Latest News, Updates, Tutorials and much more

Blog

Hero

What are Different Types of Web Cookies?

Cookies are not only used for tracking. Since many internet users fear that cookies might track their data, there are many more reasons for them to be active. While data collection is a big reason, there are plenty of other ones, such as website functionality and performance.

In this article, CookieScript will help you to understand the differences between cookies and list all the different cookies out there.

Use the unique CookieScript Cookie Scanner that automatically scans your website for cookies and automatically updates your cookie declaration table every month:

Cookies by Party

Before diving deep into all cookies, let’s explore the general meaning. Shortly speaking, cookies are small, often encrypted files that are located in browser directories. Cookies are used by website owners to perform tasks and help with managing the website.

However, cookies can be separated by party – they can either be first or third-party, depending on how they have been created and from which server cookies are being dropped on the user’s browser.

First-Party Cookies

First-party cookies are stored directly on the domain (or website) the user visits. First-party cookies let website owners collect data for analytical purposes, remember user settings, and provide other functions that help to boost the browsing experience for the user.

First-party cookies track user actions and the website host can see the statistical outcome. First-party cookies cannot be used to track user activities on other websites, but only on the original one where the cookie was placed. There are a lot of examples of first-party cookies: they include your sign-in details, your online shopping cart items, and website settings, such as language.

Third-Party Cookies

Third-party cookies are stored under a different domain than you are currently visiting. Third-Party Cookies are used to track users between websites and display more relevant ads between websites. An example of Third-Party Cookies can be a support chat or an embed video provided by a third-party service.

Third-Party Cookies in general are used for user tracking. They collect user data and make the user profile which is used by advertising agencies and marketing platforms for making analytics and targeted advertisements. So Third-Party Cookies collect valuable user data.

On the other hand, users value their privacy and don’t want to share their personal data with third parties. Many privacy laws such as DGPR require to block Third-Party Cookies by default. Some websites also block Third-Party Cookies by default.

A few years ago it seemd that third-party cookies days could be numbered. In 2020, Google has announced that by the end of 2023 it will officially stop supporting Third-Party Cookies on the Google Chrome browser. In 2022, the decision to remove cookies was delayed for another two years. At the end, on July 22, 2024, Google announced that it will keep Third-Party Cookies in its Chrome browser.

Use CookieScript CMP to create a Cookie Banner and a Privacy Policy that allows you to set cookies on users’ devices in a way that is compliant with privacy laws.

Register for free Show pricing plans

Cookies by Category

Since first-party and third-party cookies are more or less the same in purpose (they track user actions), there are more purposes for cookies to act than just to track visitors online. Cookies can also be separated by category. Some of them are vital for a website to function properly, while others ensure additional features of websites are accessible.

Did you know that there are cookies that are even impossible to opt-out of? Those are called strictly necessary cookies and there is nothing that the user can do if he doesn’t want them to be active on the website.

Strictly Necessary Cookies

Strictly necessary cookies, also called as essential cookies, are essential for websites to provide simple functions or to access particular features.

Examples of features performed by strictly necessary cookies include:

  • Signing in to a website.
  • Adding items to your cart in an online store,
  • Purchasing goods on the internet.

Essential cookies usually are first-party cookies and they let users go back and forth between websites without losing their previous actions.

It is important to know that strictly necessary cookies do not require user consent at all – most cookie laws, including the EU General Data Protection Regulation (GDPR), allow strictly necessary cookies to be used without obtaining user consent before performing their actions.

However, even if you don’t need to obtain user consent to use strictly necessary cookies, you must still explain that you use them and for what purposes in your Privacy Policy.

To be classified as strictly necessary cookies, cookies must perform a truly essential action for the website. For example, Google Fonts is a service that is used to display nicer fonts on websites. To use Google Fonts, websites must set cookies that collect user data and send it to Google servers. Website owners could argue that these cookies are essential because a website with a standard font looks entirely different from one with a beautiful and customized font. However, the website could still be used even if it looks less pretty. Blocking such cookies has no functional disadvantages to the website, so such cookies are not essential cookies.

 

Strictly Necessary Cookies scheme

Performance Cookies

Performance cookies, also called as statistics cookies, or Google Analytics cookies, monitor site performance and follow user actions but they do not collect identifiable information – they collect data anonymously and use it to improve the website. 

