalize user experience, track how users browse the site and collect insights for improving the site, products and services.

Most often, websites use cookies to:

  • Keep you logged in on the site
  • Remember items in your shopping cart or wishlist
  • Keep your payment information secure
  • Personalize the content you see
  • Save your preferred site settings and themes
  • Track how users interact with a website
  • Show users relevant, personalized ads

Types of cookies

Cookies are generally classified based on their characteristic attributes such as their mode of origin, the time period they remain on a user’s browser, and what purposes they serve. The most common types of cookies are described briefly below.

Cookies classified based on the source

First-party cookies

First-party cookies are set by the website you’re on, i.e. the domain of a first-party cookie will be the same as the domain in your browser’s address bar. Websites usually use these cookies to track the visitor’s surfing behaviour, to remember user activity on a website over multiple visits etc. For instance, you may have seen links to the pages you visited recently on the same website. This is enabled by first-party cookies. 

Third-party cookies

Third-party cookies are set by any party apart from the website or a domain that a user visits directly. Third parties often include advertisers, publishers and ad tech companies who provide targeted ads and companies or services that help websites to add third-party elements like live chat, social media buttons, Google Maps etc. 

Third-party cookies are often called tracking cookies because they are used to track user activity across the internet for the purposes of advertising marketing. Since third-party cookies can be set despite the user not visiting the site they originate from, their use has often been contentious because of the concerns about user privacy. 

Cookies classified based on the expiration period

Session cookies

Session cookies (also temporary cookies or non-persistent cookies) are temporary cookie files that expire once a user ends a session. A session starts when a user opens a website or web app and ends when they leave the website or close the browser window. 

Session cookies are used to recognize users’ online behaviour and remember their actions or preferences during a browsing session. Primarily, session cookies allow websites to remember users within a website when they move between web pages. These cookies save a user’s item selection on their shopping cart list when they move between pages on a website even when the user is not logged in on the site.

Persistent Cookies

Persistent cookies (or permanent cookies) remain on a user’s browser for a considerably longer time, unlike session cookies. Persistent cookies usually come with an expiration period ranging between a single second to several years. Once these cookies reach their expiration date, they will get deleted automatically from the user’s browser. 

These types of cookies are stored on a user’s device to recognize users and remember information, settings, preferences, or sign in credentials on a user’s subsequent visits. This is how persistent cookies help websites provide better and faster user experiences.

Cookies classified based on the purpose

Strictly necessary cookies

Strictly necessary cookies (or essential cookies), as its name itself suggests, are necessary for a website to function effectively. These cookies help users to navigate the website and provide basic features such as signing in, adding items to the shopping cart, or checking out and making payments etc. Strictly necessary cookies are cookies that are exempt from cookie consent.  

Performance cookies

Performance cookies (or statistics cookies) allow websites to remember the users so that they can provide an enhanced user experience. These cookies enable websites to collect anonymous information about how visitors use the website, the types of pages you visit, and problems or frictions the user experience on the site, to evaluate the performance of a website. This information is then used to make improvements to the way the site works, understand the interests and motivations of users to ensure effective communications and delivery of products or services.

Functional cookies

Functional cookies (or preference cookies) are classified as cookies that ensure a website functions properly. These cookies, as the name suggests, help enhance a website’s performance and functionality. They help websites to remember user credentials like username and password for automatic login, a user’s site preferences such as the user’s language preference, region etc. While functionality cookies are not used to track browsing activity on other websites, they can also be set by third party providers whose services are used by the website.

Advertising cookies

Advertising cookies (targeting cookies or tracking cookies) are used by websites to track the browning activities and behaviour of users online to build a profile of the user’s interests and show them relevant advertisements on other websites. They are usually third party cookies set by advertising networks (like Google Ads, Amazon Publisher Services, Media.net) used by a website.

These types of cookies are often persistent and are usually installed on a user’s browser by third parties. They do not directly store personal information but can uniquely identify a user’s browser, device, location, browsing habits, browser preferences and so on. 

