Have you ever noticed the next time you visit a website you browsed previously, it logs you in automatically? Or when you’re shopping online and adding items to your cart, you still find them there when you leave the website and return later?
You may have also wondered why you’re looking at ads for Nike shoes just after visiting the company’s official site.
Web cookies make this possible.
Cookies were originally invented to help websites keep track of their visitors and what they did in previous website visits. Today, 36.8% of all websites, including Facebook, Google Analytics, and Amazon, use them to provide hyper-personalized browsing experiences to users.
Some cookies fall short of modern standards for privacy and as a result, the industry is changing to adapt to a cookieless world—or looking for credible alternatives to third party cookies.
This Snigel guide will help you navigate the murky waters of cookies, as well as share tips to develop a strong cookie policy that complies with major cookie laws.
What are internet or web cookies and how do they work?
Web cookies or internet cookies are small pieces of user data (username, date of birth, password, etc.) that a website places on the user‘s device to store information. They enable a website to:
- recognize a user as an existing customer when they revisit later, and
- collect general information about user behavior.
When a user opens a website, it sends a cookie from its web server to the user’s web browser. The browser then stores the cookie on the user’s computer or smartphone in a cookie file. All data stored in the cookie has a unique ID that's exclusive to the visitor and their device.
However, cookies aren’t programs—or viruses or spyware. There are simple text files you can use to track visitors across web pages to remember their actions and preferences. Some cookies also track users across websites and devices.
What information do cookies store?
As a website owner, you need to know what type of site data your cookies store to comply with internet cookie and data security laws.
Generally, a cookie will only remember your user’s browser. But you can also use it to store more comprehensive information about users. Legitimate websites that store personal data in cookies encrypt it to prevent unauthorized use by other parties.
For the most part, cookies have five parameters when it comes to storing information:
- The name and value of the cookie
- The expiration date of the cookie, i.e, how long the cookie will be active in a web browser
- The URL path the cookie is valid for. Web pages outside this path cannot use the cookie
- Whether the cookie requires a secure connection before it can be used
- The domain the cookie is valid for—this makes the cookie accessible to pages on any of the servers when a website uses multiple servers in a domain
You can use cookies for a variety of purposes:
- Identifying website visitors and their behavior
- Saving user login information to recognize them on subsequent visits
- Remembering their preferences, like font size, language, and theme
- Understanding how they interact with your website
- Collecting analytical information (bounce rates, page views, session duration) and statistical information (location, device, age) about visitors
- Delivering an improved browsing experience
Sometimes, advertisers use cookies for targeted advertising. They track where visitors like to shop and what they buy to enhance their online shopping experience.
What are the different types of web cookies?
Cookies typically function the same but have different use cases. Let’s review the different types of cookies.
Web cookies based on the duration
Session cookies
Session cookies are temporary cookies that expire immediately or within a few seconds of the user leaving the website or closing the browser window. They help your website recognize your user’s behavior and remember their preferences and actions during an ongoing browsing session.
These cookies are particularly useful for e-commerce sellers. Without them, an e-commerce site’s server will forget the user and treat them like a new visitor when they move between web pages, meaning all the items added in their cart will be removed by the time the visitor opens the checkout page.
Persistent cookies
A persistent cookie, also known as a permanent cookie, remains on a user‘s browser for a considerably longer period. For example, it can remember login details and passwords so users don’t have to re-enter them every time they use a site, ensuring faster and better user experiences.
Easy to see why 20.6% of websites use permanent cookies.
These cookies have varying expiration dates, ranging anywhere between a few hours to several decades. Once they reach their expiration date, they're automatically deleted from the user’s browser. However, these cookies should not last longer than 12 months according to the eprivacy directive.
Web cookies based on the source
First party cookies
First-party cookies are installed by the website visited by the user. The domain or website of these cookies is the same as the domain in the browser’s address bar.
Websites use first-party cookies to track the user surfing behavior, register user activity on a website over subsequent visits, remember language settings, and so on. For example, it's a first party cookie that lets you see links to the web pages you visited recently on the same website.
Third-party cookies
Third-party cookies are installed by third-party companies or websites to carry out research into aspects like user demographics, spending habits, and online behavior.
How are third-party cookies created if the user is on a different website in real-time?
For a third party cookie to be created, a request has to be sent from the web page to the third-party server. The requested file will be different depending on the use—it can be a tracking pixel or an actual creative (an ad)—that will be invisible to the user but will act as a tracking cookie in situations where there are no clicks involved (eg: when you open a web page) and click redirects cannot be used.