Performance, or statistics cookies, are used to collect statistics about user behavior and improve website erformance.

Performance cookies can perform the following functions:

  • Count page visits,
  • Examine how much time a user has spent on a website,
  • Analyze loading speeds. 
  • Analyze the website behaviour in different browsers,
  • Check whether error messages are displayed, etc.

Performance, or statistics cookies, collect pseudonymised data about visitors to the website in aggregate form. Data pseudonymisation is method to replace or remove information that can be used to identify an individual.

Performance cookies are usually perceived as first-party cookies, but in some cases, they can be third-party cookies too. Thus, third parties can place cookies on a user’s device through a website to determine the best spot for personalized advertisements to be placed.

Performance Cookies scheme

Functional Cookies

Functional cookies are used to provide features beyond essential functionality. They are not vital for a website to run, but allow websites to remember user preferences and settings. Without them certain functions may not be available.

Examples of the use of functional cookies include:

  • Embed video in HTML loading and video playback.
  • Integration with social networks.
  • "Like" button integration.
  • Live chat integration.
  • Language preferences.
  • Font size and style settings.
  • User location determination.
  • Name and login details, etc.

Remembering such preferences and settings, for example, helps websites to display personalized news stories or share the news on social networks. However, the user must give session cookies to use functional cookies.

Functional cookies can be first-party, third-party, persistent, or session cookies, and they are completely anonymous – they do not track user information across websites, unlike other types of cookies mentioned in this article.

Targeting Cookies

Targeting cookies, also called as marketing cookies, or advertising cookies, are used by the websites and third parties to record the user behavior, analyze the data collected and display personalized advertising.

They help to attract customers with targeted ads. Marketing cookies can also be shared with other advertisers so that they can monitor and measure the performance of such ads.

Targeting cookies also help build user profiles – by tracking data, websites can offer their customers the best-suited ads for their needs and keep ad revenue coming in.

Targeting cookies are almost always third-party cookies. Such cookies follow users from one website to another. In that way, websites can target users by displaying advertising banners on other addresses online even after the user has left their particular site and jumped to another.

Note, that websites need to abtain cookie consent for using targeting cookies.

Targeting Cookies scheme

Cookies by Security

Finally, cookies can also be separated by security. Every website owner should know that there is more than just one security level when it comes to cookies – it is especially recommended to explain this to your customers on your Cookie Consent banner, if you want to stay compliant with the latest data privacy laws, such as the GDPR or CCPA.

In terms of security, cookies are separated into three different categories: HttpOnly, SameSite, and secure cookies.

HttpOnly Cookies

HttpOnly cookies carry a cookie flag that is often added to cookies that could contain sensitive information about the user. This type of flag tells the server to not reveal cookie information contained in embedded scripts. Therefore, adding HttpOnly is useful in instances where cookies could be accidentally or intentionally revealed to a third party.

HttpOnly also tells the server that the information contained in the flagged cookies should not be transferred beyond the server. This flag is especially important in protecting secure information that could be compromised during a cross-site request forgery attack or if there is a flaw in the code that causes cross-site scripting.

SameSite Cookies

SameSite cookies are not perceived as separate cookies on their own – they act as a cookie attribute.  Such a SameSite cookie attribute is used to control how cookies are submitted in cross-site requests. Current behavior allows third-party websites to access all cookies by default.

In other words, the SameSite cookie attribute is used by browsers to identify how first-party and third-party cookies should be handled.

Browsers can either allow or block such cookies depending on attribute and scenario. The target of such a process is to mitigate the risk of cross-origin information leakage. In that way, your sensitive information can stay safe.

Secure Cookies

Finally, some cookies have the secure cookie attribute. When cookies have it, such cookies are only able to go through a secure channel when an HTTP request is submitted. Typically, such a channel is HTTPS. This secure attribute ensures cookie’s confidentiality but does not protect from active network attackers completely.

However, this attribute protects cookies from being observed by parties that do not have the right to see them. To find out, if your website has any secure cookies running, you can do that by using the Cookie Scanner from CookieScript. Enter your website address in the box below and see the results:

Technical Cookie Types and Similar Cookie-Like Technologies

Several technologies could be used to store user information on a client’s devices. Client-side storage allows websites to store information locally without relying on constant communication with the server, so the response time and user experience increases.

