What are cookies, really?
No code, no legalese. Just what a cookie actually is, which kinds put you at risk, and the one moment that decides whether your site is compliant: consent.
Harmless on their own. Powerful in bulk.
- 01A site sets a cookie
When you load a page, the site (or a tool on it, like Google Analytics) writes a small file to your browser with a value, often just a random ID.
- 02Your browser sends it back
On every later visit, the browser hands that file back, so the site recognizes you, your cart, and your settings.
- 03Third parties join in
The risky part: ad and analytics companies set their own cookies through your site, following the same visitor across the web. That's tracking, and it's what consent law is about.
Set by your own domain, for your own purposes, like keeping someone logged in or remembering a cart.
Usually the low-risk ones. Many are exempt from consent because the site simply can’t work without them.
Set by other companies through your site: ad networks, analytics, social pixels.
These follow people across sites. Under GDPR they almost always need consent before they fire.
Every cookie falls into one of five buckets.
It’s the same grouping your scan report uses. The further down this list a cookie sits, the more it needs consent.
The whole rule, in one idea.
See which of these are on your site.
One scan sorts every cookie into these five buckets and tells you what's firing before consent.