What Is a Cookie? (No, Not That Kind – The Website Kind)

By Ken Hollow, the man who had to explain to a fox spirit that the “accept all cookies” button is not an invitation to baked goods

She clicked “Accept All Cookies” on a banking website with the enthusiasm of someone who had just been offered something wonderful.

“Nana. Do you know what you just agreed to?”

“They’re offering cookies. I accepted. This is polite.”

“They’re not actual cookies.”

“Then what are they?”

This is, genuinely, one of the most asked questions on the internet. The cookie banner is everywhere. The explanation never comes with it. Here’s what cookies actually are, what they do, and whether you should be hitting “accept all” or “manage preferences.”

What a Cookie Actually Is

When you visit a website, your browser and the website’s server are stateless – they don’t automatically remember each other. Every time you load a new page, technically the server has no idea you were just there a moment ago.

Cookies solve this. A cookie is a small text file the website saves in your browser. The next time you visit, your browser sends that file back to the server – essentially saying “hi, it’s me, here’s what you know about me.” The server reads it and picks up where you left off: you’re still logged in, your cart still has the thing you added, the website is still set to your preferred language.

Without cookies, you’d have to log in to every website on every single page load. Cookies are what make the modern web usable.

The Three Types of Cookies

Essential / Functional Cookies: These are what cookies were invented for. They keep you logged in, remember your shopping cart, store your language and layout preferences. Without them, the website breaks or becomes extremely frustrating. You cannot opt out of these – most sites won’t even ask, because without them the site doesn’t function.

Analytics Cookies: These track how you use the website – which pages you visit, how long you stay, what you click on. The data is usually aggregated and used by the website owner to understand their traffic. Tools like Google Analytics work via these cookies. They don’t personally identify you (usually), but they do track your behavior on the site.

Third-Party Tracking Cookies: These are the ones that concern privacy advocates. Third-party cookies are set not by the website you’re visiting, but by advertising networks embedded in the page (Google Ads, Facebook Pixel, etc.). When you visit multiple websites that all use the same ad network, that network’s cookie follows you across all of them – building a profile of your browsing habits that can be used to show you targeted ads. This is why you look up running shoes and then see running shoe ads everywhere for a week.

Why You’re Seeing Cookie Banners Everywhere

The cookie consent banners that now appear on almost every website are a result of privacy laws – primarily the EU’s GDPR (General Data Protection Regulation) and similar laws in other regions. These laws require websites to get your consent before setting non-essential tracking cookies.

The banners themselves have become something of a dark pattern – the “Accept All” button is large and obvious, while “Manage Preferences” or “Reject Non-Essential” is small, buried, or requires multiple clicks. The law says they must ask. It doesn’t say how prominently they have to display the “no” option.

Many websites work perfectly fine if you reject all non-essential cookies. The “Accept All” button is primarily for their benefit, not yours.

Should You Accept or Reject Cookies?

The practical answer depends on the type of site and how much you care about tracking:

Essential cookies: Always accept. They’re required for the site to work.

Analytics cookies: Accepting helps the website owner understand their audience. Rejecting reduces your data footprint. Low stakes either way.

Third-party tracking cookies: Rejecting these is the privacy-conscious choice. They’re what allows ad networks to follow you across the web. Most websites function identically whether you accept or reject these.

The quick heuristic: for websites you use regularly and trust (your bank, your email provider, your favorite news site), accepting all is low risk. For random websites you visit once, clicking “manage preferences” and rejecting everything except essential is worth the extra two seconds.

Incognito mode doesn’t prevent cookies from being set during your session – it just deletes them when you close the window. We cover what incognito actually does (and doesn’t) protect in this guide.

How to Clear Cookies

Clearing cookies resets all tracking data saved in your browser. It also logs you out of every website – so plan accordingly.

Chrome: Settings ? Privacy and security ? Clear browsing data ? Check “Cookies and other site data” ? Clear data

Safari (iPhone): Settings ? Safari ? Clear History and Website Data

Firefox: Settings ? Privacy & Security ? Cookies and Site Data ? Clear Data

Edge: Settings ? Privacy, search, and services ? Clear browsing data ? Choose what to clear

You can also block third-party cookies specifically in most browsers without clearing everything. In Chrome: Settings ? Privacy and security ? Third-party cookies ? Block third-party cookies.

TL;DR

Cookies are small files websites save in your browser to remember you – keeping you logged in, saving your cart, and storing preferences. Essential cookies make websites work; analytics cookies track site usage; third-party tracking cookies follow you across multiple websites to build advertising profiles. The privacy concerns are specifically about third-party tracking cookies. Cookie consent banners are legally required – hitting “Accept All” is primarily the website’s preference, not yours. On sites you don’t trust, reject everything except essential. Clearing cookies logs you out everywhere but resets tracking data. Incognito mode deletes cookies when you close the window but doesn’t block them during your session.