Should You Accept Cookies?

Computer cookies are essential to the modern web, but they're also a security risk. Here’s when you should and shouldn’t accept cookies.
John Gormally, Author
Catherine McNally, Editor
Last updated Sep 15, 2022

Digital cookies, also called HTTP cookies or browser cookies, are small text files that store information in the form of data. Most sites use cookies to identify who you are and improve your online experience.

Ecommerce sites, in particular, need a way to understand their customers, what they purchase, and why. So the cookie was created to remember things like:

  • Who you are
  • Your past purchases
  • Your login information
  • What was left in your shopping cart
  • And much more

But should you accept cookies? It depends on the website you’re visiting. We’ll help you decide when it’s safe to accept cookies and when you should click “Reject All.”

In this article
Do cookies collect personal information?
What types of cookies are there?
Why do websites ask you to accept cookies?
Should I accept cookies?
What happens if you don’t accept cookies?
FAQs
Bottom line

Do cookies collect personal information?

Cookies collect a variety of information about you, including:

  • A unique user ID
  • Your browsing history
  • Site-specific settings and preferences
  • Your hobbies and interests
  • What links you’ve clicked
  • How often you’ve visited a website
  • How long you’ve spent browsing a website
  • Your username and password
  • Your geolocation and IP address
  • Your phone number and physical address
  • What products you’ve placed in your cart
  • Items you’ve saved or bookmarked

Collection of all this data may seem like an infringement on your privacy, and it can be. But sometimes cookies collect this data to help you. This could include autofilling your username and password when you return to a site, showing you offers available in your area, and remembering where to ship your next purchase.

Of course, marketers use cookies to know what sites you’re browsing, what types of content you prefer, and your general location too.

On top of that, cybercriminals can steal cookies and use them to gain access to your accounts. For example, a hacker could create a phishing email that lures you to an impostor site that looks just like sites you’ve already browsed. This method of phishing often starts with social engineering and cookie extraction.

What types of cookies are there?

Most cookies are perfectly safe. They’re intended to make your online experience more convenient, such as filling in your username when you revisit a site. But some cookies can be used by websites to track you without your knowledge.

There are two main types of cookies used by websites, session cookies and persistent cookies, as well as third-party and first-party cookies. Each of these captures relevant and, in some cases, personal information about you. But third-party cookies are the ones to watch out for.

Session cookies and persistent cookies

Session cookies are temporary, which means they disappear after you close your web browser. They’re used to remember any settings or selections you make on a website. For example, if you choose to add items to your cart, a session cookie remembers those items and saves them in the cart for you.

Persistent cookies, also called stored or permanent cookies, help websites remember your preferences and take care of authentication as well. But instead of disappearing when you close your browser, persistent cookies keep information, such as bookmarks, login details, and language preferences, stored in a text file on your computer for up to two years.

Persistent cookies are also used for tracking what pages or products you view on a site so that a profile can be created and the site can offer personalized suggestions.

Try counting how many cookies your browser consumes visiting one site.

Every click on a website can generate one cookie. What if you clicked on ten movie trailers or five shirts on Amazon? Your browser may have more than 15 cookies stored.

First-party cookies and third-party cookies

First-party cookies tend to be less intrusive than third-party cookies. They’re created by each website you visit, and should be safe as long as the website itself isn’t malicious.

Third-party cookies aren’t always looking out for your best interests. These specialized cookies are often used by web analytics and advertising companies — sometimes they’re even created by a site you’re not actively browsing.

Third-party cookies track your history and data to advertise product recommendations, such as options for better hotels or tours in the area.

Zombie cookies

Because they’re permanently installed on a computer, zombie cookies are challenging to remove. Zombie cookies could even get installed on your computer after you opt not to install them. Sometimes called flash cookies, zombie cookies may even reappear after you think you’ve deleted them.

Zombie cookies track your browsing history to gather info for advertisers and web analytics companies.

Accepting cookies over public Wi-Fi could harm your computer health

Don’t accept any cookies when connecting to public Wi-Fi. Often hackers will hack the Wi-Fi portal page and insert malicious code disguised as a cookie. If the code infects your browser or device, the hacker could impersonate you on the internet or steal your data.

Why do websites ask you to accept cookies?

If it feels like you’re bombarded with cookie notices every time you go online, you’re not alone. Most websites need to follow strict data privacy laws, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Protection Act (CCPA). By asking you to opt-in to using cookies, the sites are giving you more control over your data and how it’s collected and used.

