What are Website Cookies and How Do They Work?

October 27, 2021 - Ensighten

If you’ve visited any website on your desktop or your mobile device, you likely see banners like this on the site you are visiting:cookie-banner

Whether you choose to accept all or reject all, your web experience will likely be impacted. The banner above is a consent banner that businesses are required to have when they use your cookies.

What are Cookies?

Cookies, also known as HTTP cookies, are small text files that sites place on your device when you are browsing the internet. Cookies help sites track your activity like the number of visits you have to a certain site or page. Although this may seem intrusive, cookies are necessary to personalize your web experience in addition to providing convenience. Without cookies your shopping cart would empty each time you left the checkout, your usernames and passwords wouldn’t be saved and your overall user experience on the web would be much worse.

In addition to providing a better user experience and more web functionality for customers, cookies are extremely valuable for businesses. Cookies help businesses personalize their customers’ experience and gain analytics into customer behaviors. With cookies, businesses can see how a customer found their site, what pages they are visiting, and how effective their marketing campaigns like PPC ads are. 

Session Cookies and Persistent Cookies

There are two main types of cookies: session cookies and persistent cookies. These cookies are characterized by how long they track a user’s activity and what kind of data they can gather.

Session cookies: Session cookies are cookies that are only used when navigating a website. They only track the information of the user while they are in a given session on a site. Once the session ends, the cookies are automatically deleted. These cookies are enabled on sites by default. They help pages load faster and improve the navigation on a page.

An example of a session cookie in action can be displayed by the shopping cart feature on most e-commerce sites. The session cookie ensures that if you leave the checkout page, your added products will remain in your shopping cart when you go back to your checkout.


[Download our CCPA: Why ‘Out of Sight, Out of Mind’ Won’t Cut it When it Comes  to Preventing Data Leakage Whitepaper]


Persistent cookies: Persistent cookies are cookies that stay on your computer indefinitely; some have expiration dates and will be removed when a certain date is reached. Persistent cookies are important because they create a convenient and faster web experience. They are often used to save your settings, sign-on information, preferences, and more. The primary use cases for persistent cookies are for authentication and tracking of users’ activities while on a site.  The ePrivacy Directive dictates that persistent cookies should not last more than 12 months. 

First-Party and Third-Party Cookies

In addition to session and persistent cookies, cookies can also be characterized by who created them. Cookies can be either first-party or third-party cookies.

  • First-party cookies: First-party cookies are cookies that are created by the website you are visiting. For example, if you are reading this blog post, a first-party cookie would be a cookie that Ensighten.com created. These cookies are generally used to improve the user experience and save settings and other data.
  • Third-party cookies: Third-party cookies are cookies that are created by other websites that you are not visiting. These cookies are often used to do cross-site tracking, ad services, and retargeting.

Aside from provenance, the key difference between first and third-party cookies is the intention. In general, sites that you visit will have first-party cookies to improve your experience, while third-party cookies are primarily used for marketing and advertising reasons. The global shift towards personal data privacy is resulting in third-party cookies being phased out, and Google has announced that it will phase out all third-party cookies on Chrome by 2022.

Privacy Concerns

There are several dangers and privacy concerns that accompany the use of cookies. Many internet users are not aware that cookies track their activity and this can be seen as a gross invasion of privacy. Additionally, many internet users have concerns regarding the use of their data for advertising. Cookies can store information and help create an entire profile for a given internet user and that can be used for advertising.

Governments globally have started to take a proactive approach to the use of cookies and created compliance programs for businesses to follow. Since the average user cannot stand up to large corporations, the responsibility of ensuring consent falls on regulators and local governments.

Cookie Compliance

Since cookies track the activity of users across the web, there are a variety of compliance guidelines that businesses need to follow if they are using cookies on their sites.

Some of the area-specific compliance requirements for cookies include GDPR requirements and CCPA requirements.

GDPR Requirements

The General Data Protection Regulation (GDPR) is the primary compliance program for companies that want to do business in the EU. Since most websites have global visitors and many of them are located in the EU, they have to follow GDPR guidelines around cookies. For cookies, in particular, GDPR requires businesses to have valid consent and provide consent banners prior to using any cookie.

CCPA Requirements:

The California Consumer Privacy Act (CCPA) is another regulation that impacts any business with California customers. The CCPA is the most stringent consumer consent law in the United States. It allows customers the right now to know how their data is being used and what information is being collected. To make a consent banner GDPR compliant, it will have to inform the user about the specific purpose of each tracking cookie.




Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Online skimming blog

Learn why third-party components on your website could be leaving you vulnerable to online skimming attacks

Read Now

Web skimming webinar

Learn more about how online skimming attacks happen and how you can protect against them

Watch Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against online skimming

Book Now