What are internet cookies and how do they work?

Mikaela Bray
Mikaela Bray | Contributing Writer
Last updated: April 21, 2021
internet cookies
Disclaimer: Affiliate links help us produce good content. Learn more.

Some types of internet cookies make browsing the internet better. Others can be harmful to your computer and mobile devices. Learn how to spot the difference and protect yourself from the dangerous ones.

The meaning behind internet cookies

Mention a “cookie” and most people will think of the dessert. However, in the world of computers and the internet, cookies are a different thing altogether. Actually, cookies aren’t physical objects. They are neither programs nor personal files. Though useful, they can be a nuisance if you don’t manage them on your browser and computer. Cookies can be used by advertisers to help send targeted ads based on specific data gleaned from your online activities.

How do internet cookies work?

Think of a cookie as a piece of text that an internet server stores on a user’s computer, specifically the browser or the hard disk. For example, a website will generate a unique ID number for every user visiting the website.  The number is then stored on the visitor’s computer or mobile device using a cookie file. A cookie is stored on a user’s computer as a series of text strings. The browser then sends the cookie file back to the same server the next time the user visits or references that specific webpage.

Many websites use this technique. A good example of this is Amazon.com. When a customer orders a book, they fill out a form with their personal details. Amazon attaches an ID to that personal information and stores both. It then sends the ID to the individual’s browser in the form of a cookie where it gets stored on the computer’s hard disk. Every time you visit Amazon, the ID will be sent to the server and checked against the database before being sent back. On the page, you may see something like, “Welcome back, Steve Brown!”

First-party and third-party internet cookies

To better understand cookies, it is important to know that they come from various sources. The cookies a website sends directly to your browser are known as first-party cookies. They are identified by the domain name of the site. Third party cookies originate from other sources that have an interest in the site you visited, for example, advertisers. These cookies can be difficult to identify since they can be attached to a banner ad within the site. These are called “supercookies”. They allow advertisers track how often people are viewing their ads.

Cookie profiling and privacy

Do cookies pose privacy issues? Internet users should not perceive cookies as a direct threat to security and privacy.

Cookies themselves don’t keep private data and they don’t transfer malware.

However, they can indirectly result in privacy and security issues. There is something known as cookie profiling. Here, several tracking cookies watch the user’s activities on the internet for a certain time period and compile the data to come up with a profile. The profile can be used by advertisers to send targeted ads based on demographic data and other statistical information.

What exactly do internet cookies do?

Cookies keep track of visitors and their activity. This isn’t necessarily a bad thing, and many online businesses and e-commerce sites use them. For example, they help a buyer who is using an online shopping cart. A website also uses cookies to retain records of recent visits and save a user’s login information. This can be useful because cookies can store passwords for specific sites so that users don’t have to enter them in every time they visit the site.

Types of cookies

Session and persistent cookies

A session cookie is for a specific visit to a web page. A persistent cookie is stored on a browser for some period of time. A session cookie allows a website to recognize a visitor and see what they are doing as they click through different pages. Take, for example, an e-commerce site. It uses session cookies to remember the items a customer placed in their shopping cart during previous visits to the site. If it were not for session cookies, you would find that the shopping cart is empty at the time of “Checkout” because the shopping activities within the previous pages cannot be remembered. Session cookies only keep that information during that particular visit to the website. After closing the browser, session cookies vanish, so the site won’t recognize you when you visit it next time.

Persistent cookies make sure that a site remembers you when you make visits in the future. Understanding web cookies and the different types can help you to know how to manage them and protect your devices.


Cookie profiling allows advertisers to use the information contained in cookies to target ads. Google Ads, for example, is a case where supercookies are used. Using its servers, Google places ads on different web pages. From the information gleaned from cookies, Google is able to get the devices’ past history on browsing and ad clicking. Using that information, Google displays ads closely matching the individual’s preferred internet content. For instance, a car enthusiast may have automobile related ads displays on the sites they visit even when if the website is not related to automobiles.

When are internet cookies a problem?

what are internet cookies

Though cookies don’t transfer malicious software, it’s crucial to know that some malware and viruses may be disguised as cookies. This is why you should know what 3rd party cookies are and what they do. Consider supercookies, which can present potential security concerns. A Zombie cookie can cause real trouble.

Zombie cookie recreates itself when you delete it and therefore is very difficult to deal with.