Cookies and user privacy

When cookies began to be widely adopted by websites in the late 90s, concerns were raised about user privacy and those concerns have not died down ever since. As personal data collected from cookies are aggressively being used by ad networks to target ads, privacy concerns regarding cookies have been increasing in recent times. In this regard, data protection laws and directives such as the General Data Protection Regulation (GDPR), ePrivacy Directive (ePD), CCPA, LGPD have included provisions that regulate the use of cookies. 

What is the cookie law?

The ePrivacy Directive, also known as the EU cookie law is a directive passed by the European Union that lays down the regulates cookie usage, email marketing, and other forms of electronic communication. Regarding cookies, the Directive requires websites to get prior consent before placing cookies and trackers on a user’s device, except for strictly necessary cookies that are essential for the basic function of a website. The Directive was adopted in the UK as Privacy and Electronic Communications Regulations (PECR).

Data privacy laws around the world have added provisions to regulate cookie usage. Read our complete guides to privacy laws, to learn more: 

What is cookie consent?

Cookie consent refers to the requirement that websites need to obtain prior consent from users before dropping cookies on their browser. For consent to be valid as per the GDPR, it has to be freely given, specific, informed and unambiguous indication of the user’s wishes through a clear affirmative action. Consent should also be revocable i.e. users should have the option to withdraw consent at any time. To demonstrate that websites have received valid consent, they should record user consents for proof of compliance.

internet cookies and consent banner
A simple cookie consent banner on the CookieYes website.

You can implement cookie consent on your website with CookieYes, a cookie consent solution trusted by over 1.3 million websites worldwide. With CookieYes you can fulfil the cookie consent checklist below for compliance with privacy laws like the GDPR, LGPD, CNIL and CCPA.

  • Collect consent for using cookies on your website with a cookie banner or popup
  • Give users full control to accept, decline or change cookie settings on the banner
  • Customize the banner for desktop and mobile devices for accessibility
  • Show cookie table (with name, type, purpose and duration) for full disclosure of cookies 
  • Show auto-translated banner to users as per their browser language
  • Auto-block third-party cookies from loading till the user gives consent
  • Record all user consents for proof of compliance
  • Add a callback widget for the banner so users can withdraw consent at any time
  • Generate a cookie policy with detailed disclosure of cookie use and link it to your cookie banner
  • Scan your website for cookies to auto-update your cookie list and cookie policy 

What are some other types of cookies?

Supercookies

Supercookies are not cookies per se because they are not downloaded and stored on browsers. They use something called Unique Identifier Headers or UIDH that inject information sent from a user’s device and the service it connects to. Unlike cookies that cannot be shared with another website, UIDH is available to any website that requests access. Supercookies have raised many privacy concerns because they are nearly impossible to remove. They cannot be cleared by deleting browser cache or be blocked by ad blockers or privacy trackers.

Zombie cookies

Zombie cookies are named so because of their ability to come back from the dead! They are third-party cookies that are placed outside of the web browser’s designated cookie storage. They also don’t get cleared because they are hiding outside the regular cookie storage. Zombie cookies often bypass any restrictions or third-party cookie blocking enabled on browsers when they are re-created. These cookies are capable of tracking a user’s internet behaviour across all available browsers on their device. Ad networks use zombie cookies to gather personal profiles of website visitors.

Flash cookies

These are cookies stored and accessed by Adobe Flash, the browser plug-in used by sites such as YouTube. Flash cookies are basically Local Shared Objects (LSOs) that provide Flash applications with options to save data to the local system. Flash cookies are used to personalize user experience, but they also can store information about the websites you visit and can persist even after you block web cookies or opt-out of ad tracking.

Secure cookies

Secure cookies or ​​HttpOnly cookies have a secure attribute to ensure that cookies are only sent over a secure SSL connection.  The secure attribute is always activated so that the cookies are transmitted with encrypted connections, without security issues. These cookies only work for HTTP and HTTPS, hence the name HTTPonly.

What are the alternatives to third-party cookies?

Cookies are here to stay, but third-party cookies are facing the heat in an increasingly privacy-conscious world. Websites, advertisers and even search engines are seeking alternatives to third-party cookies. 

