What are cookies on a website and how are they used?

Unfortunately, website cookies are not a yummy treat – although the fact that they only exist in the virtual world means that at least they don’t contain calories! When the pair of shoes you were admiring weeks ago suddenly appears in ads on every website you visit or online shopping sites know your name, website cookies are behind it.

But are cookies safe? mail.com answers all your questions.

Three chocolate chip cookies stacked against a white background
Website cookies may not be delicious – but they can be useful!

Website cookies: Annoying or useful?

Website cookies have a host of useful functions, like helping webpages display properly or helping you to autofill forms. But the fact that you are constantly being asked whether you want to accept cookies may have you wondering – are cookies safe? We have the answers to your questions about cookies:

What are website cookies?

In the context of web browsing, a “cookie” is a tiny text file that is automatically saved to your computer or mobile device when you visit a website. This lets web servers store information about your browsing activity – so they can keep track of items you place in an online shopping cart, for instance. As such, website cookies, which are also called HTTP cookies, are a standard feature of the modern computing landscape. It is possible to block them, but in some cases they are essential to the proper functioning of a website.

Good to know: Why are internet cookies called “cookies”?

There are several theories floating around about where the name “cookie” comes from. Our favorite: It was derived from the term “magic cookies,” which was what data packets were called in old Unix systems, and from the idea of a fortune cookie, which is of course also a small morsel with information on the inside.

Do cookies track browsing history?

Many of us worry that cookies are used to track our activities across the internet. But the answer here is a clear “it depends”. That’s because there are different types of cookies that are used for different purposes:

Session cookies vs. persistent cookies

One kind of cookies that help you navigate a website (e.g., so the back button will work) are called “session cookies.” They are automatically deleted after your session on that website ends. The others are called “persistent cookies” and they remain on your computer even when you are done using the website. Persistent cookies can be used for reasons like remembering your site login or language preferences when you return to the website another time. They can also be used by the site owner to track your behavior over multiple visits to the same site, which would, for example, allow an online shop to suggest other items you might be interested in.

Essential (or “strictly necessary”) cookies

Essential cookies, sometimes referred to as “strictly necessary” in the cookie banner that asks for your consent, are the cookies that are needed solely to make the website function in the expected manner. An example of an essential cookie would be a session cookie that keeps you logged into a website as you click on different pages within the site.

Third-party cookies

The kind of cookies that can lead to you feeling “followed” as you visit different websites are known as “third-party” or “tracking” cookies. When set on a website, these cookies collect and process the personal data of visitors for advertising purposes. So this type of cookie can also be used to build a profile of someone’s browsing behavior and offer them targeted information across websites.

What information is collected by cookies?

Cookies contain information about a user’s actions that can be used again later by the website. Once they have been saved by your internet browser, the cookies are sent to the server of the website operator whenever you visit that website. Different types of cookies store different types of information, which might include e.g.:

  • Domain name of the website you visited or the server that hosts it
  • Country and/or language settings   
  • Location or device information
  • Length of a website visit
For example, first-party cookies let that website “remember” your preferred settings for the zoom, font size and language, so every time you go back to the website, it will appear the way you like it. Or if you visit an online shop and leave items in your shopping cart when you click away from that site, cookies enable your choices to still be there when you return later. And if you fill in an online contact form, they make it possible for the website to remember your address and phone number so you don’t have to type them in again.

Third-party website cookies also collect information on your browsing activities across different sites. This allows the creation of a unique behavior profile so you can be shown ads on based on your recent website use, search queries, etc.

Why do sites have cookie warnings?

In May 2018, the European Union enacted the General Data Protection Regulation (GDPR), a sweeping data privacy law. One aim of the GDPR is to make sure users are aware of the data that companies collect about them and give them a chance to consent – or not – to how this data is used and shared. And since, as we explained above, some types of cookies contain personal data such as internet browsing behavior, companies are required to get users’ permission to use them. As we all know, the internet is global, so you will still get the cookie banner asking your permission to use cookies even if you don’t live in Europe. And as privacy regulations are becoming more widespread across the globe, it’s no wonder that such consent requests are found on almost all websites today.

Is it better to accept or reject cookies?

You are not required to accept any cookies. Some are essential to the technical functioning of a website, however, so you won’t be able to use that site if you refuse to consent to the “strictly necessary” cookies – or even if you are allowed to continue to the site, its functionality will be limited.

If you are concerned about having your browsing behavior tracked, keep your eyes open for the words “third-party cookies” in the consent pop-up. If you accept these cookies, you are consenting to the website sharing your browsing behavior with data brokers, who use it and other data to put together a detailed profile of your online consumer activities. Third-party cookies are also occasionally stolen by hackers on the lookout for personal data like credit card information. So for a good browsing experience on a website with fewer privacy worries, you could accept the essential and first-party cookies and reject non-essential or third-party cookies.

Are website cookies safe?

As the above discussion shows, many types of cookies are harmless. They do not contain malware or viruses. When they are created, they don’t contain any personal data like your date of birth or home address, and they don't scan your computer to find out your personal information. However, they can contain personal data that you provide, e.g. information you input on a website form. And certain types are used to track your browsing activity. If any of this bothers you, you can do the following:
  1. Delete cookies regularly. This is done in your internet browser. In your browser settings, you can also set up automatic deletion of cookies at regular intervals. Keep in mind that deleting a site’s first-party cookies will mean that information from your past sessions on that specific site, e.g. certain settings and autofill information, will be deleted as well, which may impact your experience there.
  2. Deny permission for third-party cookies in your browser settings. (In some browsers they will be called “tracking cookies” or “cross-site cookies”, and some browsers already reject them by default.)
  3. Browse in private mode. This is also an option offered by many web browsers. Among other things, it means no cookies and no browsing history are saved after you close the private browsing window.

We hope this post answered all your questions about website cookies - we look forward to your feedback below! And if you still don’t have a mail.com email account, you can sign up today!

This article first appeared on Sept. 16, 2021, and was updated on Sept. 21, 2023.

Images: 1&1/iStock

2,029 people found this article helpful.

Related articles

What is cyberstalking? Definition and prevention

Secure Wi-Fi router: 8 ways to keep your home network safe

What is catfishing online & how to catch it