Web cookie
⚠️ Article status notice: This article has been marked as incomplete
This article needs additional work for its sourcing and verifiability to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues.
This notice will be removed once sufficient documentation has been added to establish the systemic nature of these issues. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the discord and post to the #appeals channel.
Learn more ▼
This article has been flagged due to verification concerns. While the topic might have merit, the claims presented lack citations that live up to our standards, or rely on sources that are questionable or unverifiable by our standards. Articles must meet the Moderator Guidelines and Mission statement; factual accuracy and systemic relevance are required for inclusion here!
Articles in this wiki are required to:
- Provide verifiable & credible evidence to substantiate claims.
- Avoid relying on anecdotal, unsourced, or suspicious citations that lack legitimacy.
- Make sure that all claims are backed by reliable documentation or reporting from reputable sources.
Examples of issues that trigger this notice:
- A topic that heavily relies on forum posts, personal blogs, or other unverifiable sources.
- Unsupported claims with no evidence or citations to back them up.
- Citations to disreputable sources, like non-expert blogs or sites known for spreading misinformation.
To address verification concerns:
- Replace or supplement weak citations with credible, verifiable sources.
- Make sure that claims are backed by reputable reporting or independent documentation.
- Provide additional evidence to demonstrate systemic relevance and factual accuracy. For example:
- Avoid: Claims based entirely on personal anecdotes or hearsay without supporting documentation.
- Include: Corporate policies, internal communications, receipts, repair logs, verifiable video evidence, or credible investigative reports.
If you believe this notice has been placed in error, or once the article has been updated to address these concerns, please visit the Moderator's noticeboard, or the #appeals channel on our Discord server: Join here.
A web cookie, is a small chunk(s) of data served(shared) to the client(browser) that can be used for a variety of purposes. One of the most common being a website login identifier that serves a session cookie that is able to be sent back to the server to prevent needing to authenticate numerous times. The web cookie, has a bunch of other common names such as "HTTP cookie" (when set via that protocol), "browser cookie" (more general, can be set via JavaScript)[1], and "cookie". For the sake of simplicity this article will be using the term "cookie" to represent all types of cookies.
How it works
When a user (person) visits a website, you may be first prompted with user preferences such as what data can be used with the site. That information is likely stored by your browser agent as a cookie so that information or popup will not show again. Cookies are often a good practice, as it offers clients a better experience when navigating their site when visiting. Of course there are a bunch of other cookies that do exist, but for now we will focus on a few categories that these cookies fall under
| Cookie Type | Use Case | Risk |
|---|---|---|
| Form Cookie | When using a site you may be required to fill out a form field, that information can be stored by your user-agent (UA) when making a purchases or even renewing your licence, making the experience more streamlined the next time you plan on making additional purchases on a website like that. | Depending on implementation, such as if cookies are not properly encrypted by your browser and site, your using you may be at risk if a malicious actor decides to swipe your cookies, which could also include password and saved payment information |
| 3rd Party Cookie | These cookies can be used when companies have different registered domains or transferring the user, to prevent annoying information duplication, or joint partner domains that may be working with a third-party vendor. However these cookies are more often than not used as tracking indicators about user behavior and what other sites they visit. | Considering the risk is it worth having third-party cookies that silently track you? Many companies and brokers are ramping up their usage of tracking users with this metric along with browser fingerprinting to serve you targeted ads based on what pages you look at or search for |
| Authentication Cookie | Are often tied to accounts that you use to prevent having to re-login each time you need to do an action with your account. These are usually stored as session cookies, which generally have a shorter lifespan or even expire after your tab session has ended with the browser | These tend to be less risky, in cases where these tokens are stored short-term and encrypted, can provide you with much needed convenience. But if your browser may be compromised by malware (such as a scam browser extension) your session cookies can be hijacked and used to access your account |
| Tracking Cookie | Often malicious, but can be used to track sites performance and metrics based on reoccurring traffic and visits made, with minimal overhead | Usually, sites that try to access third-party cookies (to learn more about you) will also be adding their own. With this information, they can calculate value-based pricing and targeted products that you may have recently looked at in previous weeks or days, with a FOMO offer discount |
| Preference Cookie | Often, the least sensitive cookie on a site. This can be used to store specific preferences like a footer dismissal to how many results should show from a search to provide better functionality and efficiency, especially if the site has no account system. | While this could possibly be used to track you, the information doesn't necessarily give you away. Since many that do implement this are domain-specific cookies and not third-party cookies, as referenced earlier |
Why it is a problem
Targeted advertising
- Main article: Personalized ads
Value based pricing
Cross Website tracking
Examples
- Honey using cookies to share new affiliate codes with other users; this also had included many private exclusive discount codes that employees or veterans got for shopping at stores, costing businesses tons of money
- Microsoft placing cookie tracking on school student devices[2]
- Imgur using tracking cookies to serve ads to users from third party sites
External links
References
- ↑ "Document: cookie property". Mozilla Developer Network. 2025-11-30. Archived from the original on 2026-03-10. Retrieved 2026-03-15.
- ↑ Clark, Lindsay (2026-01-27). "Ruling: Microsoft illegally placed cookies on child's tech". The Register. Archived from the original on 2026-02-10. Retrieved 2026-03-16.