An Internet Cookie Checklist – (Who, What, When, Why and How)



What are Internet cookies, what to think about them? Are they useful, harmless, dangerous?

Usually we have to give up one thing to gain another. Cookies are essential to our modern online experience with targeted advertising on websites and predictive search text that seems to read our minds. Cookies help us gain a personalized online experience, but what do we lose? Are we manipulated by our own data?

There has been a great debate about the ethics of cookies and where to draw the line. This resulted in laws like the EPrivacy Directive, GDPR, PDPA and CCPA require consent for the use of cookies. The following basics will help us understand how something as adorable as the internet cookie could have such powerful implications on the internet.


Who invented the first Internet cookie?

Lou Montulli created the first cookie in 1994. It was tasked with helping a website remember the contents of a user’s shopping cart when they did not want to purchase the items in the same browsing session. He called his invention of the “magic cookie”. The public was not made aware of the existence of cookies until two years later, in 1996.

Image source:


What are Internet cookies?

Cookies are files that to have created when you visit a website. The website create and place a cookie on your website browser so that he can recognize you in the future. The cookie is encoded with a unique identifier and includes data about you or your browsing session.

What is inside an Internet cookie?

It depends. This may include your name or address, the pages you visited, the contents of your shopping cart, or information about the pages of the site you visited.

There are different cookies that look for different information. Cookies help websites perform some of the functions we expect from our online experience, such as authenticating a user, remembering a username or credit card number. The information stored in cookies can help third parties take advantage of user preferences.

What are the different types of Internet cookies?

Just like there are dozens of flavors at the bakery, there areThere are also different types of Internet cookies.

Proprietary cookies

First-party cookies have the same domain as the website you are on. These cookies cannot follow you over several sites and are intended to improve your user experience for the site youre on. These cookies are divided into two flavors, session cookies and persistent cookies.

SSession cookies

These cookies expire when you close a browsing session. Session cookies are the reason that when you hit the back button, your computer always remembers the article you were reading on a specific web page.

Persistent cookies

The cookies that remain are called persistent cookies. These cookies are the reason why you do not have to remember your username and password when you return to certain websites or reset the language to default on a website each time you visit it. These cooKies have an expiration set when they are created. Legally it should be deleted after 12 months, but in practice it can be set hundreds of years into the future, unless a user clears their cache before.

Third party tracking cookies

These cookies are the subject of much debate. They create a profile on the user based on their interests, search history, purchasing choices, and browsing behaviors – and reapply that data to the ad. These cookies allow businesses and advertisers to use cross-site tracking to track and research a user’s behavior and retarget it with adware on different sites.

These cookies are responsible for why you see that pair of shoes you thought you were buying appear on ads everywhere you go.

Note: Google announced in January 2020 its intention to phase out all third-party cookies. We talk more about this in our When section: When does Google end support for third-party cookies in Chrome.

ZUmbia cookies

A technology called Quantcast brings cookies back from the dead after they are deleted. These cookies are diHard to find and usually located outside of the browser storage where your other cookies are stored. This allows cookies to track the user on all computer browsers. Although created to prevent online gamers from cheating, it has had the uninThe ripple effect of allowing bad actors to install malware on users’ devices, not to mention that it is almost impossible to kill.


When does Google end support for third-party cookies in Chrome?

Google announced in January 2020 their plan to phase out all third-party cookies used on chrome browsers by the end of 2023. With Tor and Brave browsers, Firefox stopped allowing third-party cookie tracking two years ago and Safari stopped 1.5 years ago.

Cookies are not the only tracking technology, so while prohibiting third-party cookies is useful, there are workarounds that are already in use on browsers that already prohibit third-party cookies. A few are Ultrasonic tags, Silverlight Isolated Storage, IndexedDB, pixel tags and HTML5 Local Storage.

When are the laws on cookies Wrong thing?

The cookie hysteria is real. Some business owners argue that the burden of cookie laws is too high. Companies that operate websites in other states and countries not subject to cookie laws have yet to make changes. If you collect information on more than 50,000 California residents per year, you are required to comply with the CCPA through the extraterritorial scope. If you accept the euro as the currency on your e-commerce platform or use cookies to monitor European individuals, then you are subject to the GDPR. These laws force many companies to take the time to educate themselves and their managers. What it requires from companies that operate a website or mobile app should include:

  • A privacy policy
  • A cookies policy
  • Create an explicit consent banner

When you does not allow cookies, what will happen?

More the website could still allows in, even if you may not have access to all of the site’s features. You can sometimes be blocked from accessing the site If you not give consent. This is called a cookie wall and is in place for websites which are not designed to operate without cookies.


Where can I find the consent banner for a website using cookies?

If you do not see a cookie policy or consent banner on a web page, the website may not be subject to data privacy laws. More and more websites have started to include this, regardless of their consumer base, in order to reduce possible liability.

The banner usually appears immediately on a web page as a fixed footer called a browserwrap, or as a popup. It can provide options to personalize your experience, a statement with an accept button, or an option to exit.

Here are some examples of consent banners that offer different options.

Image source: Google Image Search


Why is it called a cookie?

There are two theories as to why Lou Montulli called his invention a cookie.

  1. It’s like a fortune cookie, which has a message inside that says something about the user.
  2. Inspired by Grimm’s Hansel and Gretel, the cookie represents the trail of gingerbread crumbs that Hansel left that created a path from outside the forest to him. Cookies (crumbs) lead you to the user.


How do I delete my cookies?

Each browser has small differences in how to delete cookies. Sometimes they are stored in a .txt file, other times in a .sqlite file. We have included the guide for each browser:

How Can cybercriminals use your cookies?

Hackers can steal your cookies, determine your browsing history, and use a hacking method called Cross-site scripting (XSS) to break into your accounts. We take a closer look at the theft of cookies in our Fake WordPrssAPI Stealing Cookies and Hacking Sessions blog post.

Another risk is that cookies can lead an attacker to gain unauthorized access to a website’s backdoor. We discuss mitigation strategies in our article on evaluate cookies to hide backdoors.


It would be difficult to get around today’s Internet withoutut any use of cookies. First-party cookies are part of what we would expect in our online experience. Nevertheless, third-party cookies and invasive tracking technologies should not be a free pass to our information (at least not without our cwe feel). Putting controls in place to protect user privacy also protects users from vulnerabilities. Maintain good cookie hygiene by clearing your browsing data daily and follow or sign up for security alert notifications that can keep you on your guard against new threats.


Leave A Reply

Your email address will not be published.