Advertiser Disclosure
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
Editorial Policy
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
We may be a little more obsessed with cookies than the average web surfer: after all, it’s in our name. But for something that plays such a pivotal role in how people use the internet on a daily basis, there’s a huge knowledge gap surrounding what cookies are and what they do.
So, what do people know and not know about cookies? We surveyed 1,000 U.S. adults to find out how much they know about how cookies work, how they manage cookies, and more.
Do Americans understand cookies?
How cookies work
How people interact with internet cookies
What happens if you reject internet cookies
Advice from our experts
Tips for a safe web-browsing experience
Methodology
Key findings
- Less than half (46%) of people know what internet cookies are.
- 40% of internet users blindly accept cookies when they get to a website.
- 76% know how to clear cookies and disable them.
- Gen Z is most likely to blindly accept internet cookies while baby boomers are two times more likely than any other generation to reject them.
- About a quarter (24%) of people (falsely) believe they’ll be redirected from, or kicked off, a website if they opt out of cookies.
Do Americans understand cookies?
Anyone who uses the internet on a regular basis has encountered cookies, whether through pop-ups asking for cookie permissions, or by clearing out their browser. But for how often we’re confronted with cookies, you’d think people would know what they are.
Less than half of people (46%) say they feel very or mostly confident that they understand what cookies are, with just one-fifth (21%) being very confident. While most people say they lack a strong knowledge of cookies, more than one in three (36%) claim they are at least somewhat confident they understand what cookies are and how they work.
Notably, when comparing responses across generations, 60% of millennials said they are mostly or very confident that they know what cookies are, versus just 45% each of Gen Z and Gen X.
You can manage cookies when you first access a website, but users also have the ability to change cookies settings after the fact from within their browser. This includes the ability to disable cookies or to clear them entirely. While many people don’t fully understand how cookies work, a little more than three-quarters of people said they do know how to clear and disable them.
How cookies work
Before getting more specific about what people think cookies do, it’s important to know what they actually do.
Cookies are pieces of information that are produced and stored by a web server when someone is browsing the internet. This can include data that users enter into a website such as passwords and usernames, or behaviors that the site collects, like the ads a user clicks on or items they view on e-commerce sites.
Some cookies help websites verify the authenticity of a user and prevent fraud, while others help the site function properly by doing things like remembering the user’s preferred language. Some cookies will even customize a user’s experience on a site, including the types of content and advertisements they see.
When you visit a site and allow it to use cookies, here’s what happens:
- The site sends information in the form of a “cookie” to your browser, which then stores the cookie in the browser folder of your hard drive.
- During future visits to the site, your browser then sends the cookie back to the website, complete with your identifying information.
- This allows the website to load with a personalized user experience based on the information contained within the cookie.
Cookies can store important personal information. And as with anything private, it is important for users to know how their cookies might be used by the companies who collect them.
So what exactly do people think cookies are used for? We presented a list of both real and fake ways that sites use cookies to see what people actually know.
The good news: About half of people correctly said that cookies are used to collect analytic data on site usage, personalize online ads, and store personal data.
On the other hand, less than one-third knew that cookies are also used to authenticate users and accounts. More than one-fifth of respondents (22%) said they think sites use cookies to sign users up for email lists involuntarily, and 13% said they have no idea at all what cookies do.
Respondents' overall responses here reveal some interesting insights into how well people understand cookies (or don’t). Just 11% of respondents were able to correctly identify all of the ways cookies are actually used, while 19% didn’t select a single correct one. Additionally, more than half of respondents, 53%, selected at least one of our fake answers.
How people interact with internet cookies
For many people, the only time they think about internet cookies is when a pop-up opens on a site asking if they want to accept or reject cookies. But how many people are actually taking the time to investigate how cookies are used? And how many blindly accept or reject cookies without digging any deeper?
Nearly 40% of people blindly click “Accept” anytime they are prompted regarding cookies, while around one-fifth of people (18%) do the opposite and uniformly reject cookies. That leaves 44% of the population that actually takes the time to investigate or customize how their cookies are used.
Baby boomers are the most cautious when it comes to accepting or rejecting cookies, as just a little under one-third of them (32%) automatically accept cookies. That’s the lowest of any generation. They are also the most likely to automatically reject cookies — 31% of boomers do. That rejection rate is more than double that of any other age group.
On the other hand, Gen Z is most likely to blindly accept cookies, as nearly half of people in that age group (47%) routinely accept all cookies when surfing the web.
What happens if you reject internet cookies
Since users have the option to reject cookies, what do people think happens if they choose to do so?
Despite how important they appear to be, cookies are mostly optional, and simply serve to try and improve and personalize the user experience on a given website. In most cases rejecting cookies mostly impacts future visits to a site, like having to re-input data, settings, or preferences on subsequent visits.
Around 40% of people correctly identified that rejecting cookies means they may not get the best user experience on a website. Around one-quarter of people said they think rejecting cookies means that sites cannot store and sell your information, and your personal data will not be saved.
In some rare cases, you may not be able to access the website in question without accepting at least some cookies.
To show just how little people understand how rejecting cookies works, only 2% of people were able to correctly identify every single real consequence of rejecting cookies.
Advice from our experts
Yu Cai, Ph.D.
Professor and Associate Chair, Applied Computing
Michigan Technological University
Although certain third-party internet cookies may improve one's browsing experience, why shouldn't people blindly accept them?
