A cookie is a small data file that websites store on your device to remember your activity, preferences, and login status. Websites send cookies from their servers to your browser, where they’re either stored or deleted after the session ends.
Most websites use cookies — also referred to as HTTP cookies, website cookies, internet cookies, web cookies, or browser cookies — to some extent.
As users, many of us either flatly accept all cookies out of convenience or reject them due to privacy concerns. But internet cookies have both benefits and drawbacks, and understanding them can help you make better choices. We’ll teach you about cookie usage, varieties, and ways to enhance your privacy.
What are cookies used for?
Cookies store user data to personalize, secure, and streamline your browsing experience. Once you’re “cookied” into a web page, it remembers key details for a set period of time. That information can be used to:
Personalize the experience: By recording previous actions, preferences, and settings, websites can adjust to the user for a better browsing experience.
Authenticate users: Some cookies authenticate users, verifying that the actual account owner is making the request. This is valuable for fraud prevention.
Maintain user sessions: A cookie may collect session data, saving you the trouble of logging back in or reentering information as you navigate between site pages.
Analyze user behavior: Companies may use cookies to gather analytics on how users interact with the website. They can then use the insights to improve the user experience.
Target advertising: By tracking your behavior, advertisers can deliver ads that are relevant to your interests. Google Ads also uses cookies to allow you to mute ads you don’t want to see again.
Are cookies bad?
Cookies aren’t inherently bad, but their impact depends on how they’re used. They can improve browsing convenience or compromise privacy, depending on purpose and settings.
But like their sugary baked cousins, web cookies get a bad rap in some circles.
Pros:
Personalization
Easy logins
Enhanced user experience
Cons:
Privacy concerns
Slower browsing speeds
Websites won’t recognize you if you delete cookies or switch devices
What are the most common types of cookies?
Web cookies come in several types based on origin, duration, and purpose. In fact, just one domain can generate multiple varieties. The most common types of cookies include:
First-party cookie: Every cookie is either a first-party or a third-party cookie. First-party cookies come directly from the domain you visit.
Third-party cookie: Third-party cookies belong to another domain, such as an advertiser.
Session cookie: A session cookie may also be called a transient cookie, an in-memory cookie, or a non-persistent cookie. It temporarily records information as you navigate through the website and deletes the data when you leave.
Persistent cookie: Persistent cookies are tracking cookies that record how you use a specific website over a more extended period of time.
HttpOnly cookie: HttpOnly cookies are designed to reduce the risk of cookie theft and cross-site scripting (XSS) attacks by blocking access from client-side APIs, including JavaScript.
Secure cookie: A secure cookie requires an encrypted connection (HTTPS) and expires when the session is complete.
Zombie cookie: Also known as a supercookie, a zombie cookie collects information on a user’s browsing habits and stores it outside of the web browser’s normal cookie storage. If the original HTTP cookie is deleted, it automatically generates another. Flash cookies were historically one of the most common varieties. In 2010, many big-name companies faced a class action lawsuit for their use of zombie cookies.
How do cookies impact user privacy?
Cookies can affect privacy because they record personal browsing data. Most are harmless, but third-party or persistent cookies can track your activity for targeted advertising or analytics.
Third-party cookies generally aim to track activity to present targeted ads rather than improving your browsing experience. That means someone is collecting information on your activity for their personal gain. Adversaries could also theoretically use third-party cookies to effectively stalk a user, and threat actors may disguise malware or viruses as cookies.
Because of the privacy concerns associated with cookies, the European Union adopted the ePrivacy Directive, also known as the Cookie Law. This legislation requires that any website operating in the EU must disclose how cookies are used and obtain user consent before using non-essential cookies.
While the federal government of the United States does not have equivalent laws, the California Consumer Privacy Act (CCPA) places some restrictions, such as requiring that websites provide clear notice about data collection and allow users to opt out of the sale or sharing of their personal information.
How do you clear cookies?
The process for clearing cookies depends on which browser you use.
How to clear cookies on Google Chrome
Open Chrome.
Click the drop-down menu with three vertical dots in the upper-right corner.
Click Delete browsing data...
Select the time range.
Ensure there’s a check next to Cookies and other site data.
Click Delete data.
How to clear cookies on Safari
Go to Settings > Apps > Safari.
Tap Clear History and Website Data.
Select the relevant timeframe.
Tap Clear History.
Open Safari.
Select Safari > Preferences > Privacy.
Click Manage Website Data.
Select the websites from which you want to remove cookies.
Click Remove or Remove All.
How to clear cookies on Microsoft Edge
Open Edge.
Click the drop-down menu with three horizontal dots in the upper-right corner.
Click Settings > Privacy, search, and services.
Select Clear browsing data > Choose what to clear.
Select the time range.
Select Cookies and other site data > Clear now.
How to clear cookies on Firefox
Open Firefox.
Click the drop-down menu with three horizontal lines in the upper-right corner.
Click Settings.
Click Privacy & Security.
Scroll to Cookies and Site Data, and click Clear Data.
Ensure there’s a check next to Cookies and Site Data, and then click Clear.
How else can you increase your privacy?
Blocking or deleting unnecessary cookies is a good start, but it won’t fully protect your privacy. You can further enhance privacy online by limiting cookie tracking and using secure browsing tools. Try these steps:
Use a VPN to encrypt traffic.
Browse in incognito or private mode.
Use non-tracking search engines like DuckDuckGo.
Use a VPN
A virtual private network (VPN) encrypts traffic and hides your IP address. That said, cookies can still track you, so privacy-minded businesses should pair a VPN with other methods.
Use your browser’s privacy mode
If you want to keep your online activities secret or get around metered paywalls, you’re probably already familiar with your browser’s privacy or incognito mode. This option prevents history, cookies, and site data from saving once you close the browser. While some cookies and other data may stick around for the duration of your session, the slate is wiped clean when you’re done (at least theoretically).
Switch to a search engine that doesn’t track you
Most popular search engines remember your history, document the results you click, log your IP address, and much more. Using a search engine that uses fewer cookies, such as DuckDuckGo, can enhance your privacy. While you can still pick up cookies from whatever results you click, at least there won’t be as much evidence of how often you search for lazy sysadmin tips.
Understanding what website cookies are and how they affect your privacy is just one part of good IT hygiene. If you're managing endpoints and want even more control, try PDQ Connect free for 14 days. And if you're a sysadmin who likes swapping tips, rants, or cookie analogies, join us in the PDQ Discord Community.
