You have clicked "accept cookies" thousands of times, probably without much thought. The banners are everywhere, and the word sounds harmless enough. But what exactly are you agreeing to, and why does the web seem to depend on these little files?
Cookies are one of the most useful and most misunderstood pieces of how the internet works. Used well, they make the web convenient; used carelessly, they raise real privacy questions. Here is what they actually are.
What a cookie is
A browser cookie is a small piece of text that a website asks your web browser to store on your device, so the site can remember something about you or your visit the next time you return.
That is the whole idea. A cookie typically holds a short label — often a unique identifier and some setting — that means little on its own but lets a website recognise your browser. The web was originally designed to be stateless, meaning each page request was treated in isolation with no memory of the last. Cookies were invented to give it a memory.
A simple example
Imagine an online shop with no cookies. You add a jumper to your basket, click through to another page, and the basket is empty again, because the site has no way to know the new page request came from the same person.
Cookies solve this. When you add the jumper, the site stores a cookie identifying your session. On every following page, your browser quietly sends that cookie back, so the shop knows it is still you and keeps your basket intact. The same mechanism is what lets you stay logged in to your email or remember a site's dark-mode setting.
The two big distinctions
Cookies are not all the same, and two distinctions matter most.
First-party versus third-party. A first-party cookie is set by the website you are actually visiting — the one in your address bar. These power the genuinely useful features above. A third-party cookie is set by a different domain whose content is loaded into the page, most often an advertising or analytics company. Because the same advertising network appears on countless websites, its cookie can follow you from site to site, which is how tracking and targeted advertising work.
Session versus persistent. A session cookie lives only until you close your browser, then disappears — handy for that temporary shopping basket. A persistent cookie has an expiry date and survives between visits, which is why a site can keep you logged in for days or weeks.
| Type | Set by | Typical purpose |
|---|---|---|
| First-party | The site you are on | Logins, baskets, preferences |
| Third-party | Another domain in the page | Cross-site tracking, ads |
| Session | Either | Temporary, deleted on close |
| Persistent | Either | Remembered across visits |
What cookies can and cannot do
It is worth being precise, because cookies attract a lot of fear.
A cookie cannot run programs, install software or carry a virus. It is plain text, not code. It cannot rummage through the files on your computer or read other websites' data.
What a cookie can do is act as a memory tag. The privacy concern is not the file itself but how that tag is used — especially when third-party cookies link your activity across many sites to build a detailed profile of your interests, location and habits. That profiling, rather than any technical danger, is the heart of the cookie debate, and it sits alongside broader questions about how much of your data ends up online.
Cookies and the law
Because of those privacy implications, cookies are regulated. In the UK and EU, the rules — overseen by the Information Commissioner's Office — generally require a website to obtain your consent before setting cookies that are not strictly necessary for the site to function.
That is why the now-familiar consent banners appear. Strictly necessary cookies, such as the one keeping your shopping basket, do not need consent. But cookies for analytics, advertising or tracking do. A compliant banner should make it as easy to reject non-essential cookies as to accept them, and let you choose which categories to allow — so it is worth resisting the habit of clicking "accept all" out of reflex.
Cookies are not the only tracker
Cookies get the attention, but websites have other ways to remember and recognise you, including browser storage and a technique called fingerprinting, which identifies your device from its configuration — screen size, fonts, settings and more. Partly because cookies are so visible and so regulated, the major browsers are phasing out support for third-party cookies, nudging the advertising industry toward other approaches. The underlying tension between convenience and tracking is far from settled.
How to take control
You have more power over cookies than the endless banners suggest:
- Use your browser settings. Every major browser lets you view, block and delete cookies, and most can block third-party cookies entirely with little downside.
- Clear cookies periodically. This logs you out and resets preferences, but it is a quick privacy refresh and can fix odd website glitches.
- Use private or incognito mode for sessions you do not want remembered; cookies set in such windows are discarded when you close them.
- Engage with consent banners rather than reflexively accepting — reject non-essential cookies where you can.
- Pair cookie hygiene with good security habits, since protecting your accounts also depends on strong cybersecurity basics like unique passwords. The NCSC has practical guidance.
The bottom line
A browser cookie is simply a small text file a website stores on your device to remember things between page loads and visits — your login, your basket, your settings. Far from being inherently sinister, first-party cookies are what make the modern web usable.
The real issue is tracking, especially by third-party cookies that follow you across the internet. The law now requires your consent for those, and your browser gives you the tools to limit them. Understand the difference between the helpful and the intrusive, take a moment over those consent banners, and cookies become something you control rather than something that controls you.