What Is a Tracking Cookie?

A tracking cookie is a small text file placed on your browser by websites or third-party services to monitor your online behavior. While some cookies are essential for website functionality (like keeping you logged in), tracking cookies are specifically designed to collect data about your browsing habits across multiple sites.

First-party cookies are set by the website you visit directly. Third-party cookies are set by external services embedded on the page — advertising networks, analytics platforms, and social media widgets. Under GDPR and ePrivacy regulations, most tracking cookies require explicit user consent before being placed.

Common Cookie Categories

Analytics Cookies

Analytics cookies collect data about how visitors use a website — page views, session duration, bounce rates, and traffic sources. Google Analytics (_ga, _gid), Adobe Analytics (s_cc, s_sq), and Hotjar (_hjSession) are the most common. These cookies require consent under GDPR because they process personal data like IP addresses and generate unique visitor identifiers.

Marketing & Advertising Cookies

Marketing cookies track users across websites to build interest profiles and deliver targeted advertisements. Meta Pixel (_fbp, fr), Google Ads (_gcl_au), and TikTok Pixel (_ttp) are widespread. These cookies always require prior consent as they process personal data for profiling purposes.

Privacy-Friendly Analytics

Privacy-respecting alternatives like Plausible, Fathom, and Simple Analytics operate without cookies entirely. Matomo can be configured cookie-free. These tools collect aggregate statistics without creating individual user profiles, often exempting them from consent requirements under GDPR guidance from data protection authorities like the French CNIL.

Functional & Consent Cookies

Some cookies are strictly necessary for site functionality — consent management platforms store your cookie preferences, load balancers maintain session routing, and authentication systems keep you logged in. Under GDPR Article 6(1)(f) and ePrivacy Directive Article 5(3), strictly necessary cookies are exempt from the consent requirement.

How to Use This Knowledge Base

Use the search bar above to find any cookie by name, vendor, or purpose. Filter by category (analytics, marketing, functional, privacy analytics, consent, or framework) to browse related trackers. Each entry shows the cookie vendor, typical duration, privacy risk level, GDPR consent requirement, and available privacy-friendly alternatives where applicable.

This database is useful for website auditors, privacy officers, and developers who need to document cookies in their privacy policies or conduct Data Protection Impact Assessments (DPIAs). All data is pre-researched and runs entirely in your browser — no external requests are made.

GDPR Cookie Consent Requirements

The GDPR and ePrivacy Directive require websites to obtain informed, specific, and freely given consent before placing non-essential cookies. This means:

• No pre-ticked boxes — consent must be an affirmative action
• Granular choice — users must be able to accept or reject cookie categories independently
• Easy withdrawal — rejecting cookies must be as easy as accepting them
• No cookie walls — access to the site should not be conditional on accepting tracking cookies
• Clear information — users must know what each cookie does, who sets it, and how long it lasts

Fines for cookie consent violations have increased significantly. In 2022, the French CNIL fined Google €150 million and Facebook €60 million for making cookie rejection more difficult than acceptance. The Italian Garante and Spanish AEPD have also issued substantial fines for cookie banner violations.