What is a cookie?

It's always better to know what it's all about before you give your consent, right? Our article tackles the subject and informs you so that you can become an expert on Internet cookies.

Every website you visit requires you to accept, refuse or adjust cookies before accessing its content.


What is the simple definition of a cookie?

Even though “cookie” conjures up images of soft chocolate-chipped delight, an Internet cookie is unfortunately not a chocolate chip treat (no matter how much we wish it were).

A cookie is a small text file, about 4Kb in size, whose contents represent a sequence of alphanumeric characters. For example, AG?T1!29 ...

Cookies activate certain site functionalities (social network sharing buttons, online chat module, site tracking, etc.).

The Commission Nationale de l'Informatique et des Libertés (CNIL) defines a cookie as: "a small computer file, a tracer, deposited and read, for example, when consulting a website, reading an e-mail, installing or using software or a mobile application, whatever the type of terminal used (computer, smartphone, e-reader, video game console connected to the Internet, etc.)".

The cookie contains coded information about the visitor, generated by the site's server and stored by the browser.

Cookies work with all browsers: Firefox, Chrome, Explorer, Safari and Mozilla... and on all devices: tablets, computers and smartphones. So it's an omnipresent part of our online experience.

There are cookies for every taste, with specific purposes. There's a cookie for every occasion:

  • Functional cookies: strictly necessary for the proper operation of the site; consent is not required. Without them, it is impossible to display site functions correctly.
  • Advertising or marketing cookies: a distinction is made between "third-party" and "first-party" cookies. Third-party cookies come from domains other than those visited by the user, while first-party cookies come directly from the site. In either case, they are used to track visitors for marketing purposes (online behavior studies, chat launches, unfinished shopping baskets, etc.).
  • Statistics and audience cookies: halfway between functional and marketing, they are used to improve the site and the user experience. However, as they are not strictly necessary for site operation, they are subject to consent.
  • Social network cookies: Considered third-party cookies, and for marketing purposes, we categorize them as social networks, given their importance in the cookie landscape. Often referred to as "Pixels", they are used for retargeting for advertising and affiliation purposes. Some instances require authorization.

Whether they are "third-party" or "first-party" cookies, remember that those intended to collect personal data to track visitor behavior, run advertising campaigns, or contain information for possible marketing operations, require consent! Functional cookies, on the other hand, are strictly for site operation and can be used freely. They are always allowed.

Note: Even if the term "cookie" is the most widely used, you can sometimes find its synonym, the "connection-token". For the CNIL, a cookie is a kind of tracer.

Good to know: Google has announced the elimination of third-party cookies from its Chrome browser. Originally scheduled for 2022, the date has been pushed back to early 2024.

Where do Internet cookies come from?

Computer cookies were invented in 1994 by engineers at Netscape, a company that sells Web servers. For one of their clients, they created a tool for storing site browsing data. Cookies were born.

On October 13, 1994, the code was first introduced on the Netscape site to identify users who had already visited the site, without informing them of the new feature. The practice then spread like wildfire.

It wasn't until 1996 that the presence of cookies on web pages was revealed to the general public.

What is the role of a cookie?

Cookies store user data for later use. They represent a wealth of information for companies on the Internet.

This storage serves several purposes:

In the short term:

  • The cookie enables the server of the visited site to memorize the passage of the visitor and what he or she has done on the site. For example, if they put products in a shopping cart, which ones?
  • Or if they activate filters. But also a wealth of information about them: which pages they consulted, how long they stayed there, whether they clicked on any links...

In the longer term:

  • Cookies enable websites to improve the user experience. In other words, to improve the visitor's browsing experience on the site, as well as his or her level of satisfaction after having visited it.
  • The cookie also enables us to better understand the user's habits as a consumer, as well as his or her preferences, and to target advertising more effectively. For all these reasons, cookies have become an essential technological tool. But it's also a necessary part of Internet browsing.

To find out more about the usefulness of cookies, take a look at our article "What are cookies for?"

How do cookies work?

A cookie is a piece of information received from a site visited by an Internet user and stored on the latter's browser. But in concrete terms, how does it work?


Cookies work within the HTTP communication protocol. This protocol establishes fast connections between a computer and a server. Each time a user makes a request to a browser, a rapid response is provided in the form of a web page displayed. And voilà, a cookie is created and stored.

An easy-to-read diagram gives a better understanding of how cookies work than a lengthy explanation.

Note: A cookie has a limited lifespan, set by the site designer. The CNIL recommends 13 months. The same applies to information collected by cookies. The CNIL recommends keeping it for a maximum of 24 months.

Good to know: An Internet cookie is created from a page visited and becomes available only from the next page. This enables the browser to send the cookie to the server.

Can cookies be configured?

Yes, a user can manage their cookies and the information collected in different ways:

  • Directly in the browser. The steps depend on the browser and are described in the browser's help menu, explaining how to modify cookie preferences.
  • Directly on the visited site: a widget or cookie management button allows users to accept or refuse cookies requiring consent, particularly those from third-party companies.

Are cookies regulated by the law?

After the public revelation of the existence of cookies on web pages in 1996, panic began to spread about the management of collected data and user privacy (see our article "Do cookies infringe on user privacy?").

It wasn't until 2002 that a directive, ePrivacy Directive 2002/58/EC, regulated cookies and introduced protective measures for website users:

  • 2002: obligation to provide information on the existence of cookies.
  • 2009: obligation to consent to the existence of cookies (Directive 2002/58/EC amended in 2009, transposed into article 82 of la loi Informatique et Libertés the French Data Protection Act).
  • 2016:  clarification of the conditions for obtaining consent. It must be free, precise, informed and unambiguous. The user must be able to withdraw it at any time with the same ease as giving it (GDPR, General Data Protection Regulation . applicable since May 25, 2018).
  • 2020: the CNIL provides practical examples of consent gathering (Decisions no. 2020-091 and no. 2020-092 of September 17, 2020).

In practice, websites now have several obligations towards users regarding cookies:

  • They must display a visible banner informing users of the purpose of cookies: 
  • They must obtain consent to create and store data.
  • They must allow users to set cookie preferences.
  • They must allow users to refuse cookies.

Good to know: Not all cookies require the user's consent. This is particularly the case for those required for functionalities expressly requested by the user or for communication functions, such as language selection or storage of preferences.


Whether you're a brand with an online presence or a user, cookies have not escaped your notice. A veritable goldmine of information on websites, cookies collect and store browsing data. Sometimes, they even determine access to online content. When a site receives visitors from France, its owner must follow CNIL instructions on the creation and use of both internal and third-party cookies.

Post by
CEO & Co-founder - Axeptio

CEO & Co-founder - Axeptio


Related articles

Ensuring GDPR Compliance with Your Shopify Store

Ensuring GDPR Compliance with Your Shopify Store

Today, protecting customer data is paramount and becoming a requirement around the globe. The General Data Protection Regulation (GDPR) is a critical legislative framework designed to...
The American Privacy Rights Act of 2024 (APRA)

The American Privacy Rights Act of 2024 (APRA)

The U.S. Congress has been trying for several years now to adopt comprehensive federal legislation for privacy protection. In April 2024, a bipartisan and bicameral bill proposal was...
Axeptio and Law 25: An essential Asset for Small Businesses

Axeptio and Law 25: An essential Asset for Small Businesses

Patricia Filiatrault is the founder of a web agency in Quebec that bears her name: PF Communications. She helps companies with their website and SEO projects, navigating the challenges of...