While certain third-party internet cookies may indeed improve your browsing experience by providing personalized content or remembering your preferences, it's essential not to blindly accept them for several reasons:
- Privacy concerns: Third-party cookies can track your online behavior across different websites, creating a detailed profile of your interests and activities. This information can be used for targeted advertising, or it can be shared with other parties without your consent, potentially invading your privacy.
- Security risks: Malicious actors can exploit cookies for various purposes, such as to impersonate the user, collect financial data, access user accounts, or steal sensitive information. Blindly accepting cookies from unknown or untrusted sources can expose you to these security risks.
- Legal and regulatory compliance: In some regions, there are regulations, like the General Data Protection Regulation (GDPR) in Europe, that require websites to inform users about their use of cookies and obtain explicit consent. Accepting cookies without careful consideration can potentially undermine the intended safeguards for your privacy and security.
To ensure a more privacy-conscious and secure browsing experience, it's a good practice to review and understand the cookie policies of websites you visit. Many browsers offer settings that allow you to manage and control cookies, including options to block or delete them selectively. This way, you can strike a balance between a better browsing experience and safeguarding your privacy and security online.
In which ways can you best evaluate when a website is storing necessary vs. unnecessary details about your personal identity?
Evaluating whether a website is storing necessary or unnecessary details about your personal identity may require a combination of experience, knowledge, vigilance, and informed decision-making. Here are some ways to assess the situation:
- Read the privacy policy: Start by reading the website's privacy policy. This document should outline what data the website collects, how it's used, and whether it's shared with third parties. Pay attention to any mentions of personally identifiable information (PII) and whether the website has a legitimate reason to collect and store it. Unfortunately, the majority of internet users tend to neglect reading privacy policies.
- Minimize account and profile information: If the website asks you to create an account or a profile, review the information you're asked to provide. Only fill in the fields that are necessary for the website's core functionality. Avoid giving out additional personal details unless there's a clear reason to do so. Be mindful of forms on the website (such as contact forms or surveys). Determine whether the information being requested is relevant to the purpose for which you're providing it. Avoid sharing sensitive or unnecessary details.
- Monitor communications and stay informed about data breaches: Be vigilant about emails, text messages, or phone calls you receive from the website, or as a result of your interactions with it. If you begin to receive unsolicited or irrelevant communications, it could suggest that your data is being utilized for purposes that extend beyond your initial consent, or that your data has been sold or disclosed to third parties. Stay informed about news and developments regarding data breaches of the websites that you have used. When a website undergoes a breach, it is their duty to inform their customers. Evaluate the potential impact on your personal information and, if necessary, take appropriate actions, such as updating your passwords or changing your credit card information.
- Take action if needed: Last but not least, if you have concerns about the data a website is collecting, storing, or sharing, consider reaching out to their customer support or privacy team for clarification and resolution. In more severe cases or significant concerns, you may escalate the matter to government agencies or pertinent authorities, such as the Federal Trade Commission (FTC), the Better Business Bureau (BBB), or even law enforcement agencies.
Why is it important to regularly clear your web browser's cache and internet cookies?
Regularly clearing your web browser's cache and internet cookies is important due to the privacy, safety, and regulatory reasons provided before. However, there are a couple of things to highlight.
First, while clearing your cookies and cache can enhance privacy and security, it may also log you out of websites and reset some preferences. Therefore, it's essential to weigh the benefits against the inconvenience, and to consider using browser settings that allow you to manage cookies and your cache more selectively. In this way, you can preserve data from trusted sites while clearing data from untrusted or unnecessary sources.
Second, regular internet users should prioritize addressing more pressing safety concerns. These include protecting against email phishing, improving password security, adopting multi-factor authentication, keeping computers up-to-date with patches, and installing antivirus software. Clearing caches and cookies may or may not be considered as one of the highest-priority actions for online safety and privacy.
Answers have been edited for clarity and brevity.
Michael Greenberg, Ph.D.
Assistant Professor, Department of Computer Science
Stevens Institute of Technology
Although certain third-party internet cookies may improve one's browsing experience, why shouldn't people blindly accept them?
My core recommendation is to browse the internet with JavaScript turned off, which prevents most data collection and advertising. Doing so breaks a lot of websites, though, so it's really only an option for experts.
After that, I recommend an ad blocker that doesn't take money from advertisers — namely, uBlock Origin.
In which ways can you best evaluate when a website is storing necessary vs. unnecessary details about your personal identity?
There is no real way to evaluate what a website stores or knows about you. Assume anything you send over the internet is stored permanently and is shared [with third parties].
Why is it important to regularly clear your web browser's cache and internet cookies?
Clearing your browser's cache and cookies will have little effect, as it's very easy to "fingerprint" a browser and determine who it is anew.
VPNs just add a new entity who gets to see all of your browsing. VPNs claim to offer security and privacy with no potential for verification from users.
Answers have been edited for clarity and brevity.
Tips for a safe web-browsing experience
- Be mindful of pop-up notifications. When should you accept cookies? Every website’s policy varies and it’s important to understand how your information could be used for advertising and retargeting.
- Enhance your privacy. Figure out how to clear computer cookies based on your preferred browser, and complete the necessary steps.
- Use an ad blocker to achieve a more secure browsing experience. Familiarize yourself with the best ad blockers and choose the features most necessary for your personal online safety.
Methodology
To collect the data for this survey, our team at All About Cookies surveyed 1,000 U.S. adults in September 2023 via Pollfish. All respondents were U.S. citizens over the age of 18, and remained anonymous.
- Remove ads & trackers on YouTube, Facebook, and most websites
- Hands-off ad-blocking experience
- Easy to set up
- Free version excludes top 15,000 websites