All terms

Glossary

Cookie

A small piece of data stored in the browser. Used for session state, preferences, analytics, advertising — and the trigger for most consent law.

Cookie — a small piece of data (typically under 4 KB) stored by the browser on behalf of a website, sent back to the server on subsequent requests.

Categories that matter for compliance:

  • Session cookies — expire when the browser closes. Cart, checkout, login.
  • Persistent cookies — survive browser restarts. Preferences, "stay logged in," tracking.
  • First-party cookies — set by the domain you're visiting. Cart, login.
  • Third-party cookies — set by another domain (e.g., googletagmanager.com on a Shopify store). Tracking, ads.
  • Strictly necessary vs functional vs analytics vs marketing — the consent categories.

Modern tracking has moved beyond cookies into:

  • localStorage / sessionStorage (DOM Storage)
  • IndexedDB
  • Server-side identifiers (Klaviyo's _kla_id)
  • Fingerprinting (canvas, WebGL, audio)

GDPR and ePrivacy apply to all of these — "cookies" is shorthand. A cookie banner that only blocks cookies but allows localStorage to set persistent IDs is not compliant.

See also: Strictly necessary cookies, Local storage.

Related terms