Strictly Necessary and Non-essential Cookies

Strictly necessary cookies are cookies required for the website to function and provide the basic information requested by the website user.

These cookies are exempt from collecting user consent and can be set regardless. However, some legislation requires the website to inform still a website user of necessary cookies and their purpose on the site.

A good example of necessary cookies are cookies supporting login functions for a self-service platform or a shopping cart and payment cookies on an e-commerce website.

A non-essential cookie, on the other hand, is not required for the website to function. Here, in Cookie Information, we differentiate such cookies by their purposes: Functional, Statistical, or Marketing.

Functional, Statistical and Marketing cookies

  • Functional cookies help you as a website owner to personalize your end-users browsing experience. Unlike necessary cookies, these cookies support additional functionality that enhances your site.

    • These cookies are anonymous and don’t track browsing activity across other websites.

    • An excellent example of a functional cookie is a cookie that remembers user location, chosen language or other settings to provide a personalised user experience on a website. Other examples of functional cookies include chat services and user preferences.

  • Statistical cookies track user browsing behaviour over a certain period. Data collected by a statistical cookie are for statistical purposes only, such as analysing and reporting visitor interactions with a website.

  • Marketing cookies are usually third-party persistent cookies that track visitor web activity to provide targeted advertisement. These cookies, unlike statistical cookies, are used to support online marketing by collecting information about the users to promote products through partners and other platforms.

An excellent example of marketing cookies is a social media cookie that tracks users as the user visit other websites to provide targeted advertisements on social media platforms.

First-party and Third-party Cookies

First-party cookies are set and stored by the visited website itself. The data collected by these cookies are usually only available to the website owner.

Third-party cookies are created and set by a service that differs from the one the user is visiting. Third-party services set these cookies, and the data collected can usually be accessed on any website that utilises the same service.

Many web browsers offer to block third-party cookies within their privacy settings. Internet browsers like Safari and Firefox block all third-party cookies by default.

Session and Persistent Cookies

A session cookie’s lifespan is limited to the end-user navigating a website. These cookies expire when the user deletes the cookies by terminating the session, e.g., closing the browser. Therefore, session cookies do not have an expiration date.

Persistent cookies, on the other hand, have a clearly defined expiration time. These cookies remain on the computer until after this expiration time runs out or if the user clears their cache.

The information stored in a persistent cookie is transmitted to a server every time the user visits the website. It is also transmitted every time the user views a resource belonging to that website from another website.

Server-side vs Client-side

Server-side and client-side are web development terms that describe where the application code (cookie code) runs.

Server-side means that a website’s JavaScript runs on the website’s server.

Client-side means that a website’s JavaScript is rendered in your browser rather than on a server. The client-side is a default state for JavaScript websites.

HTTP-only Cookies

An HTTP-only cookie cannot be accessed by client-side APIs, such as JavaScript, making these cookies more secure.

Using the HTTP-only tag while creating a cookie helps prevent malicious code from sending the data collected by a cookie to a bad actor. When a browser sees an HTTP-only cookie, it returns an empty string after any client-side attempts to read the cookie.

Did this answer your question?