Where Do Cookies Come From?

So many places, including sites you’ve never “been” to!

Cookies are a fact of life when browsing the web. But if you look at the cookies stored on your machine, you might be surprised how many there are.

I have cookies on my computer from websites that no one in my household said they had visited. Is this possible? Is there a way to tell if a cookie was an actual site visited or a third-party cookie?

It’s more than possible to find cookies from websites you’ve never been to. I’d say it’s almost a certainty.

However, I can’t think of a way of telling third-party cookies apart from those sites you actually visited.

It gets surprisingly complex.

Let’s look at where cookies come from.

Become a Patron of Ask Leo! and go ad-free!

Where Cookies Come From

Cookies can come from the sites you visit, sites used by the sites you visit, sites that advertise on the sites you visit, sites linked to by the sites you visit, and probably more. In short, they come from all sorts of places whether or not you actually look at pages from those specific sites.

The sites you visit

The most obvious source of cookies are those created when you visit a website.

That makes sense, and it’s probably what most folks immediately think of when they hear a site uses cookies.

Ask Leo! is a fine example. This site uses cookies for a variety of things, the simplest being to remember whether or not you’ve seen the newsletter offer pop-up or if you’re signed in as a customer or patron.

Resources used by the sites you visit

A less-obvious way to accumulate cookies is from sites that pull resources from more than one web server.

For example, a site like https://reallybigbookstore.com might create and leave cookies under its own name, as above.

However, https://reallybigbookstore.com might load its images from another website entirely; say, https://somerandomservice.com. If https://somerandomservice.com also uses cookies, it now has the opportunity to place cookies associated with its domain on your machine.

That’s one source of unexpected cookies: when you visit https://reallybigbookstore.com, you get cookies for https://reallybigbookstore.com, but you also get cookies for https://somerandomservice.com.

That’s a third-party cookie. You’re the first party, the site you visit is the second party, and any additional sites involved are third parties.

Advertisers on the sites you visit

This is what most people think of when they think of third-party cookies.

Much like the image resources I just talked about, ads are also typically served up by another server. That server, too, has an opportunity to leave cookies on your machine.

Once again, Ask Leo! is a fine example. I have advertising on this site. As a result, you may find cookies produced from a wide variety of domains used to provide those ads.

If you have third-party cookies enabled in your browser settings, you can expect to find cookies from advertising sites. (If you aren’t sure, Google “[your browser name] third party cookie setting”.)

Cookies from pop-ups

Many people block or hide pop-up windows. Even if you do, cookies can still result from them.

I know that this sounds a little odd, but the net effect is that a cookie gets left for a webpage you never visited.

It depends on how your browser detects pop-ups, what kind of pop-up technology is being used, how quickly they’re detected, and exactly how they’re blocked, closed, or hidden.

In some cases, the pop-up can exist just long enough to leave a cookie on your machine.

Cookies from sites you haven’t been to… yet

This might be the oddest of all.

Some web browsers pre-fetch pages linked on the current page you’re viewing.

For example, this page may have links to other Ask Leo! articles. Once your browser has completed displaying this page, it may decide to fetch those other pages just in case you decide to go to one of them.

Why? In a word, speed. If you click one of those links, having already been downloaded, the page will come up faster.

Now, the question is: if there are links to other sites on a page you’re viewing, does pre-loading those sites also allow them to leave cookies? I believe the answer is: maybe. It depends on the site, the browser, and several other technical details.

But if that happens, you’ll find cookies for sites you might never have visited.

Do this

Cookies are interesting, but they’re also a fundamental way the web works.

And they’re not something to get overly concerned about. (They’re almost impossible to avoid, anyway.)

Get a cookie from https://newsletter.askleo.com! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Download (right-click, Save-As) (Duration: 5:11 — 7.2MB)

Subscribe: Apple Podcasts | RSS

Related Video

9 comments on “Where Do Cookies Come From?”

Alex

February 22, 2011 at 8:22 am

really clear and useful answer. it is amazing if you browse with the cookies set to the setting that they must pop up one and by one and ask for permission before settling in your browser.

Dozens can jump at one web page and if you block all of them google refuses to work properly.
Lester

February 22, 2011 at 8:32 am

I use a utility called ccleaner to periodically clean up my cookies. I have set it to leave the cookies that I need and wipe the rest. It gets rid of clutter and could also avoid misunderstandings down the road.
Rod

February 22, 2011 at 11:32 am

256 byte Cookies are easily erased and do not add up all that fast. What most people are unaware of is the up-to 100,000 byte flash cookies, more correctly referred to as Local Shared Objects or .LSO’s, put onto your computer by companies using Adobe Flash. Since I installed Better Privacy an a Firefox add-on last summer, 3,838 LSO’s have been deleted from my computer. 264 have been removed since Feb 1st. Now if each LSO was 100k in size that would mean over 380 megabytes of unwanted information stored on my computer.

See: http://windowssecrets.com/2008/10/23/06-Flash-cookies-are-putting-your-privacy-at-risk .

Also see https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/ for more information.
Richard Deem

February 22, 2011 at 2:29 pm

For most (maybe all) browsers you can block third-party cookies. This is what I recommend. You don’t really need them and they are just used for marketing.
Snert

February 23, 2011 at 8:57 am

CCleaner is nice. I recommend it! I use it to clean cookies and other junk I don’t want using real estate. It’s fast and efficient.
Rob

February 24, 2011 at 12:50 pm

I guess what it really means is: stay off the porn sites if you don’t want the family to know you have been there!!!
Patrick

February 24, 2011 at 2:22 pm

Why doesn’t Norton et al ask if you want to accept the cookie?

Because you’d spend all day answering the question for every cookie that gets left on your machine and would get nothing done.

24-Feb-2011
- Mark Jacobs (Team Leo)
  
  October 21, 2022 at 7:27 am
  
  Since this comment was posted, idiot politicians in the EU have made it a requirement to give people the choice whether or not to accept cookies. Different websites have different ways of letting you choose which cookies to accept. It’s a real pain in the butt.
Joe Doran

February 28, 2011 at 12:59 pm

I use IE tools to delete my temp files and used to also delete cookies. I was told to leave the cookies. When I was deleting the along with the temp files , I never noticed a problem. What do you recommend. Thanks ,Joe

I rarely, if ever, delete cookies. If I remember, I turn off “accept third party cookies” but that’s about as far as I go.

28-Feb-2011

Comments are closed.