Website Cookies: Types, Purposes, and Privacy Implications
A comprehensive overview of website cookies — essential cookies, analytics cookies, tracking cookies, and third-party cookies.
SiteGraph Team
Legal & Compliance at AnantaHQ
Cookies are a fundamental part of how the modern web works. They enable everything from shopping carts and login sessions to personalized content and analytics. But they also raise important privacy considerations that website owners and users need to understand.
What Are Cookies?
Cookies are small text files stored on a user's device by their web browser when they visit a website. They contain data that the website can read on subsequent visits, allowing it to remember information about the user's session, preferences, or browsing behavior.
Think of a cookie as a memory token — it helps a website recognize a returning visitor and recall context from their previous visit.
Types of Cookies
Essential/Strictly Necessary Cookies
These cookies are required for a website to function properly. They enable core functionality like session management, security, and accessibility. Examples include shopping cart cookies, login session cookies, and load balancing cookies. These cookies do not require user consent under most privacy regulations.
Functionality/Preference Cookies
These cookies remember user preferences and choices, such as language selection, theme preferences (light/dark mode), font size, and region settings. They enhance the user experience but are not strictly necessary for core functionality.
Analytics Cookies
Analytics cookies collect information about how visitors use a website — which pages they visit, how long they stay, where they came from, and whether they encounter errors. This data is typically anonymized and aggregated, helping website owners understand and improve their site.
Examples: Google Analytics, Plausible, Fathom, Matomo.
Marketing/Tracking Cookies
These cookies track users across websites to build profiles for targeted advertising. They are set by advertising networks with the website operator's permission. These cookies have the most significant privacy implications and require explicit user consent under regulations like GDPR.
Third-Party Cookies
Third-party cookies are set by domains other than the one the user is visiting. They're commonly used for cross-site tracking, social media widgets, and embedded content. Major browsers are phasing out third-party cookies: Safari blocks them by default, Firefox has Enhanced Tracking Protection, and Chrome is deprecating them.
Cookie Security Attributes
Cookies can have security attributes that affect how they behave:
- Secure: The cookie is only sent over HTTPS connections
- HttpOnly: The cookie cannot be accessed by JavaScript (prevents XSS attacks)
- SameSite: Controls when the cookie is sent in cross-site requests (can prevent CSRF attacks)
SiteGraph checks these attributes as part of our security analysis. Cookies without proper security attributes can expose websites to various attacks.
Privacy Regulations
Several privacy regulations govern the use of cookies:
- GDPR (Europe): Requires explicit consent for non-essential cookies, clear disclosure of what cookies are used, and the ability to withdraw consent
- ePrivacy Directive (Europe): Requires consent before storing non-essential cookies on a user's device
- CCPA (California): Requires disclosure of data collection practices and the right to opt out of cookie-based tracking
- LGPD (Brazil): Similar to GDPR in its requirements for consent and data protection
Cookie Consent Best Practices
- Get explicit consent before setting any non-essential cookies
- Provide clear, granular options (not just accept all/reject all)
- Make it as easy to reject cookies as to accept them
- Document all cookies used on your site in a clear cookie policy
- Regularly audit the cookies your site sets
SiteGraph identifies and reports cookies set by analyzed websites, including their security attributes (Secure, HttpOnly, SameSite) — helping you understand the cookie landscape of any website.
SiteGraph Team
Legal & Compliance at AnantaHQ