Internet Guide Logo


Last Edit: 10/01/17


HTTP cookies are a mechanism used by websites to record the browsing habits of their users. Regular HTTP cookies are small files, generated by websites, stored by web browsers, and can be deleted from the browser. Cookies are stored on a users browser, because most websites would struggle to store the settings of every user who visits their website. Cookies are referred to as: HTTP cookies, Web cookies and Internet cookies. HTTP is the protocol that the World Wide Web uses to request and retrieve data across the Internet. Cookies were used by earlier software systems, therefore, it is accurate to describe a cookie used on the World Wide Web as a: HTTP cookie, Web cookie or an Internet cookie.


The first web browser to support cookies was Netscape Navigator (1994), and the innovation to implement cookies into a browser was provided by Netscape engineer Louis J. Montulli II. Montulli currently owns the U.S. patent for HTTP cookies. Whenever a user interacts with a website that generates cookies, the cookie will be sent back and forth between the client program (browser) and the server (website): so that the website has an accurate record of the users browsing habits. The website, if it so wishes, can then serve the user with information it may believe is relevant to the user. Authentication cookies are essential to the performance of many websites. For websites that provide accounts for users - such as webmail accounts - authentication cookies store login information so that users do not need to login for each session. Authentication cookies also ensure that the correct privileges are set for each user. Cookies ensure that users do not need to reconfigure their preferences for each visit, and, therefore, improves user accessibility. In conclusion, HTTP cookies primarily provide: session management, authentication, tracking, and personalisation.

First party cookies

First party cookies are the most typical cookie generated by websites and stored by web browsers. Cookies are a small file that help websites to track the browsing habits of their users, and allow users to create and save custom settings. Cookies are categorised as either first party or third party: a first party cookie is a cookie that belongs to the domain (website) that the user is viewing, whereas a third party cookie does not (typically it belongs to a supplier of a banner advertisement). For example, if a user visited the domain name, and the cookie a user received was generated by then the cookie would be a first party cookie. However, if a user visited the domain name, and the cookie a user received was generated by then the cookie would be a third party cookie. Generally speaking, first party cookie are viewed as ethical and their use is encouraged, however, third party cookies are sometimes viewed as unethical, can infringe privacy - due to them collecting a users browsing habits from multiple domains - and can be classified as malware.

Tracking cookies

Tracking cookies, also referred to as third party cookies, are cookies that compromise the online privacy of Internet users. A HTTP cookie is a file, generated by a website, to track the browsing habits of it's users. HTTP cookies typically store personalised settings and login details: so that users do not need to reset the settings of a websie for every session visit. A typical HTTP cookie - sometimes referred to as a first party cookie - will only record the browsing habits of a user at a single website (domain address). Tracking cookies differ in their scope to normal cookies: tracking cookies will attempt to record the browsing habits of a user at every website (domain) they visit. That is why tracking cookies are referred to as third party cookies: they are unrelated to the domain name the user has visited and are acting from a third person perspective. Tracking cookies are typically generated by marketing companies: with the aim to provide more accurate and targeted adverts. Tracking cookies will usually record the IP address of the user, and therefore, if a user is using a static IP address, the recorded data is extensive and intrusive to the privacy of the said user. The majority of modern browsers include a setting to block third party cookies.


However, cookies are criticised for how they impact user privacy. While cookies cannot contain a virus or malware: they can compile a long term record of a users browsing habit, and can potentially give an insight into the real world activities of a user. A specialised version of a cookie - which can impact privacy severely - is referred to as a tracking cookie. Regular cookies only record the browsing habits of a user at a single website. For example: a cookie generated by Google would only record information about how a user browses Google. Tracking cookies, on the other hand, record all of a users browsing habits: therefore, they track every website a user visits. This gives the company providing the tracking cookie a greater insight into a users online activities. Tracking cookies are generally provided by marketing companies who serve advertisements, and the aim of the tracking cookie is to serve accurate adverts. Tracking cookies are sometimes referred to as third party cookies - due to the cookie recording information from domains they have no relation to - and there are ongoing initiatives to block third party cookies from working in most browsers.