Let’s clear something up right away: when we talk about “cookies” on websites, we’re not talking about the gooey, chocolate-chip kind. (Sorry.) A few months ago, our CISO pulled us into a meeting about tracking scripts, privacy laws, and the fine print no one wants to read—and suddenly, we were 15 spreadsheets deep in the world of cookies.
That kicked off a full audit of cookie usage.
If you're working on cookie compliance whether for GDPR, a regulated industry, or just to do right by your users—this blog series is for you. We're breaking it all down: no jargon, no scare tactics, just real talk about what cookies are, why they matter, and how to keep your site compliant (without killing your UX).
So, What Is a Website Cookie?
Imagine you’re walking into your favorite local brewery. The bartender gives you a nod, pours your usual IPA without asking, and even adds that lime wedge you always request—because they remember. That memory? That’s basically what a cookie does for a website.
A cookie is a small piece of data stored in your browser by a website. It helps the site remember who you are the next time you visit like keeping you logged in, saving your language preferences, remembering what’s in your shopping cart, or noting that you already said “no” to that newsletter popup (thanks for that).
Types of Cookies You’ve (Probably) Met
Strictly Necessary Cookies
These are the behind-the-scenes heroes. They keep you logged in, remember what’s in your shopping cart, and make sure pages load with your account and preferences in mind. Without them, the internet would feel broken.
Concrete CMS, for example, sets a session cookie when you log in that handles login functionality. It’s what keeps you authenticated.
These types of cookies usually don’t require consent under privacy laws because they’re essential to how the site functions. Still, it’s smart to document them—especially if you’re doing a full cookie audit.
Performance Cookies
Performance cookies are like the analytics team quietly working in the background. Think tools like Google Analytics or Matomo. They collect insights like:
- Which pages people visit most often
- How long they stay on each page
- How fast (or slow) your pages load
These cookies can be first-party (your own site) or third-party (external tools). Third-party cookies often track users across sites, which is why most privacy laws require user consent for them.
Functional Cookies
Functional cookies are the thoughtful ones. They remember your preferences so the site feels familiar and personal.
- Remember language and locale settings
- Keep track of display settings (e.g., dark mode)
- Recall login status
In Concrete CMS, they might remember your preferred language or keep you logged in longer. Depending on your region, you might need to disclose or get consent for these—especially if they store personal data.
Targeting or Advertising Cookies
Ever look at a pair of boots and then see them in ads for a week? That’s targeting cookies at work.
- Track websites you visit
- Build a profile of your interests
- Serve personalized ads
- Limit repeated ads
- Measure ad campaign effectiveness
These are typically set by third-party networks like Google or Facebook and always require clear, informed consent under laws like GDPR.
Why Do Websites Want You to Accept Cookies?
Because cookies help websites do their jobs better. But there’s a catch: some are tied to scripts that track your activity across multiple sites, like Google Analytics or web fonts.
These scripts might collect personal data (like your IP address or browsing behavior), triggering the need for explicit consent under laws like GDPR and CCPA.
That’s why you’re seeing all those cookie banners. Some see them as a nuisance, others a UX opportunity.
Okay, But Why Should You Care?
Cookies affect your online privacy. Even if you have nothing to hide, you probably still want a say in who’s collecting your data.
Think about it:
- Do you want companies tracking your activity across the web?
- Do you want targeted ads based on private searches?
- Or would you rather be asked first?
To limit tracking, try incognito mode or adjust your browser’s cookie settings. Privacy extensions can also help manage which sites store your data.
How Concrete CMS Helps with Cookies
If you're managing a website and wondering how to handle cookie compliance, especially with regulations tightening, Concrete CMS has your back.
So next time you see that cookie banner, maybe take a second to think before you blindly click “Accept All.” Your data deserves better.