Web cookie

⚠️This article has been marked as incomplete. Sourcing or verifiability needs additional work.

A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the #appeals channel in either Zulip or Discord to request removal.

More info ▼

Articles must provide verifiable, credible evidence for their claims and avoid relying on forum posts, personal blogs, or other unverifiable sources. You can help by replacing weak citations with reputable reporting, corporate communications, receipts, repair logs, or independent investigative coverage that demonstrates the systemic relevance required by the Mission statement and Moderator Guidelines.

A web cookie, is a small chunk(s) of data served(shared) to the client(browser) that can be used for a variety of purposes. One of the most common being a website login identifier that serves a session cookie that is able to be sent back to the server to prevent needing to authenticate numerous times. The web cookie, has a bunch of other common names such as "HTTP cookie" (when set via that protocol), "browser cookie" (more general, can be set via JavaScript)^[1], and "cookie". For the sake of simplicity this article will be using the term "cookie" to represent all types of cookies.

How it works

When a user (person) visits a website, you may be first prompted with user preferences such as what data can be used with the site. That information is likely stored by your browser agent as a cookie so that information or popup will not show again. Cookies are often a good practice, as it offers clients a better experience when navigating their site when visiting. Of course there are a bunch of other cookies that do exist, but for now we will focus on a few categories that these cookies fall under


Cookie Type	Use Case	Risk
Form Cookie	When using a site you may be required to fill out a form field, that information can be stored by your user-agent (UA) when making a purchases or even renewing your licence, making the experience more streamlined the next time you plan on making additional purchases on a website like that.	Depending on implementation, such as if cookies are not properly encrypted by your browser and site, your using you may be at risk if a malicious actor decides to swipe your cookies, which could also include password and saved payment information
3rd Party Cookie	These cookies can be used when companies have different registered domains or transferring the user, to prevent annoying information duplication, or joint partner domains that may be working with a third-party vendor. However these cookies are more often than not used as tracking indicators about user behavior and what other sites they visit.	Considering the risk is it worth having third-party cookies that silently track you? Many companies and brokers are ramping up their usage of tracking users with this metric along with browser fingerprinting to serve you targeted ads based on what pages you look at or search for
Authentication Cookie	Are often tied to accounts that you use to prevent having to re-login each time you need to do an action with your account. These are usually stored as session cookies, which generally have a shorter lifespan or even expire after your tab session has ended with the browser	These tend to be less risky, in cases where these tokens are stored short-term and encrypted, can provide you with much needed convenience. But if your browser may be compromised by malware (such as a scam browser extension) your session cookies can be hijacked and used to access your account
Tracking Cookie	Often malicious, but can be used to track sites performance and metrics based on reoccurring traffic and visits made, with minimal overhead	Usually, sites that try to access third-party cookies (to learn more about you) will also be adding their own. With this information, they can calculate value-based pricing and targeted products that you may have recently looked at in previous weeks or days, with a FOMO offer discount
Preference Cookie	Often, the least sensitive cookie on a site. This can be used to store specific preferences like a footer dismissal to how many results should show from a search to provide better functionality and efficiency, especially if the site has no account system.	While this could possibly be used to track you, the information doesn't necessarily give you away. Since many that do implement this are domain-specific cookies and not third-party cookies, as referenced earlier

Why it is a problem

Targeted advertising

Main article: Personalized ads

Value based pricing

Cross Website tracking

Examples

Honey using cookies to share new affiliate codes with other users; this also had included many private exclusive discount codes that employees or veterans got for shopping at stores, costing businesses tons of money
Microsoft placing cookie tracking on school student devices^[2]
Imgur using tracking cookies to serve ads to users from third party sites

External links

Using HTTP cookies | MDN

References

↑ "Document: cookie property". Mozilla Developer Network. 2025-11-30. Archived from the original on 2026-03-10. Retrieved 2026-03-15.
↑ Clark, Lindsay (2026-01-27). "Ruling: Microsoft illegally placed cookies on child's tech". The Register. Archived from the original on 2026-02-10. Retrieved 2026-03-16.

[1] "Document: cookie property". Mozilla Developer Network. 2025-11-30. Archived from the original on 2026-03-10. Retrieved 2026-03-15.

[2] Clark, Lindsay (2026-01-27). "Ruling: Microsoft illegally placed cookies on child's tech". The Register. Archived from the original on 2026-02-10. Retrieved 2026-03-16.

[1]

[2]