Cookies played an essential role in the digital advertising ecosystem for several years. Their appearance enabled websites and advertisers to deliver more personalized experiences, track user behavior, and measure the performance of their campaigns. However, they also raise privacy concerns, especially as regulations evolve and browser support for certain types of cookies declines. Continue reading our glossary page to learn about the types of cookies, their uses, and limitations.
In this post
Technically, a cookie is a data packet sent from a web server to a user’s browser, which stores it locally and sends it back to the server with each subsequent request. This mechanism allows websites and third-party websites to “remember” users across sessions or even across different websites.
In digital advertising, cookies are commonly used to track user behavior, collect data on interactions, and serve personalized ads based on browsing history or interests. They help advertisers deliver relevant content while allowing websites to remember user preferences.
There are several ways cookies are important to modern digital advertising strategies:
Tracking behavior: Cookies enable advertisers to follow user journeys across web pages and platforms.
Personalization: Advertisers use cookies to analyze users’ past behavior and deliver tailored content and product recommendations.
Measurement: Cookies allow marketers to track impressions, clicks, and conversions, helping assess campaign performance.
Frequency capping: They prevent users from seeing the same ad too many times.
Attribution: Cookies help advertisers understand which channel or touchpoint led to a sale or conversion.
Since the use of cookies raises data privacy concerns when targeting audiences, there was a need to develop audience segmentation solutions that don’t rely on cookies, like Perion’s SORT®, an AI-driven, signals-based platform.
Cookies can be categorized by their attributes, by the party that sets them, or by their security level.
Categorized by attributes:
Session cookies are temporary and deleted when the browser is closed. They are used to maintain user sessions, such as keeping terms in a shopping cart during a single visit.
Persistent cookies, unlike session cookies, remain on the user’s device for a predefined period or until manually deleted. They are useful for remembering login credentials, preferences, and tracking returning users.
Secure cookies can only be transmitted over HTTPS connections, ensuring encrypted communication. They help prevent data interception or theft during transit.
HTTP-only cookies are not accessible via JavaScript, reducing the risk of client-side attacks like cross-site scripting (XSS). They are often used to store sensitive information like session tokens.
Cookies in this category can be first or third-party cookies, according to who sets them.
Categorized by who sets them:
First-party cookies are set by the website the user is currently visiting. These cookies help track behavior and preferences specific to that domain. First-party cookies have been growing in retail media and e-commerce. For example, an e-commerce site might use a first-party cookie to remember what items a user added to their cart.
Third-party cookies are set by a domain other than the one the user is visiting, typically by ad networks, social media platforms, or analytics providers. These cookies track users across multiple websites and are often used for retargeting and cross-site personalization.
Here are some key differences between first- and third-party cookies:
Cookies can also be used for malicious purposes and can pose security threats. These are often used to track users without consent, steal session information, or exploit vulnerabilities in the browser. This is why security best practices and privacy regulations, like the GDPR and CCPA stress transparency and user control over cookie usage.
In digital advertising, cookies serve various purposes:
Behavioral targeting shows ads based on browsing history and preferences.
Retargeting serves ads to users who previously visited a site but didn’t convert.
A/B testing stores user segments to test different versions of web pages or creatives.
Analytics measures traffic sources, bounce rates, time on site, and other key metrics.
Authentication keeps users logged in across sessions.
Despite their usefulness, cookies present several challenges:
Privacy concerns: Increasing user awareness and data protection laws require explicit consent for cookie tracking.
Browser restrictions: Major browsers are blocking or limiting third-party cookies, pushing advertisers to adopt alternative tracking methods.
Shorter lifespan: With new restrictions, cookies now expire faster or are blocked altogether, reducing their effectiveness in long-term tracking.
Device limitations: Cookies work best on browsers, but are less effective across devices, apps, and connected TVs.