The following technologies exist to collect and store user personal information:

  • Web cookies, or HTTP cookies. Web cookies are the most widely used client-side storage that allow websites to collect and store user personal information. They include all the above-mentioned cookies such as first-party cookies, third-party cookies, strictly necessary cookies, and all different types of cookies.
  • Local Storage. Local Storage is a client-side data storage method that allows websites to store data locally and persistently on users’ browsers. It has a much larger size limit for data storage.
  • Session storage. Session storage is also a client-side storage method that allows websites to store data locally on users’ browsers. This technique can also store a large amount of user data. Unlike local storage, session storage is a short-term storage option. The data is stored for just a single user browsing session. Session storage data is deleted when the user closes the browser or refreshes the page.
  • Flash cookies, or Local Shared Objects (LSOs), are data files stored by Adobe Flash Player to track user activity and preferences across websites. They also have a significantly larger data storage capacity than traditional web cookies. However, this technology was abandoned by Adobe and practically is no longer used by websites.
  • IndexedDB: IndexedDB is a large-scale, NoSQL storage system that allows websites to store huge amounts of data in users’ browsers. In addition to the usual data, stored by cookies or local storage, IndexedDB also allows websites to store large amounts of structured data. It’s a modern alternative to local storage but still rarely used.

CookieScript: Your Best Cookie Management Solution

If you want to scan and group all types of cookies that are listed above, you can choose the best cookie manager in the market, CookieScript. Its unique Cookie Scanner scans your website for cookies, local storage, session storage, and other tracking cookies and updates your cookie declaration every month. 

CookieScript Cookie Scanner updates the cookie declaration inside the Cookie Banner automatically every month – with CookieScript you will not need to move a finger to manage your website cookies.

In 2024, users ranked CookieScript CMP on G2, a peer-reviewed website, as the best CMP for small and medium-sized companies. CookieScript also received the GOLD TierGOLD Tier in the New Google Tiering System.   

Cookiescript is a Google-certified CMP partner

Register for free Show pricing plans

Frequently Asked Questions

Are session cookies strictly necessary?

Session cookies are often strictly necessary cookies, as they are essential for core website operations such as maintaining login sessions, navigating between pages without losing data, or enabling online shopping. Note that even if you don’t need user consent to use strictly necessary cookies, you must still explain that you use them in your privacy policy. Use CookieScript CMP to create a Privacy Policy.

Are Google Analytics cookies strictly necessary cookies?

Even if Google Analytics cookies are necessary for website operators to collect data, they are not strictly necessary cookies. Without them, the website would still function normally, and users can access all the functionalities provided by the website. Use CookieScript Cookie Scanner to detect and categorize all your website cookies automatically.

Do you need a Cookie Banner for strictly necessary cookies?

You don’t need a Cookie Banner for Strictly Necessary cookies, as you don’t need to obtain user consent to use them. However, you need a Privacy Policy for your website or business, where you must reveal that you use Strictly Necessary Cookies and for what reasons. Use CookieScript CMP to create a Privacy Policy and a cookie banner.

How many types of computer cookies are there?

There are many types of different computer cookies and not all of them collect user information, some are vital for websites to perform certain functions, such as save user preferences and settings. With a Cookie Scanner from CookieScript, it is easy to scan and group your website cookies in your Cookie Banner so users can make an informed decision about cookie tracking.

What information do cookies collect?

Cookies collect various information, including user location, preferences, and activity on a website. Such information can be used to personalize ads for users and analyze the performance of the website. Learn how to do it while using a unique Cookie Banner from CookieScript.

What are cookies on my computer?

Cookies are small, encrypted files that track user movement on websites. Cookies are usually dropped when the user gives its consent. They track user data and provide it to the website’s owner. Then, the data collected can be used for ad personalization and analyzing the performance of a website. Use CookieScript Cookie Scanner to scan your website for cookies and other website trackers for free!

How to add cookies on my website to track users and website performance?

To add cookies on your website in a privacy laws compliant way, use a cookie banner from CookieScript. Once greeted by the Cookie Banner, your website users will be able to either accept or reject cookies. Moreover, inside the banner, there will be all the required information on cookies so users can make an informed decision on their data collection.

ON THIS PAGE

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.