HTTP Cookies


What are cookies?

Simplistically stated, HTTP cookies are small text files stored on the visitor's computer, smartphone, etc. that are generated by some websites to store various information about visits to that website.

Types of cookies

First-party cookies
First-party cookies are issued by the website you are directly visiting. For example, if you are visiting, and a cookie is generated by that site, it is a first-party cookie.
An example of a useful first-party cookie would be one generated by the National Weather Service website ( that stores a default location you enter on the website so each time you visit the website, it automatically displays content customized for that location rather than displaying generic weather information every time you visit the site.
Third-party cookies
Third-party cookies are issued by a website other than the website you are directly visiting. For example, if you are visiting, and content displayed within from or generates a cookie, it is a third-party cookie.
Session cookies
Session cookies are issued by websites to maintain session state -- when certain information needs to be maintained throughout an active session with a website as the visitor moves throughout the site.
Websites involving online banking, e-commerce (shopping carts), web-based email systems (webmail), etc. are examples of websites that use session cookies in order to maintain an authenticated session, maintain a list of active shopping cart items, etc.

Options for allowing and blocking cookies

Modern web browsers allow users to customize cookie handling to varying degrees depending on the features available within the web browser. These features may include any of the following for first-party and/or third-party cookies:

Cookie handling exceptions

The instructions below show how to always allow cookies from by adding it as an allowed exception. Adding automatically includes, such as,, etc.

Microsoft Internet Explorer

  1. Click Tools then Internet Options.
  2. Click on the Privacy tab.
  3. Click the Sites button.
  4. Type in the Address of website field and click the Allow button.
  5. Click OK.
  6. Click OK.

Mozilla Firefox

  1. Click on Tools then Options (you may need to hit the Alt key on the keyboard before the menus appear).
  2. Click on the Privacy tab.
  3. If Use custom settings for history is selected next to Firefox will:
    1. Click the Exceptions... button.
    2. Type in the Address of website field and click the Allow button.
    3. Click Close.
  4. Click OK.

Google Chrome

  1. Click the Customize and control Google Chrome icon in the upper-right then Settings.
  2. Click Show advanced settings... at the bottom of the page.
  3. Click the Content settings... button.
  4. Click the Manage exceptions... button.
  5. Type where it reads Add a new hostname pattern and make sure Allow is selected beneath Behavior.
  6. Click OK.
  7. Click OK.

Apple Safari

NOTE: Safari 7.0.5 (the latest version at the time this document was last updated, 2 July 2014) and below provide no means to make individual allow/block exceptions for cookie handling. The only cookie handling options are shown below.

  1. Click the gear in the upper-right corner and click Preferences...
  2. Click the Privacy tab.
  3. Set the Block cookies and other website data setting to one of the following (see Safari 7: Privacy pane of Safari preferences for more information):
    • From third parties and advertisers
    • Always
    • Never
  4. Close the window.


RFC 6265: HTTP State Management Mechanism
HTTP Cookies: Standards, Privacy, and Politics
arXiv:cs/0105018v1 [cs.SE]
How Internet Cookies Work