These cookies allow unidentifiable parties to keep watch over your activities. They can track your online activities including the websites you’re visiting.

To manage these cookies, you’ll need to open your browser, since this is where they are stored. Each browser stores cookies in a different location. In Chrome, for example, you go to the Chrome menu within the toolbar and tap on “Privacy.” If you use Internet Explorer 9, click on “Tools” and go to “Internet Options” and then to “Privacy.” When you open the “Privacy” tab, choose your cookie setting. Different browsers provide various options for setting cookies. In Chrome, you can delete the cookies or decide how they are collected and stored.

Cookies on mobile devices

Users accessing the internet using mobile web browsers also have cookies placed on them.

Cookies even exist in apps when a mobile browser is used to access or display certain content, such as  an ad.

However, in this case, the cookies are “sandboxed” in the apps. This means that cookies in one app may not be shared with another app. Therefore, they will remain specific to each app, so advertisers find it very difficult to track the activity and behavior of users across apps.

Watch out for supercookies


Cookies work and behave in different ways. They are also not created equal or stored in the same way. A supercookie is a type of tracking cookie, however, it tends to be more pernicious and very difficult to deal with. It can be stored in users’ computers or online. With a supercookie, a piece of information unique to the connection of the user gets inserted into the HTTP header.

While regular cookies will be erased when you clear your browser’s data, with a supercookie, it’s a different matter.

Clearing your browser data will not help.

Use a VPN to protect you from supercookies

It may not occur to you that there is some level of threat presented by supercookies, however, it is there. In fact, supercookies may be seen as the next generation of internet tracking. Supercookies can store your information and even regenerate the normal cookies that you have deleted and are no longer stored on your device. For example, Verizon utilizes supercookies and allows its customers to know about it. Customers can opt out of Verizon’s Unique Identifier Header (UIDH) tracking. However, there are incidents where Verizon has used cookies to exploit the data of customers for marketing purposes.

In March 2016, Verizon was fined $1.35 million for using supercookies to track customers using UIDH. This shows how supercookies can be used maliciously by parties without the consent of users. Because the supercookie is injected between a user’s device and connecting server, it’s not usually stored on the computer. Even ad-blocking software cannot block it because it occurs after the user’s requests leave a device. You can use encrypted internet access to prevent supercookies from tracking your activities. This can be an encrypted connection running over HTTPS or a Virtual Private Network (VPN) to mask your traffic.

The good and the bad

Internet cookies are good because they help to speed up your internet access by remembering websites you’ve visited previously.

For example, you can have suggestions of pages you previously visited appearing on your browser. This allows you to quickly get to the site and page you want to visit. Cookies also allow you to quickly log into websites because they have allowed the websites to store the login details.

On the downside, cookies can be used to invade your privacy.

Supercookies and zombie cookies present a significant threat to the security of your devices. Understanding cookies can help you protect yourself from the dangerous ones.

Leave a Reply

Your email address will not be published.

  1. 112Nikky

    I have acted out of nativity on this cookies stuff and guess what!? I paid handsomely for my ignorance. At the time, I needed cookies to make my internet better interesting but I could barely define what I wanted. Boom! I landed the harmful cookies and got my device in a mess

  2. Luis Lima Pinto

    Just like there are good monsters (Cookie Monster) and bad monsters (Dracula), there seem to be good cookies (chocolate chip) and bad ones (zombie cookies). I had a very basic understanding of cookies but this helped me understand the variety out there, what they mean, and how to deal with them.

  3. Elise Weather

    I reallly wish there was a way to get out of deleting my cookies. It takes me forever to remember my passwords and always stresses me out.

  4. TheColorIsRed

    Hi Mikaela, Very detailed and informative article.

    Rightly said, Cookies are not surely security risk but are more of a privacy risk. Your browser, Search Engines, Cookies continue to track information. This is your new mantra: Flush the cache, delete the cookies, protect your privacy.

    On another note, It is believed that “Internet Cookies” got their name from “Fortune Cookies” 🙂

    1. avatar
      Mikaela Bray Author


      We are very happy you liked our article and the information provided was useful! It is really important to learn how to spot the difference between cookies and protect yourself from dangerous ones. By the way, nice comparison with “Fortune Cookies”!

Table of Contents:
Thanks for your opinion!
Your comment will be checked for spam and approved as soon as possible.