Cookie is a file stored in your computer or mobile, allowing the server to identify your device.

What is Cookie?

Cookie is a file stored in your computer or mobile, allowing the server to identify your device.

Cookie temporarily saves your browsing history, items in your shopping cart, language preference etc.  When you re-visit certain websites which you have browsed before, the website shows you the web pages in the same setting.  One example is if you enable “automatic login”, then Cookie would record your login credentials.  When login the same page again (and Cookie has not yet expired), you would not need to enter user ID and password repeatedly.

Session Cookie


Persistent Cookie

There are different types of cookies.  Session cookies are only stored on your device whilst the users are visiting the website, and are deleted when you log off or close browsers.  Persistent cookies remain on the device for a period of time after you log off or close browsers.

First-party Cookie


Third-party Cookie

First-party cookies are created by the website that you are currently visiting.  First-party cookies mainly contain your browsing history and keep you log in.  Generally, first-party cookies are safer.  Denying them may disable your access to certain websites or parts of them.

Examples of third-party cookies include advertising and social media cookies.  Third-party cookies are mainly created on your device through advertising banners and originated from social media platform, advertisers and marketing companies who track your consumption preference, browsing history in order to provide your personalised advertisement.  Have you ever come across so many sporting goods advertisements after visiting a sporting products website?  This is the power of advertising cookies. 

General Data Protection Regulation enacted in 2018 requires to obtain the consent of subjects for data processing.  Except for essential Cookies, only after having obtained such written consent, may the website use Cookies to collect or track the users’ data.  When you visit a website for the first time, a statement shows at the bottom of the website asking for your permission to use Cookies.

Privacy risks associated with Cookie

While Cookies provide convenience to internet users, one should beware the privacy risk associated with them.  Notwithstanding the user settings, some malicious websites use Cookies on your device and are difficult to remove.  This is called as“zombie cookie”.  Such cookies would send your browsing history to advertisers. 

Furthermore, hackers can use cross-site scripting attack to steal Cookies and log in to the user account. 

Good Cookie Management

If you are not sure whether to allow the website you are visiting to create Cookie or not, then deny them.  If you want to enhance your privacy protection, you should check your browser on how to change settings. “Private browsing” or “safe browsing mode” normally automatic disable Cookie, however, you should still beware of privacy risk on the Internet.

The “General Data Protection Rules” implemented in 2018 stipulate that cookies are not strictly necessary for the basic function of website must only be activated after end-users have given their explicit consent to the specific purpose of their operation and collection of personal data. When you visit a website for the first time, a statement will appear at the bottom of the page to seek your agreement for the use of cookies, which is the requirement of this rule.

Differences between HTTP and HTTPS

HTTP (HyperText Transfer Protocol) is the foundation of data communication for the World Wide Web, which defines the communication between the server side and client side.  HTTP was initially designed in plain text, that is not encrypted, so it is a possibility that leads to information leakage.  HTTP is not suitable for transmitting sensitive information such as password.

SSL (Secure Sockets Layer) was created by Netscape for managing the security concern.  SSL was then evolved to become HTTPS (HyperText Transfer Protocol Secure).  All websites encrypted by SSL use https:// at the beginning at the web address, such as  Always make sure “https://” appears at the beginning of the web address before you provide any sensitive information (e.g. login password) over the Internet.

Is a website that starts with https safe?

URL starts with “https” may not be safe, as it only means that the communication is encrypted, and does not mean that the website is free of fraudulent elements.

You may be interested in

Artificial Intelligence (AI in abbreviation) is a technique of machine imitating human intelligence. In the 50’s, there were scientists suggesting…

The Hong Kong Monetary Authority (HKMA) unveiled “Fintech 2025” in the mid-2021, which aims to encourage the financial sector to…

The Internet reaches almost everywhere and contains massive source of information. How much information is accessible to the public? From…

In the digital age, teenagers have started to use the Internet since their childhood. Online content varies greatly. To what…

Welcome to the metaverse journeyThe concept of the Metaverse originates from Snow Crash, a science fiction novel published in 1992…

Sign up for web hosting today!

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.