Types of Cookies
Not all cookies are the same. They differ by who sets them, how long they last, and what they do. Understanding these distinctions is essential for proper consent management.
What is a cookie
A cookie is a small piece of data that a website stores in the visitor's browser. It contains a name, a value, and metadata like expiry date and domain. When the visitor returns, the browser sends the cookie back to the website, allowing it to recognize the visitor or recall their preferences.
Every cookie has three attributes: a function (what it does), a party (who set it), and a duration (how long it lasts). For example, Google Analytics' _ga cookie is an analytics cookie (by function), first-party (by party), and persistent with a two-year expiry (by duration).
By function
Strictly necessary
Required for the website to function. Exempt from consent requirements under all major privacy laws because the site would break without them.
Examples: session cookies, CSRF tokens, authentication cookies, load balancer cookies, cookie consent preference cookies.
Analytics
Collect data about how visitors use the website: page views, time on site, bounce rate, traffic sources. Used to understand and improve the user experience.
Examples: Google Analytics (_ga, _gid), Hotjar, Mixpanel, Matomo.
Marketing / Advertising
Track visitors across websites to build profiles and serve targeted advertisements. Often set by third-party advertising networks. Social media embeds (share buttons, embedded posts, Like buttons) also fall into this category when they track visitor activity.
Examples: Meta Pixel (_fbp), Google Ads (_gcl_au), TikTok Pixel, LinkedIn Insight Tag, Facebook Like button, embedded social media widgets.
Functional / Preferences
Remember choices the visitor has made, such as language, region, or display preferences. The site works without them but may offer a degraded experience.
Examples: language preference cookies, theme selection (dark/light mode), recently viewed items.
LiteConsent uses these functional categories as the basis for consent choices. Your banner can have as many categories as you need, and you can name them however makes sense for your site. The categories above are the defaults that LiteConsent creates during the initial scan. You can customize, rename, add, or remove them in the Categories tab.
By party
| Type | Set by | Accessible to |
|---|---|---|
| First-party | The website the visitor is currently on | Only that website's domain |
| Third-party | A different domain (ad network, analytics service, social media platform) | The third party across all sites where their code is embedded |
A common misconception is that first-party cookies are inherently safe while third-party cookies are inherently invasive. In reality, first-party cookies can also be used for tracking. Google Analytics, for example, sets _ga as a first-party cookie on your domain, but the data is sent to Google's servers and used for analytics and potentially advertising insights. The consent category depends on what the cookie does, not who sets it.
Third-party cookies remain the primary mechanism for cross-site tracking. Safari and Firefox block them by default. Google chose to retain third-party cookies in Chrome but offers Privacy Sandbox APIs as an alternative for advertisers and publishers.
By duration
| Type | Lifespan | Common uses |
|---|---|---|
| Session | Deleted when the browser closes | Login sessions, shopping carts, CSRF tokens |
| Persistent | Stored until expiry date or manual deletion | Analytics IDs, preference storage, consent records |
How LiteConsent categorizes cookies
LiteConsent organizes cookies into categories that map to consent choices. When you add a site, the automatic scan identifies known cookies and suggests a category for each. The Setup Assistant then helps discover cookies the crawler missed. You can review and adjust all classifications in the Categories tab.
Each category can be independently accepted or rejected by the visitor. Strictly necessary cookies are always active and exempt from consent.