Where Do Cookies Come From?

//
I have cookies on my computer from websites that no one in my household said they had visited. Is this possible? Is there a way to tell if a cookie was an actual site visited or a third-party cookie?

Yes, it’s very possible to find cookies from websites you’ve never been to. In fact, I’d say it’s almost a certainty.

However, I can’t think of a way of telling third-party cookies apart from those sites you actually visited.

It gets surprisingly complex.

Let’s look at where cookies come from.

Become a Patron of Ask Leo! and go ad-free!

The sites you visit

The most obvious source of cookies are those created when you visit a website.

That makes sense, and it’s probably what most folks immediately think of when they hear that a site uses cookies.

Ask Leo! is a fine example. The site uses cookies for a variety of things, the simplest being to remember whether or not you’ve seen the newsletter offer pop-up.

Resources used by the sites you visit

Cookies!A less-obvious way to accumulate cookies is from sites that pull resources from more than one web server.

For example, a site like http://reallybigbookstore.com might create and leave cookies under its own name, as above.

However, http://reallybigbookstore.com might load its images from another web site entirely — say, http://somerandomservice.com. If http://somerandomservice.com also uses cookies, it now has the opportunity to place a cookie associated with its domain on your machine.

That’s one source of unexpected cookies: when you visit http://reallybigbookstore.com, you get cookies for http://reallybigbookstore.com, but you also get cookies for http://somerandomservice.com.

That’s a third-party cookie. You’re the first party, the site you visit is the second party, and any additional sites involved are third parties.

Advertisers on the sites you visit

This is what most people think of when they think of third-party cookies.

Much like the image resources I just talked about, ads are also typically served up from another server. That server, too, has an opportunity to leave cookies on your machine.

Once again, Ask Leo! is a fine example. I have advertising on this site provided by Google’s AdSense service. As a result, you may find cookies produced from a variety of domains (http://googleads.g.doubleclick.net being one example) Google uses to provide those ads.

If you have third-party cookies enabled in your browser settings, you can expect to find cookies from advertising sites.

Cookies from pop-ups

Many people block or hide pop-up windows. Even if you do, cookies can still result from them.

I know that this sounds a little odd, but the net effect is that a cookie gets left for a web page you never see.

It depends on how your browser detects pop-ups, what kind of pop-up technology is being used, how quickly they’re detected, and exactly how they’re blocked, closed, or hidden.

In some cases, the pop-up can exist long enough to leave a cookie on your machine.

Cookies from sites you haven’t been to … yet

This might be the oddest of all.

Some web browsers pre-fetch pages that are linked on the current page you’re viewing.

For example, this page has links to other Ask Leo! articles. Once your browser has completed displaying this page, it may decide to go and fetch those other pages, just in case you decide to go to one of them.

Why? In a word, speed. If you do click one of those links, the page will come up faster, having already been downloaded.

Now, the question is: if there are links to other sites on a page you’re viewing, does pre-loading those sites also allow them to leave cookies? My belief is that that answer is: maybe. It depends on the site, the browser, and a number of other technical details.

But if that happens, you’ll find cookies for sites you might never have visited.

Podcast audio

Play

8 comments on “Where Do Cookies Come From?”

  1. really clear and useful answer. it is amazing if you browse with the cookies set to the setting that they must pop up one and by one and ask for permission before settling in your browser.

    Dozens can jump at one web page and if you block all of them google refuses to work properly.

  2. I use a utility called ccleaner to periodically clean up my cookies. I have set it to leave the cookies that I need and wipe the rest. It gets rid of clutter and could also avoid misunderstandings down the road.

  3. 256 byte Cookies are easily erased and do not add up all that fast. What most people are unaware of is the up-to 100,000 byte flash cookies, more correctly referred to as Local Shared Objects or .LSO’s, put onto your computer by companies using Adobe Flash. Since I installed Better Privacy an a Firefox add-on last summer, 3,838 LSO’s have been deleted from my computer. 264 have been removed since Feb 1st. Now if each LSO was 100k in size that would mean over 380 megabytes of unwanted information stored on my computer.

    See: http://windowssecrets.com/2008/10/23/06-Flash-cookies-are-putting-your-privacy-at-risk .

    Also see https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ for more information.

  4. For most (maybe all) browsers you can block third-party cookies. This is what I recommend. You don’t really need them and they are just used for marketing.

  5. CCleaner is nice. I recommend it! I use it to clean cookies and other junk I don’t want using real estate. It’s fast and efficient.

  6. Why doesn’t Norton et al ask if you want to accept the cookie?

    Because you’d spend all day answering the question for every cookie that gets left on your machine and would get nothing done.

    Leo
    24-Feb-2011

  7. I use IE tools to delete my temp files and used to also delete cookies. I was told to leave the cookies. When I was deleting the along with the temp files , I never noticed a problem. What do you recommend. Thanks ,Joe

    I rarely, if ever, delete cookies. If I remember, I turn off “accept third party cookies” but that’s about as far as I go.

    Leo
    28-Feb-2011

Comments are closed.