This also means you can refuse to accept cookies. But you should be aware that some sites may not work correctly or at all if you don’t accept cookies.

What does it mean when I accept cookies?

Most of us quickly accept cookies just to get rid of those irritating pop-up notifications. These are sent by each site you visit so it can get your permission to use cookies and track your session and web experience.

By accepting the cookie, you’re granting the site permission to record your actions. These recordings could be used to better your website experience in the future and maybe even help the site improve by adding or removing features.

Should I accept cookies?

Accepting cookies isn't usually a big problem. However, there are some times when you should decline cookies:

  • Don’t accept cookies from unsecure websites. The web address for an unencrypted site starts with “http://” instead of “https://,” and you may see the lock icon in your browser’s URL bar change from locked to unlocked.
  • Reject third-party cookies. Third-party cookies are a privacy concern because they track you across the internet. For example, if you helped your friend search for a new apartment in Oregon and suddenly see ads popping up for Oregon rentals, this is thanks to third-party cookies tracking and sharing your data.
  • Check cookies with your antivirus. If your antivirus software’s browser protection flags cookies as potentially malicious, it’s better to be safe than sorry and hit the Reject button.

Don't be concerned if you find yourself in a position where you must decline cookies. Most websites will function just fine without collecting your personal information.

When are cookies helpful?

If you often visit the same websites for banking, financial trading, travel, or online shopping, accepting cookies helps personalize and optimize your experience. Session cookies and persistent cookies can also help your web experience in the following ways:

  • Session cookies will keep you signed if you accidentally close your browser window.
  • Persistent cookies remember your site preferences for a personalized experience.
  • Cookies will also help provide localized content or recommendations based on your geolocation. Hotels, restaurants, car rental shops, and other services use cookies to show you information relevant to your location.

What happens if you don’t accept cookies?

Most browsers allow you to turn off internet cookies, but if yours doesn't, you can reject them by clicking “Reject” when prompted.

You won't get a personalized experience if you reject cookies. This means that next time you visit that site, you’ll need to tell it where your nearest store is or what language you would prefer the website to be in.

For the most part, cookies are optional. So if you feel unsafe about accepting cookies, no worry, you can still shop, browse, and post. You may just need to log in or enter your information every time.

Clear your cookies every time you close your browser.

Clearing your cookies after you’re done using the internet is another way you can preserve your online privacy. Check out our guide on how to clear cookies on Microsoft Edge, Mozilla Firefox, Google Chrome, Apple Safari, and Opera.

FAQs


+

Are cookies safe to accept?

Yes, most cookies are safe to accept. They’re intended to personalize your online experience and add to your convenience when using a website.

Third-party cookies, on the other hand, may not be safe to accept. And you should always reject cookies that your antivirus flags as suspicious or that come from an unsecured website.


+

Should I accept all cookies on a website?

Yes, you should accept all cookies on a trusted site, such as your banking site. Just remember that, if you lose your phone and someone clicks on your banking app, you may still have a session open. This could make it easy for someone to steal or misuse your personal data.


+

Can cookies track you?

Yes, cookies can track you, though the type of tracking depends on the cookie. Some cookies track how you use a site and any information you share with it. Third-party cookies are known to track you across the internet and record your browsing history in order to build a profile about you.


+

Can cookies steal passwords?

Yes, hackers can use cookies to steal passwords through an attack called cookie hijacking. Hackers may go after cookies because your password hash value and other personal data is stored inside. If the hacker gains access to the cookie, they might be able to use it to spoof your login credentials and access various sites under your name.

Bottom line

Accepting cookies can be valuable, but certain types of cookies can pose a cybersecurity risk. Remember, cookies contain your information, including what sites you browse, what products you clicked on, where you’re located, and even login information.

By not accepting cookies, you eliminate the chance a hacker could hijack your cookies and use the data inside to access sites while pretending to be you. There are times when accepting cookies is particularly risky, including:

  • Accepting third-party cookies
  • Accepting cookies your antivirus flagged as malicious
  • Accepting cookies from unsecured sites

Ultimately, you have the choice. The security risk posed by cookies is real. But cookies also provide helpful improvements to websites.

If you’re still undecided about whether you should accept cookies, you could simply disable cookies on your web browser and see how it affects your online experience.

Author Details
John Gormally
John Gormally is a seasoned global cybersecurity expert, freelance writer, and blogger. With a mix of 25 years in technology sales, marketing, and content creating, John enjoys sharing his experiences with the business community through his various writing projects.