7 Types of Internet Cookies | Everything You Should Know

#Internet Cookies
types of internet cookies

A few years back, the digital industry declared war on third-party cookies. We hear a lot about “good” and “bad” cookies ever since. Keep reading to find out the 7 types of web cookies, cookie alternatives, and how they differ. 

But first, let’s refresh our knowledge about what cookies are in the first place? 

What Are Cookies on the Web?

Web or internet cookies are small bits of text kept on a web browser. These text files allow the website itself or the website’s browser to collect user data and enable user-specific features such as personalization and tracking.

The server creates a cookie with a unique ID which stores the data. The network server uses this ID to display specific information for each user.

What Are Cookies Used For?

Web cookies exist for three main reasons: 

1.Session management: for example, cookies help publishers’ websites to recognize users without asking them to authenticate.

2.Personalization: for example, cookies help to display targeted ads, set frequency capping, and help with reporting.

3.Tracking: for example, shopping stores might suggest products similar to the ones the user viewed. 

Let’s continue with 7 types of internet cookies!

1. First-Party Cookies

Cookies de Primera

First-party cookies are stored on a website (domain) a user has visited directly. 

Publishers use these cookies to collect data for analytics and optimize website functionality. For example, e-commerce sites use first-party cookies to store data about their users’ shopping journey and recognize them as existing customers. 

First-party cookies will not go away any time soon. This is because they are ‘essential’ to perform key website’s features. 

2. Second-Party Cookies | Do They Exist?

Second-party cookies do not exist; however, there is second-party data. This data essentially is someone else’s first-party data, and when they are transferred from one company (first-party data) to another, they become secondary-party data. For instance, a hotel chain would share or sell their first-party data to a trusted restaurant chain for ad targeting.

3. Third-Party Cookies

¿Que son las cookies de tercera?

Third-party cookies are placed by other domains and not the ones a user visited directly. This happens when a user visits a website that has a third-party cookie file, for example, in the form of an ad. Third parties use these cookies for tracking, ad serving, and retargeting.

In January 2020, Google announced that it would phaseout the third-party cookies on Chrome browsers by 2022. This was of little surprise for the advertising industry as Safari, Firefox, and Microsoft Edge browsers have been blocking third-party cookies by default since 2019. 

Users’ growing demand for greater privacy and various privacy regulations such as GDPR, CCPA, and PDPA have led to third-party cookies’ gradual phaseout. 

¿Qué diferencia hay entre las de Primera y Tercera?

Fuente: Setupad

4. Session Cookies

Session cookies, also known as non-persistent cookies, are like a memory of websites. They expire immediately after the session, and web browsers don’t store them. Session cookies enable the publisher’s website to track users’ activity across pages within a given session. 

For example, without session cookies, items placed in the e-commerce store’s cart would disappear every time a user refreshes the page or proceeds to checkout. This is because websites tend to treat each new page request as from a new user. 

5. Persistent Cookies

Persistent cookies, also known as permanent cookies, usually have an expiration date set by the publisher. Users’ devices store them and they remember the information users have set, such as language preference, settings, login details, and more. 

These cookies are sometimes also called tracking cookies. This is because they track user behavior on the website, such as page time, clicks, and other signals. 

In the Developer Tools Menu, persistent cookies have an expiration date, whereas session cookies are marked as ‘session’. 

Peristent cookie example

6. Secure Cookies

Secure cookies will only be present on a website with an HTTPS protocol. This ensures encrypted connection and prevents any data leakage. Most publishers across the web today are utilizing HTTPS protocol to enable secure and safe browsing. This protects publishers from eavesdroppers (cookie theft) and hijackers attacks.

According to Google: ”Security is a top priority at Google. We are investing and working to make sure that our sites and services provide modern HTTPS by default. Our goal is to achieve 100% encryption across our products and services.”

Encrypted Traffic Across Google

Encrypted Traffic
Fuente: Google

7. Zombie Cookies

Zombie cookies, also known as evercookies and supercookies, are not actual cookies. They are small bits of code, usually in the form of an image, local shared object, etc. They recreate themselves even after the browser data has been cleared and follow the user across websites.

Flash cookies are the most common type of zombie cookies; however, no browser supports them today.

Cookie-based Authentication

Although not a separate cookie type, cookie-based authentication is the most common method web servers use to understand whether a user is logged in or not. Each time a user requests a web page, a user-unique cookie is sent, and the session starts.

3 Alternatives to Web Cookies

For publishers, user data is the most valuable resource. Therefore, it is essential to work out which alternatives you will be using in the long-term when third-party cookies disappear entirely. 

1. First-party Data

Publishers’ first-party data will become extremely valuable with the end of third-party cookies. Publishers will be able to leverage this data to help advertisers target their audiences more accurately and efficiently. For example, this can be based on demographics or interests.

Thus, UK broadcaster Channel 4 utilizes its first-party data on 23 million unique users. It offers advertisers to match audiences with their content in data clean (i.e., privacy-friendly) rooms. 

2. Unified ID 

Unified or Universal ID is a technology with a neutral cookie identifier that allows real-time trade among DSPs, DMPs, and SSPs. It allows publishers to send their first-party data to third parties without disclosing identity or domain. 

Although classed as a first-party cookie, it essentially performs in a third-party context, allows personalization and ad targeting. 

For example, The Washington Post has recently joined The Trade Desk’s Unified ID 2.0 initiative. The technology promises to utilize encrypted data on authenticated users and create a full-scale replacement for third-party cookies.

3. Contextual Advertising

Contextual advertising is a form of targeting that relies on users’ content preferences on the publisher’s website. Unlike behavioral targeting, contextual advertising does not rely on cookies and trackers. The technology predicts the best timing and location to display the ad. 

example of contextual ad

For example, a user browsing the web page about cycling might see an ad from a bike accessory store. If the user doesn’t click on the ad, the next relevant ad will appear, and so on. 

Publisher alliances like Ozone Project are already utilizing the technology to display contextual ads across all their websites. 


As the industry prepares for the phaseout of third-party cookies, publishers’ main weapon will be first-party data. Publishers need to focus on their content strategy and building a long-term relationship with their direct audience. In the meantime, overall website optimization and user experience will be the main ranking and growth factor in 2021.

Related Article: Core Web Vitals | Official Ranking Factor Change

Tus comentarios ayudan