First-party data

First-party data is the information that a business collects directly from its users or customers such as data from users’ interactions on a website or app, demographics, data from web forms, in-site search queries, purchase history etc. First-party data can also include data collected offline through in-person events, point of sale, conferences, calls etc. First-party data stays in the hands of those who collect it, and that gives more control and transparency over what happens with that data. Businesses are actively looking at utilizing first-party data to create hyper-personalized experiences for users. 

Unified ID

Unified ID or UID 2.0 is an open-source identity framework developed by The TradeDesk Unified ID that will enable cross-site targeting and will provide businesses with the ability to run targeted and personalized ads, but with stricter privacy control for users. Unified ID 2.0 will have a single sign-in with the user’s email address when they visit a publisher’s page that supports UID 2.0. An encrypted identifier is created. 

Contextual advertising

Contextual advertising or targeting refers to placing ads based on their relevance to the content on a web page. It involves advertisers making use of keywords and key phrases on a webpage. The content on a web page acts as a proxy to personal data. Advertisers use machine learning and cognitive technologies such as natural language processing (NLP) to predict which pages are best to target. Without collecting personal data from users, contextual advertising can help ad networks to target users through the content they consume and not serve irrelevant ads.

Google FLoC 

FLoC or Federated Learning of Cohorts is a privacy-focused alternative to third-party cookies, part of Google’s proposed Privacy Sandbox. Google FLoC anonymizes users by grouping users with similar interests and browsing habits together into “cohorts”. Each cohort corresponds to groups with similar browsing histories with a specific cohort number for identification. This means Google will target ads to cohort-based on cohort’s interests rather than targeting it for specific individuals. FloC is designed to show relevant ads to users without collecting personal data through third-party cookies.

FAQ on internet cookies

What are HTTP cookies?

HTTP cookies or internet cookies are small pieces of data sent from a website and stored on a user’s browser. These cookies are used for session management, personalization, remembering and tracking user information etc. and help websites to perform different tasks required. HTTP cookies are also referred to as web cookies and browser cookies.

Should you delete internet cookies?

You may delete cookies if you no longer want the browser to have information saved such as account password, preferences and settings. If you use a shared computer or device, you may choose to delete cookies if you don’t want other users to see your browsing history. If you perform sensitive tasks such as online transactions or investments or don’t want to be shown targeted ads, you may periodically delete cookies. 

Should you accept internet cookies?

It depends. Cookies are in most cases harmless, they are used to provide basic functionalities and improve user experience on a website. But, if you are concerned about third parties collecting your data via websites, you can disable third-party cookies on your browser’s settings. Internet browsers like Chrome, Safari, Firefox and others have settings to disable tracking. In certain scenarios, declining cookies can stop certain website functions from working properly or the user from accessing them, in such cases you have to accept cookies. 

Are internet cookies illegal?

No. Internet cookies are not illegal. Cookies are however subject to certain regulations on their use as per privacy laws such as the ePrivacy Directive, GDPR, CCPA and so on. This primarily requires websites to seek prior consent for setting cookies on users’ browsers and only using cookies that the user has consented to. Strictly necessary cookies are exempt from the requirement of consent as they are essential for a website to function properly. Other cookie categories like performance, analytics and advertising need explicit consent from the user.

Yes. Cookies can be enabled or disabled on your browser. All modern web browsers have privacy settings that allow users to restrict or block cookies.

Chrome: 

In Chrome, click on the three dots in the top right corner, then select: Settings> Privacy and security > Cookies and other site data, then Disable Allow all cookies 

Firefox:

By default, Firefox blocks third-party tracking cookies, social media trackers etc. To enable additional settings, open Firefox, click on the menu bar on the top-right corner, select: Settings > Privacy & Security, then choose the relevant option under Cookies and Site Data

Safari:

Safari blocks cookies used for cross-site tracking by default. To block all cookies on the browser, open Safari and select: Preferences > Privacy Then enable Block all cookies

Why do cookies require consent?

Online identifiers like cookies, IP addresses, advertising IDs, pixel tags, account handles, device fingerprints, radio frequency identification (RFID) tags, can be used in combination and used to create profiles of individuals and identify them. Hence, cookies can be considered personal data and are subject to privacy laws like the GDPR, LGPD (Brazil), CCPA etc. 

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.