Each time a website is accessed, a cookie is generated or an extension is added to an existing cookie that was created when the user first visited the site. This data package in the form of a small text file is stored by the web browser and exchanged with the target server. The first-party cookies generated by the website alone are primarily there to recognise the user and their preferences. Their presence is mostly harmless and helps the user rather than spy on them. But what exactly are first-party cookies?
- What is a first-party cookie?
- What is the purpose of first-party cookies?
- An example showing how first-party cookies work
- How are first-party cookies different from third-party cookies?
- What is the significance of the General Data Protection Regulation (GDPR) for first-party cookies?
What is a first-party cookie?
First-party cookies (also known as “HTTP cookies”) are small data packets that your web browser generates and exchanges with a dedicated web server. In return, only this server has access to its own cookie due to being the “first party.” This makes surfing the internet more enjoyable, because the website recognises you and automatically applies your desired settings and fills in your log-in data. Website operators also use the data for their own online marketing, because it reveals a lot about the visitor’s surfing behaviour and interests. While many cookies expire when the session is over (these are known as “session cookies”), some stick around for years.
A first-party cookie is characterised by the fact that it can only be created and viewed by the website operator whose page you are visiting. Cookies that are generated by external sites (e.g. via advertisements) are called third-party cookies.
First-party cookies are user-orientated data packets that are generated and stored locally by the website operator. They are primarily intended for user comfort. Only the operator has access to these cookies later on. There are also so-called third-party cookies, which are generated by third-party providers.
What is the purpose of first-party cookies?
The most common data stored by a first-party cookie is website settings e.g. the language, metadata e.g. the cookie’s expiration time, and information entered by the users e.g. log-in data and personal data sent via web forms. Entries in search masks are also saved so that the user can access them again more quickly at a later date.
How a first-party cookie is stored on your computer depends on your web browser. Either each new webpage generates its own text file as a cookie or this is stored in a collective file. Your browser also enables you to manage cookies. You have the option to delete cookies, to fully or partly deactivate cookies, and to reactivate cookies in your browser. However, since first-party cookies are mainly intended for user-friendliness, it is generally not recommended to deactivate or block them permanently.
What are the advantages of first-party cookies for users?
The main advantage of a first-party cookie is that it increases a website’s user-friendliness. This makes visiting the website a more comfortable experience. Other advantages include:
- You don’t have to choose your desired language every time you visit a website that is also available in other languages (although this is often achieved with a location query in the browser)
- Log-in data (except the password) is automatically entered so that you can log in faster
- Web forms suggest information you have already entered e.g. item details on sale websites or personal details for orders
- Many websites offer the option of displaying the most recently visited subpages, with information that is stored in the cookie
- Search masks suggest the most recently entered search terms so that you can return to a specific page of results more quickly
As soon as you leave the respective website, the first-party cookie will no longer work. Only when the page is visited again, will it be read and extended if necessary.
What are the advantages of first-party cookies for website operators?
Without cookies – especially first-party ones – website operators wouldn’t be able to make their websites available in the way they do today. Many web applications such as online shops would not be able to store important information for operations without the help of these cookies. This is how websites benefit from first-party cookies:
- Cookies make your website more elegant and easier to use. Visitors are therefore more likely to visit your site again.
- The data obtained is helpful for drawing conclusions about user behaviour and to improve the website accordingly.
- First-party cookies generally have a long life expectancy, especially because they are not blocked or removed by external software such as Adblocker. Furthermore, first-party cookies are trusted more compared to third-party cookies.
An example showing how first-party cookies work
Next, the website may ask you which language you prefer. This setting will also be stored in the cookie. If the website has a log-in option, you must register in order to use it fully. To do this, create an account with your e-mail address and a secret password that you will use to log in from now on. To facilitate this process, the cookie stores your e-mail address (but not your password). This means that when you next visit the site, you only need to enter your password because the site reads the e-mail address stored in the cookie.
The website has a large archive of information. To help you quickly find the pages you have visited, there is a small sidebar that links to the most recently visited subpages. This is also enabled by the cookie. Because all information in this example comes exclusively from this website, this text file is a first-party cookie. It is primarily intended to better your experience on the website. At the same time, the website operator receives valuable information on user behaviour.
However, an unknown third party is still present: an advertising banner hosted by a third party has meanwhile placed its own cookie to store your usage data as well. This information is collected by a third party for web analytic purposes. From now on, they can follow your steps on the internet if you visit a site that has advertisements from this provider. Since this is from a third party, it is referred to as a third-party cookie. The website operator has never informed you about this nor asked for your consent.
How are first-party cookies different from third-party cookies?
First-party cookies are generated directly by the website operator. For example, if you are browsing through our Digital Guide, only IONOS generates this first-party cookie as the “first instance.” Furthermore, only IONOS can read the corresponding cookie later e.g. in order to display the last search terms in our search mask. Online shops use short-lived cookies to store shopping baskets locally so that items are not lost when shopping. It’s only when the user has not been active on the site for a long time that the cookie is usually deleted and the shopping basket empties itself. First-party cookies are therefore primarily concerned with a website’s ease of use and largely benefit the user.
On the other hand, third-party cookies aren’t created by the website operator, but from third parties. This usually happens when an advertisement isn’t hosted on the operator’s server. In addition to the first-party cookie placed by the operators, the visiting page also generates a third-party cookie from the third party e.g. an advertising agency. If you then reactivate the same third party cookie on different websites (e.g. if you see the same ad), the third party can then track your behaviour on the internet and draw even more valuable conclusions. Third-party cookies are therefore an effective method of online marketing, especially targeting. They are much harder to control than first-party cookies.
In our guide to third-party cookies, find out how these work, what data they collect, and who uses this data for what reason.
What is the significance of the General Data Protection Regulation (GDPR) for first-party cookies?
On May 15th 2018, the new General Data Protection Regulation (GDPR) came into force in the EU, which changed data protection and online law. There needed to be a change, especially regarding third-party cookies, since they are mainly responsible for the digital footprints that people leave behind on the internet and enable targeted online marketing. First-party cookies, on the other hand are not mentioned in the GDPR. If you conduct business in the EU, it’s important to check what has changed regarding data protection so you don’t infringe on any regulations.
This text is usually displayed in the form of a banner, usually at the top or bottom of the page. Once read and accepted, it will no longer appear, since the process is stored in the first-party cookie. The next time you visit, the site “remembers” you so you won’t be asked for permission again unless you delete the cookie.
These text displays usually link to a more detailed explanation of data usage. Our policy discloses the origin, purpose, and validity of the cookies generated on our site. We make a separate distinction between first-party cookies and third-party cookies. In addition, visitors have the option to deactivate certain cookies (first-party and third-party) on the website via script, which usually makes configuration via the browser unnecessary. However, not all website operators offer this option.
In the following video, you can see how to delete cookies form the Chrome browser: