Why Do Websites Use Cookies? | All About Cookies

Website cookies have become a normal, everyday part of being an Internet user. But much like agreeing to the terms and services of a new device, many users don’t pay attention to what cookies are or how websites are using them.

Now that we know website cookies are here to stay for the foreseeable future, join us below to explore what website cookies are, the different types of cookies, and how they’re used.

Stay in the know by subscribing to the DOT Security blog and getting updates on everything in the industry from the biggest monthly headlines to the latest technology in play.

What Are Web Cookies?

Website cookies are small text files stored on a user's device by a website they visit. These files contain data that helps the website remember the user's preferences, login information, or activity, making it easier for the user to interact with the site in future visits. For example, cookies allow a website to keep items in a shopping cart or remember login credentials across sessions.

As such, cookies are typically designed to improve the user experience through individual personalization.

Why Do Websites Use Cookies?

Websites use HTTP cookies for a number of reasons such as:

Personalization: A website might send a cookie to a user to analyze their activity in order to tailor the user experience to specific individuals.

For example, a website you have visited previously can show content relevant to you and give recommendations based on your interactions, such as similar products or targeted messages.

Tracking: Cookies allow websites to track your activity on any given site. This allows them to record which pages you have visited, how long you interacted with each page, or which content pieces you engage with most often.

For example, brands can use cookies to track which web pages are performing well and which pages are experiencing higher-than-average bounce rates.

Session Management: A website can also send a cookie to a user’s device whenever they log into their account. That way the website can grant specific users access to its services and remember when a user has logged in.

Popular Cookies Websites Use

First-Party Cookies: Also known as same-site cookies, these cookies are created by the online pages you visit. For example, if you visit YouTube, a cookie made by that page will track your activity and behavior.

This cookie would allow the site to remember your language preferences, show you relevant videos, and record which pieces of content you interacted with.

Third-Party Cookies: These are cookies sent to your browser from a website created by a third party. They often work to send you targeted ads.

For instance, let’s say you searched for flights to New York. Later, you may see ads for hotels or attractions in New York on a different web page. This is due to third-party cookies which tracked your previous activity.

Session Cookies: These cookies are used to store information only while you navigate a site. Once you end your session, the cookie is deleted. These cookies can be used by an eCommerce page to store your shopping cart items, for example.

Persistent Cookies: Also known as permanent cookies, they can stay in your device for days, months, or years. They are often used to track your online activity. Persistent cookies can also be used by sites to remember your login credentials.

Secure Cookies: A secure cookie is a first or third-party cookie with a secure attribute, which allows the cookie to only be transmitted in a safe website, usually HTTPS sites.

Zombie Cookies: We know zombies to be undead beings that came back from the grave. Similarly, zombie cookies come back to a user’s device even after they were deleted.

Zombie cookies are programmed to create their own back-up version outside of your browser, so even if you delete the original, its zombie version will come back into your browser.

This type of cookie is often used by cybercriminals. For example, a zombie cookie that respawns continuously can be used to track targeted individuals to steal their data or send it to third-parties.

Super Cookies: Also known as Flash cookies, super cookies are text files that a web browser sends to a user’s device whenever the browser shows content supported by Adobe Flash.

Super cookies are named so because they remain in a device even when users clear their browsers of cookies. Although Adobe discontinued their Flash software, some flash cookies still exist in the web.

What Information Do Cookies Collect?

Depending on the website you visit, a cookie can collect a variety of information. For instance, social media websites—and many other types of webpages—can collect your credentials, what links you have clicked, which ads you interacted with, how long your page visit was, who your friends are, and even people you may know.

Users begin to worry about cookies when more private information is stored, such as their hobbies and interests, their phone number or address, or their location.

When this type of data is collected, it’s often in order to help the user or make their website experience more effective. For example, if you filled out your personal details on a page—such as an airline website—a cookie can fill in your data for you next time you wish to purchase tickets.

Advertisers often use cookies to show relevant ads and products to the users that visit their site. If you run an eCommerce site, for example, cookies would allow your online store to send targeted ads to users based on their behavior and previous activity.

Is Enabling Cookies a Security Risk?

While cookies are generally not malicious, they can be used to track your behavior and online use. Most websites use cookies to show you more relevant content, ads, and suggestions of new sites that could be of interest to you.

Generally, cookies are not malicious on their own, although some cookies have been used in the past to exploit the data in browsers. The danger in cookies appears when cookies on a user’s device are used against them.

Bad actors can hijack users’ cookies and access the information stored in them, such as session data, personally identifying information, and account credentials.

Cookie Consent

Thanks to user data privacy laws like CCPA and GDPR—the former protects the privacy of consumers in California while the latter of those in the EU—many websites are now displaying a cookie policy to their users.

When you visit a website, have you noticed a pop-up asking you to verify which cookies you consent to? This is an example of a site’s privacy law policies.

Although it may be tempting to click “Yes” and instantly agree to a website’s cookie policy, users that wish to protect their privacy can opt out of any unnecessary cookies such as cookies used for marketing, statistics, and personalization.

Wrapping Up on Website Cookies

Website cookies play a crucial role in personalizing our online experiences and helping sites run smoothly. However, their use also brings important considerations for privacy and data security.

As the conversation around online tracking and user consent continues to evolve, understanding cookies empowers users to make informed choices about their online presence. Now that you know more about what cookies are and how they work, you can navigate the digital world with a clearer view of how your data is being used—and how you can control it.

To learn more about everything cybersecurity, from the latest trends to the biggest monthly headlines, subscribe to the DOT Security blog.