What Is a Cookie on a Website? A Plain-English Guide

What is a cookie on a website? A small text file that remembers your logins, cart, and preferences. See how cookies work, their types, and safety.


by Riad Us Salehin • 3 July 2026


A cookie is a small text file a website stores in your browser to remember information about you. It holds things like your login, settings, or shopping cart, so the site recognizes you on your next visit.

Below: how cookies work, what's actually inside one, the main types you'll encounter, whether they're safe, and why sites keep asking you to accept them.

What Is a Cookie?

A cookie is a small text file a website's server sends to your browser to store data, as MDN Web Docs defines it. It is also called a web cookie, internet cookie, or browser cookie. It is not a program and cannot run on your device; it only holds information the site asks your browser to remember.

The word "computer cookie" refers to the same thing. HTTP, the protocol that powers the web, does not remember anything between page loads on its own. Cookies exist to give websites that missing memory.

A cookie typically holds a single piece of information, such as a unique ID number, tied to your browser and the site that created it. Your browser stores it locally and sends it back to that same server on later visits, which is what lets the site "remember" you.

What Are Cookies Used For?

Cookies keep you logged in, remember your preferences, and hold your shopping cart contents. They also support the analytics and advertising that track which pages and ads you interact with.

Websites rely on cookies for four main jobs:

  • Authentication: keeping you signed in as you move between pages, so you do not re-enter your password on every click.
  • Preferences: remembering settings like language, currency, or dark mode across visits.
  • Shopping carts: holding the items you have added until you check out or leave the site.
  • Analytics and advertising: tracking which pages you view and which ads you engage with, including how cookies track you across sites.

Without cookies, a site would treat every page you load as a stranger's first visit. Each request would arrive with no memory of the last one, forcing you to log in again and rebuild your cart on every page.

How Do Cookies Work?

Cookies work in four steps. Your browser requests a page, and the server sends back a cookie with a unique ID. Your browser stores it, then returns it on every later request to that server.

The exchange happens like this:

  1. You visit a website using your browser.
  2. The site's server generates a cookie, often containing a randomized ID, and sends it in a Set-Cookie response header.
  3. Your browser saves that cookie as a small text file on your device.
  4. On every later request to the same server, your browser sends the cookie back in a Cookie header, so the server recognizes you.

This cycle exists because HTTP is stateless: a web server has no built-in memory of your previous requests. The cookie carries that memory in the exchange itself, so the server can restore your session, cart, or preferences without you re-entering anything.

What's Inside a Cookie?

A cookie is a name and value pair, such as session_id=a3fWa, plus a set of attributes that control where it applies and how long it lasts.

The attributes below are standardized by RFC 6265, the specification that governs how cookies behave.

AttributeWhat it does
DomainSets which domain and subdomains can receive the cookie, splitting it into first-party and third-party cookies
PathLimits the cookie to requests under a specific URL path
Expires / Max-AgeSets a fixed expiry date or a lifespan in seconds, which determines whether it is a session or persistent cookie
SecureSends the cookie only over an encrypted HTTPS connection
HttpOnlyBlocks JavaScript from reading the cookie, reducing cross-site scripting risk
SameSiteControls whether the cookie is sent with cross-site requests; defaults to Lax if unset

A cookie is tiny by design. Browsers cap each one at roughly 4KB per MDN. RFC 6265 asks them to store at least 50 cookies per domain, so older ones drop once a site exceeds that.

What Are the Different Types of Cookies?

Cookies group into three overlapping categories: by source (first-party or third-party), by duration (session or persistent), and by purpose (essential, functional, analytics, or marketing).

  • By source: first-party and third-party cookies split cookies by who set them, the site you're on or an outside domain.
  • By duration: session and persistent cookies split cookies by how long they last, until you close the browser or for a set period afterward.
  • By purpose: cookies are grouped into cookie categories like essential, functional, analytics, and advertising, which is how most consent banners organize them.

You may also hear about supercookies and zombie cookies, more persistent variants that resist normal deletion. For the full breakdown of every variant, see the types of internet cookies guide.

Are Cookies Safe or Dangerous?

Cookies are generally safe. They are plain text files that cannot run code or carry a virus, so the real concern is privacy from third-party tracking, not infection.

Cookies split cleanly into what is safe and what deserves caution.