Third-party cookies are also referred to as tracking cookies because they track user activity across the internet. Publishers and ad tech companies who deliver targeted ads, as well as companies/services that help websites add third-party elements like social media buttons and live chat, use these cookies to collect specific analytical information about web users.
Third-party cookies have been making headlines recently as Firefox and Safari have deprecated third-party cookies to improve user privacy. Chrome is set to follow in 2023. Ad tech companies like Snigel are already using alternatives to third-party cookies to get around this issue. Snigel has developed a solution to serve ads that don’t require cookies. This is used to recover revenue when users do not accept cookies. Contact our ad ops experts here for more details.
Web cookies based on the purpose
Strictly necessary cookies
As the name suggests, strictly necessary cookies or essential cookies are critical for a website to function effectively. They enable users to navigate the website and provide basic features, including adding items to the cart, signing in, making payments, and so on.
Due to their nature, strictly necessary cookies are also exempt from cookie consent.
Functional cookies
Functional cookies or preference cookies enhance website performance and functionality to ensure it works properly.
These cookies enable websites to remember user credentials like username and password, language preferences, region, and so on. Although functionality cookies don’t track browsing activity on other websites, third-party providers whose services are used by the website can set them up.
Performance cookies
Performance cookies, also known as statistics cookies, allow websites to remember users, helping them deliver an enhanced user experience.
Thanks to these cookies, websites can collect anonymous information about how visitors use the site, the web pages they visit, and common problems that hinder user experience on the site, to evaluate a website’s performance. You can then use the collected information to make improvements to your website and understand your user’s motivations and interests to enhance user experience.
Other types of web cookies
HTTPonly cookies
HTTPonly cookies store data on the net (HTTP) server-side, and not on the user side (computer). As such, they cannot be read by JavaScript or any other client-side script, protecting personal information from hackers or unauthorized eyes.
Flash cookies
Flash cookies or super cookies are independent of the web browser and allow advertisers to track online activity. They are designed to be permanently stored on a user‘s computer—even after all cookies have been deleted from the web browser. They gather information about a user’s online behavior and provide it to advertisers.
Zombie cookies
Zombie cookies are expired or deleted cookies that can still send information back to the website. They're created using Quantcast, a technology that produces Flash cookies to track internet users. These Flash cookies are then used to recreate browser cookies, and eventually become zombie cookies.
A zombie cookie is frequently used in online games to prevent gamers from cheating, but can also be used to install malicious software onto a user’s device.
3 tips for website owners to develop a compliant cookie policy
Below, we've discussed some tips to help you develop a cookie policy that complies with the requirements of major cookie statutes.
Properly classify your cookies
A Cisco study found consumers want more transparency and control over how businesses use their data. Unfortunately, many site owners aren’t sure what cookies run on their websites, making it impossible for them to describe their cookie practices to visitors.
To avoid this, audit your cookies to discover which cookies you use, and then classify them by their purpose (the different types of cookies we discussed above). A cookie content manager is also a handy tool to scan your site and generate a detailed report.
Make your cookie practices transparent to users
Since cookies collect confidential information, you must disclose them in your privacy policy.
Current cookie and data privacy laws require website owners to provide a cookie policy outlining how they use cookies. We highly recommend using these policies as a reference to understand which cookies you’re using and why.
You can also use a cookie policy template to ensure you’re outlining all the necessary information about how you use cookies and what purposes do they fulfill.
Ask user’s permission before deploying cookies
Both the EU Cookie Law and the GDPR require user approval for how you use cookies. Typically, there are three requirements of a legally valid cookie content:
- Affirmation that the user is aware of and consenting to the use of cookies
- Option for users to set their cookie preferences
- Choice for users to revoke the authorization at any time
You can easily accomplish these three elements by using a consent management platform (CMP).
A CMP should pop up when a user visits your website for the first time, informing them about how your website uses internet cookies. Here’s what it usually looks like:
Your website cookie notification message should have links directing users to learn more about their cookie use and set their preferred cookie settings. Don’t forget to include links in your website footer, cookie policy, and privacy policy that direct users to a form or web page to revoke consent. For more info, see our guide on how to choose a Consent Management Platform.
Key takeaways
Cookies are an important tool that gives site owners a great deal of insight into their users’ online activities. From remembering login credentials to analyzing behavior patterns, they can do it all.
While the cookies themselves aren’t necessarily harmful, they can collect personal data which should be handled carefully. Keeping this in mind, you should comply with important legislations like the GDPR and the EU Cookie Law to avoid fines and user complaints.
If you want more help to develop a best practice cookie policy, contact us here.