Should I Click 'Allow Cookies' On Every Website That Asks?

Feel like you're constantly being asked to accept cookies from every website you visit? We asked experts if it's safe.
Open Image Modal
picture alliance via Getty Images
Here's what you need to know about accepting web cookies.

Should you allow cookies every time you’re asked? Away from a computer, device or phone, the answer is absolutely “yes,” especially if they are of the chocolate chip variety. But cookies on websites is another story. Should we accept cookies when websites ask?

It’s complicated. Sit back, relax and maybe have a real cookie. We’ll figure this out and answer all the questions we think you have.

Is this really that complicated? Either we allow cookies on every website that asks, or we don’t. Don’t keep us in suspense: Which is it?

If you’re looking for a straight and easy answer so you can go click on something else, the answer is no, you should not click “allow cookies” on every website that asks. But there is some nuance to the whole website cookie situation, and so if you want to know when to allow cookies and when not to, then, yeah, it’s complicated.

Fine. What even are cookies?

When you visit a website and are asked if you’ll accept cookies, you’re accepting or rejecting text files. These text files are stored on your web browser, and they track and collect data from your browser, sending that information back to the website.

By the way, why in the heck are we calling text files ‘cookies?’

In the mid-1990s, a computer programmer named Lou Montulli invented these text files and called them cookies because he had heard the term “magic cookie” from an operating systems course in college. The original magic cookie term was similar to what he was trying to do, which is to improve a website’s memory, so that websites remember who you are when you come back to them (otherwise, you’d put something to buy later in an online shopping cart, and it would never stay there, which would be annoying if you closed your browser or tab and came back to it a few minutes later). And Montulli liked the sound of “cookie,” so there you go.

Are cookies bad?

“Overall, cookies are not bad or good,” said Cris Angulo, a computer expert at JustAnswer.com, a question and answer site. “Accepting them can be more of a personal preference on the sites you are visiting, allowing you to choose whether to give them data they can use to better tailor your online experience on websites.”

For instance, we mentioned the ability of an online store’s shopping cart to remember your stuff. Well, if you’re grateful when a website saves your log-in information so that you don’t have to continually retype your username and password, then you should thank the website’s cookies (and Lou Montulli).

Without cookies, if you go to a weather website, you’ll have to reenter your ZIP code every single time to see if it’s going to be raining or sunny in your area. If you frequent a dating website and want it to remember who you are and keep your profile, cookies will do that. If you use Facebook, LinkedIn and Twitter, you have cookies embedded in your computer. You get the idea: Cookies are everywhere on the internet.

In general, a website’s cookies are good (or unavoidable), and you should accept them.

But not all cookies.

How do we know what cookies to accept and what not to accept?

That is the main question that plagues all internet users. You see, there is more than one type of cookie.

Tim Finin is a professor of computer science and electrical engineering at the University of Maryland, Baltimore County, and he explained that there are three kinds of cookies that we are typically confronted with:

  • Session cookies. “Session cookies are the safest and most useful for users,” Finin said. “They help websites deliver content suited for your device and remember the choices you’ve made on them. They’re automatically deleted when you close your browser.”
  • Persistent cookies. Persistent cookies are created by websites you visit and stored on your device. They can recognise return visits and can remember helpful things about you, like your account. They can only be accessed by the site that created them,” Finin said.
  • Third-party cookies. “The least useful and [most] intrusive,” Finin explained. He said that these are cookies developed by third parties, and not text files made by the website you’re visiting, and these third parties “can save and integrate information about your web activities useful for marketing.”

Suddenly the internet seems exhausting (more than usual). Are you telling me I need to stay away from third-party cookies?

“You may want to block third-party cookies if you don’t want your behaviour on the web to be tracked by advertisers,” Finin said.

That’s because “when you click on ‘allow all cookies,’ you are giving carte blanche to the website to install dozens of third-party cookies and trackers,” said Roberto Yus, an assistant professor of computer science and a colleague of Finin’s at the University of Maryland, Baltimore County.

“These trackers can follow you when you browse and tell third-party companies which websites you visit,” Yus said, adding that suddenly advertisers will know which news articles you read and what products you look for in a search engine, “which includes anything from the mundane to the really sensitive like medications and drugs.”

It can get pretty crazy. Your computer, device or phone, they are all clogged with cookies.

“Websites will not just put one cookie on your browser, but may put dozens, to enable them to collect information about your use of their site,” said Fred Scholl, an associate teaching professor of cybersecurity and director of the graduate cybersecurity program at Quinnipiac University.

“These all fall into the category of first-party cookies, or cookies stored on your browser from the site you actually browsed to,” Scholl said, noting that the third-party cookies belong to “other sites, like ad agencies and data brokers.”

Those “embed tracking cookies in sites you may browse to, in order to monitor your browsing habits. This information can then be sold to other sites that may embed ads during your search experience.”

So how do I block third-party cookies from following me around?

You can do this by going to a search engine and looking up the directions for how to block the third-party cookies in your chosen browser (Google Chrome, Microsoft Edge, Mozilla Firefox, Apple Safari and so on). Now, that said, if you do banish third-party cookies from ever going to your browser, you may find that some websites simply don’t work well any longer.

“Some websites won’t let you have access to their websites if you don’t consent to cookies,” said Steve Weisman, a senior lecturer in law, taxation and financial planning at Bentley University and author and creator of scamicide.com, a website that deals with scams, online and off.

So if that’s the case, you’ll want to add the website to a list of those that you will accept third-party cookies from. Unless you have a really weird browser, yours should allow you to add these websites to a list it will store. In Google Chrome, for example, you can go to Settings > Privacy and security > Cookies and other site data, and then, where it says “Sites that can always use cookies,” you can click to add the websites you trust.

This sounds like a lot of work. I really don’t care if ads follow me around, especially if it’s something I might want to buy. I’m just going to click ‘yes’ any time a site asks if I’ll accept cookies.

That’s one way to go, but you really shouldn’t, Weisman said. He is the first to say that cookies can be helpful to consumers and make website use better, but, he said, “There are plenty of times that you shouldn’t allow cookies. In particular, if the website you are on is not encrypted.”

If that’s the case, Weisman says, “Your data isn’t protected and personal data such as credit card information can be more readily stolen.”

If you’re wondering how you can tell if a website isn’t encrypted, a sure sign is to look at the URL. If you notice that the web address doesn’t have an “s” after the “http,” then that’s a website that probably shouldn’t have cookies tracking your every move.

So the bottom line is that I should accept cookies from some websites?

Yes, from websites that you trust and often use. You can’t really get away from accepting cookies. That’s just the way the, well, you-know-what crumbles.