  • Safe: first-party cookies that just remember you are plain text, cannot execute, and pose no malware risk.
  • Be cautious with: third-party trackers that follow you across sites, cookies on flagged or unsecured sites, and shared or public computers.

The one real exception is session hijacking: if an attacker steals your session cookie over an unsecured connection, they can impersonate your logged-in session. That is a theft-of-credentials problem, not something the cookie itself does. It is also why essential cookies marked Secure and HttpOnly matter for any site handling logins.

Why Are They Called "Cookies"?

Web cookies are named after the "magic cookie," a 1970s Unix term. A magic cookie was a small packet of data a program received, stored, and sent back unchanged, the same round-trip a web cookie performs.

Netscape programmer Lou Montulli adapted that Unix concept in 1994 while building the first browser cookies. He borrowed a name that already meant "data handed back exactly as received." The baked-good word is unrelated. It traces to the Dutch "koekje," meaning little cake, which is why the food homonym confuses newcomers.

Why Do Websites Ask You to Accept Cookies?

Privacy laws require websites to get your permission before setting non-essential cookies, which is why the accept-or-reject pop-up appears on most sites.

The EU and UK's ePrivacy rules and GDPR require opt-in consent before non-essential cookies load. US state laws like the cookie compliance rules under the CCPA give you an opt-out instead. The pop-up itself is a cookie banner, and your choice is recorded as cookie consent.

Cookies vs Cache: What's the Difference?

Both store data locally in your browser, but they do different jobs. Cache stores website files to load pages faster, while cookies store small identifiers that let a site remember who you are.

FeatureCacheCookies
Primary goalSpeed up page loadingRemember you and personalize the site
Data storedWebsite files: images, CSS, JavaScriptSmall text files with session or personal data
Used for trackingRarelyFrequently, especially third-party cookies

Clearing your cache forces a fresh download of a site's files, useful when a page looks broken or outdated. Clearing cookies logs you out and resets your preferences instead.

How Consently Handles the Cookies on Your Site

Consently finds, categorizes, and documents every cookie running on your site, so you can show visitors a banner that matches what your site actually does.

If you run a website rather than just visit one, Consently's Auto Scanning helps. It crawls your site on install, detects every cookie, and updates the banner's categories automatically. The Cookie Policy Generator turns that same scan into a ready cookie policy in minutes. The customizable Cookie Banner lets you scan the cookies on your site and match it to your brand before publishing.

Try Consently free to scan your own site and see exactly which cookies it is setting.

FAQs

What is a cookie on a website in simple terms?

A cookie is a small text file a website stores in your browser to remember information like your login or preferences between visits. It is not a program and cannot run code on your device.

What is an example of a cookie?

A login cookie that keeps you signed in after entering your password once is a common example. A shopping-cart cookie that holds your selected items until checkout is another.

Should I accept cookies from websites?

On sites you trust, accepting essential and first-party cookies is fine since they support core features like logins and carts. You can reject non-essential trackers if you prefer less advertising personalization.

What happens if I delete cookies?

You get signed out of any site you were logged into and lose saved preferences, but the sites themselves still work. You can delete cookies anytime from your browser settings.

Are cookies the same as my browsing history?

No. Browsing history is a list of pages you visited, stored by your browser alone. Cookies are small data files set by individual sites and are also distinct from the browser cache, which stores page files rather than personal data.

Do cookies slow down my computer?

No. Cookies are tiny text files, typically a few kilobytes each, so they will not slow down your computer even in large numbers.

What happens if I don't accept cookies?

Essential cookies still load so the site keeps working, but non-essential features like personalization and some third-party embeds may be limited. Most sites remain fully usable either way.

Can cookies steal my passwords?

A cookie by itself cannot read or steal your passwords. The real risk is a stolen session cookie on an unsecured connection, which lets an attacker reuse your active login without knowing your password.

AUTHOR

Riad Us Salehin is the content lead at Dorik. He is a passionate content creator who lets the work speak for itself. Focused on taking brands and causes to the next level.

Read More

Subscribe to Consently
Newsletter

Subscribe to our newsletter to stay updated with latest articles from our blog.

Built with ❤️ by the team @ Dorik.com 

GET IN TOUCH

Any questions? Feel free to chat with us or reach out to us at

For any queries:
support@consently.net

Follow us:


©2026 Dorik, Inc. All rights reserved.