App Logo
Log in Sign up

Why Are Cookies Called Cookies? Browser Cookies Explained

Avery Olsen ·

Browser cookies are called “cookies” because of an old computing term — “magic cookie” — which described a small piece of data passed between programs. When Netscape engineer Lou Montulli invented the web cookie in 1994, he borrowed the term from this existing computer science concept. The name stuck, and now billions of cookies are set and read by websites every day.

The Origin Story

In 1994, the web was brand new and had a fundamental problem: HTTP is stateless. Every time your browser made a request to a website, the server had no memory of previous requests. It couldn’t tell if you were a returning visitor, whether you were logged in, or what was in your shopping cart. Every page load was a fresh start.

Lou Montulli, a 23-year-old programmer at Netscape Communications, needed a solution. He was working on an ecommerce feature and needed a way for the server to “remember” a user between page loads without storing everything on the server side.

He adapted the concept of a magic cookie — a term already used in Unix computing since the 1970s for a small token of data passed between programs to identify a transaction. Montulli’s version was a small text file that a web server could store in the user’s browser and read back on subsequent visits.

He called it a “cookie” (dropping the “magic” part), and it was included in Netscape Navigator, the dominant browser at the time. The first specification was published as an Internet Engineering Task Force RFC in 1997, and web cookies became a foundational technology of the internet.

What Are Browser Cookies?

A cookie is a small text file (typically under 4KB) that a website stores on your computer through your browser. It contains key-value pairs of data — usually an identifier and some preferences or session information.

When you visit a website, the server can:

  1. Set a cookie — send a small piece of data to your browser to store
  2. Read a cookie — on your next visit, your browser sends the stored cookie back to the server

This simple mechanism enables the server to “remember” things about you between visits.

What Do Cookies Actually Store?

Cookies typically contain:

  • Session identifiers — a unique ID that links you to your server-side session (so you stay logged in)
  • Preferences — language settings, theme choices, display preferences
  • Shopping cart contents — what items you’ve added before checkout
  • Authentication tokens — encrypted data proving you’ve logged in
  • Tracking identifiers — IDs used by analytics and advertising platforms to track your browsing behavior

A single cookie might look like this:

session_id=abc123def456; expires=Thu, 05 Mar 2026 12:00:00 GMT; path=/; secure; HttpOnly

Types of Cookies

First-Party Cookies

Set by the website you’re actually visiting. These are essential for basic website functionality:

  • Keeping you logged in
  • Remembering your shopping cart
  • Saving your language preference
  • Maintaining your session state

First-party cookies are generally considered helpful and non-controversial.

Third-Party Cookies

Set by a domain other than the one you’re visiting — typically by advertising networks, analytics services, or social media widgets embedded on the page. These are the controversial ones.

Example: You visit a news site that has a Facebook Like button embedded. Facebook sets a cookie in your browser from the facebook.com domain, even though you’re on the news site. Now Facebook can track that you visited that news site — and every other site with a Facebook widget.

Third-party cookies are what enable cross-site tracking and targeted advertising. They’re being phased out by most browsers due to privacy concerns.

Session Cookies

Temporary cookies that are deleted when you close your browser. Used for things like keeping you logged in during a single browsing session.

Persistent Cookies

Cookies with an expiration date in the future. They remain on your device until they expire or you manually delete them. Used for “Remember Me” login features, preference settings, and tracking.

Why Cookies Matter for Online Advertising

Cookies are foundational to how digital advertising works — and why the industry is in a state of disruption:

How Advertising Cookies Work

  1. You visit a website that has an ad network’s tracking pixel
  2. The ad network sets a cookie in your browser with a unique ID
  3. As you browse other sites with the same ad network, the cookie follows you
  4. The ad network builds a profile of your browsing behavior
  5. Advertisers use this profile to show you targeted ads

This is how you see ads for shoes after browsing a shoe website — the advertiser’s tracking cookie followed you across the web.

Third-party cookies are being phased out:

  • Safari — blocked third-party cookies since 2020 (Intelligent Tracking Prevention)
  • Firefox — blocked third-party cookies by default since 2022
  • Chrome — has been planning to phase out third-party cookies, with various delays and alternatives proposed through the Privacy Sandbox initiative

This “cookie apocalypse” is forcing advertisers to adopt new tracking methods:

  • First-party data strategies — collecting data directly from customers
  • Server-side tracking — Meta’s Conversions API, Google’s server-side tagging
  • Contextual advertising — targeting based on page content, not user behavior
  • Privacy-preserving APIs — Google’s Topics API, Attribution Reporting API

What This Means for Marketers

If you run digital ads, the shift away from third-party cookies means:

  • Pixel-only tracking is becoming unreliable. Implement server-side solutions like Meta’s Conversions API (CAPI) alongside your browser pixel.
  • First-party data is increasingly valuable. Email lists, customer databases, and CRM data become more important as third-party tracking degrades.
  • Attribution is getting harder. Without cross-site cookies, measuring the full customer journey across channels requires more sophisticated attribution models.
  • Contextual targeting is making a comeback. Instead of targeting users based on behavior, more advertisers are targeting based on the content of the page where the ad appears.

Frequently Asked Questions

Are cookies dangerous?

No. Cookies are plain text files — they can’t run code, install software, or access your files. They can only store and transmit small pieces of text data. The privacy concern with cookies is about tracking behavior, not about security threats.

Should I accept cookies on websites?

For first-party cookies (the ones that keep you logged in and save your preferences), yes — they make websites work properly. For third-party/tracking cookies, it’s a personal privacy decision. Declining them may result in less personalized ads but more privacy.

Can I delete cookies?

Yes. Every browser has settings to view and delete cookies. You can clear all cookies, clear cookies from specific sites, or set your browser to automatically delete cookies when you close it.

Why do websites ask about cookies?

Due to privacy regulations — primarily the EU’s GDPR and ePrivacy Directive, and California’s CCPA. These laws require websites to inform users about cookie usage and, in many cases, get consent before setting non-essential cookies.

The Bottom Line

Browser cookies got their name from an old Unix computing term (“magic cookie”) that described a small data token passed between programs. The web version, invented in 1994, solved the fundamental problem of HTTP statelessness — enabling login sessions, shopping carts, and personalized experiences. Today, cookies are at the center of a major shift in digital advertising as third-party tracking cookies are phased out and the industry moves toward privacy-preserving alternatives.