Cookies are small text files collected by websites from a user's browser. When a website uses them, it allows users to perform certain functions on the site more easily and efficiently. If you have your own website that uses cookies, it's essential (and, in certain countries, the law) to create a detailed cookie policy. A cookie policy allows users to understand what information is being received, who is using it, and how it's being used. This is particularly important to allay the fears or misconceptions many internet users have about cookies and online security.

Sample: wikiHow's Cookie Policy

Part 1
Part 1 of 3:

Preparing Your Cookie Policy

  1. 1
    Learn what cookies your website uses. Make sure you know exactly what types of cookies your website uses and what they are used for. This is essential to truthfully and accurately explain cookies in your policy, as every website is different.
    • Consult with your web developer about the type of cookies used by your site and what they are for, as they will be most familiar with and specific about the site's functions.
    • Communicate with or read the cookie policies of other third party services which may collect cookies on your site. This could include any service you use for search engine optimization, conversion optimization, other web analytics, or advertisers.
  2. 2
    Keep your policy short and readable. Make your cookie policy as brief as possible while still providing a comprehensive explanation. Try to keep your policy down to one page, sticking to the basic facts regarding your use of cookies.
    • Unlike other documents that may exist on your site strictly for legal purposes, and may consist of several pages of jargon, a cookie policy most importantly informs and assures the public. Because of this, you want to keep the policy as readable and approachable as possible.
    • Avoid using complicated web developer terms or vague reasoning when describing how you use cookies. Stick to the concrete benefits or processes in layman's terms when you write your policy.
    Advertisement
  3. 3
    Try using a cookie policy template or generator. Model your cookie policy off of one from another website, or a template or generator designed for this purpose. Just make sure you include accurate information specific to your website.
    • Note that many websites that provide templates or generators are not provided by lawyers and you should not assume that the generated policy assures your compliance with any laws in your country. Consult with a lawyer regarding your policy and any applicable browser cookie laws.
    • Use a template by simply filling in the specific details of your website and cookie usage in a document that has the rest of the text already generated. Make sure you provide proper attribution to the template's author if they require you to do so.
  4. 4
    Check the laws. If you're operating out of the UK, there are laws regarding cookies. In the United States, restrictions are more lax, but you may still have to follow UK policy in the United States under certain conditions.[1]
    • EU law states that you have to ask users permission before using cookies. Essentially, you should provide a popup that says something like, "This websites wants to use cookies." Users can select "no," and opt out of having their data tracked.
    • For the most part, this only applies to EU countries. However, all mobile apps must abide by this law as well. If you're in the United States and your company has a presence in the EU, you must follow this rule.
  5. Advertisement
Part 2
Part 2 of 3:

Including Necessary Content

  1. 1
    Include an explanation of what cookies are. Explain in your cookie policy that cookies are small, basic data files of encrypted text. State simply and clearly how basic information is gathered from a user's computer or mobile device through the following types of cookies.
    • First Party Cookies: Set and collected by the website itself, and only used by the site when a user is visiting it.
    • Third Party Cookies: Set and collected by other entities besides the website, such as advertisers or services used by the website for things like web analytics or social media sharing.
    • Session Cookies: Only stored in a browser's memory until it is closed down. Used for many essential site functions, such as quickly loading a page.
    • Persistent Cookies: Set up with a specific expiration date, so they will survive in your browser's memory for a certain period of time before deletion. Used to keep you logged in, track web analytics, etc.
    • Secure or HTTP only Cookies: Secure cookies are only transmitted over “https” pages to keep data encrypted and secure. Only cookies prevent any client scripts on the page from accessing the cookie, preventing malicious cross-site-scripting (XSS) attacks.[2]
  2. 2
    Mention user privacy and security. Address the concerns of many internet users about the ability of cookies to track or gain personal information from them. State the facts and then provide a contact email or phone number that concerned individuals can use to reach you for more information.
    • It's often useful to explain what cookies are not. You can assure readers that cookies are not viruses, they are plain-text files that cannot be self-executed or self-replicated, so they cannot be harmful on their own.[3]
    • Go into greater detail, if you wish, by explaining that a cookie includes only the name of the server the cookie was sent from, the lifetime of the cookie, and a random number value. The website uses this number to recognize a user when they return to a site or browse from page to page. The cookie alone cannot be used to identify the user.[4]
  3. 3
    Explain what your website uses them for. Describe specifically the types of cookies your website uses and why you use them. Be honest about your reasoning why cookies benefit both the user and yourself.
    • Many of the ways that cookies are used are for essential site functions, such as loading pages properly, adding products to a cart and checking out, and inputting secure information (on a bank's website, for example). You can inform the public of these things in your policy, but they are considered so essential that they can be exempt from consent under EU cookie law.[5]
    • For example: “Our website uses cookies to help provide personalized ads, analyze our traffic, and provide you with a variety of social media features. This information may be shared with our advertisers and analytics department, where it may be combined with other information you've given to our website. This helps us make the site more personal for you, and allows our team to track website traffic.”[6]
  4. 4
    Describe how a user can delete or control them. Provide instructions to the best of your ability for users who wish to disable or block cookies that your website requests from them. Be sure to explain that doing so may prevent regular use or access to certain features on the site.
    • Explain that any user can go to the “Settings” in his or her browser to find control features to accept or reject some or all cookies requested from websites. This is also where a user can delete cookies already stored in the browser's memory. In your policy, link to a page with further instructions specific to each type of browser.[7]
    • You can also encourage cautious users to update their internet browser, install anti-spyware software, and access websites from a secure internet network in order to be more protected from security threats and those that attempt to use cookies for malicious intent.[8]
  5. Advertisement
Part 3
Part 3 of 3:

Displaying the Policy on Your Website

  1. 1
    Make your policy visible. Keep the link to your cookie policy page in a place where it can be easily found on your website. Make sure a user can view the policy from any page of the site.
    • Placing a link to the policy in the footer of your website is a common way to make sure it can be found and viewed easily. You can also consider placing a short statement about cookies in a banner that appears at the top of your page for new visitors, especially if you want or need to ask for user consent to use them.
    • Don't bury your cookie policy by making it part of your privacy policy, terms and conditions, or other longer, fine-print documents. Make the policy easy to find and read, which will make users more trusting of your site and will allow you to comply with EU cookie law, if applicable.[9]
  2. 2
    Allow users to “accept” cookies. Make user consent of cookie usage necessary before they browse the site, if you wish or if required by law. Provide a clear explanation of the way you use cookies, as well as a way for the user to consent and opt in to allowing that usage.
    • The ePrivacy Directive, or “cookie law” used by the UK and countries in the EU is a law that requires user consent of cookies. It also requires a clear explanation of how and why your website uses cookies.
    • Note that consent can be implied rather than an explicit “opt-in” on your website, but to make sure you comply, it's advised to require users to take some positive action in order to consent, such as pressing a button, ticking a box, or clicking a link.[10]
  3. 3
    Implement a banner or pop-up for consent. Make consent for cookie usage be an easy and obvious action step when new users visit your website. Include a short amount of text about why you use cookies, a link to a longer cookie policy, and something for users to click to acknowledge their consent.
    • Try a banner that appears at the top of the website for new users, which is the most common way to allow users to be informed and give consent for cookie usage. Ironically, you will want to use persistent cookies on your website to ensure that once a user has given consent, the banner won't continue to show up every time they view the site.
    • Some website's design templates, like WordPress, may offer a widget or provided code to add to your website to make cookie consent and compliance with the law easier.[11]
  4. Advertisement

About This Article

wikiHow Staff
Co-authored by:
wikiHow Staff Writer
This article was co-authored by wikiHow Staff. Our trained team of editors and researchers validate articles for accuracy and comprehensiveness. wikiHow's Content Management Team carefully monitors the work from our editorial staff to ensure that each article is backed by trusted research and meets our high quality standards. This article has been viewed 61,060 times.
How helpful is this?
Co-authors: 19
Updated: March 20, 2023
Views: 61,060
Advertisement