Your IP:Unknown

·

Your Status: Unknown

Skip to main content


Super cookies explained: What they are and how to protect your privacy

What makes a super cookie super? Are they more delicious than regular cookies? Not for internet users who cherish their privacy. Discover what super cookies are, what they mean for your privacy, and how to block them.

Dec 2, 2023

6 min read

Super cookies

What are cookies?

Cookie definition

An HTTP cookie is a small piece of code left in your web browser by a website you visited. The cookie places information on your device so the website can later identify you as a returning user.

Internet cookies are not necessarily bad because they can improve your online experience. A cookie contains a small text file that has information about you. This information could be the last time you visited the website, your login details, or what you left in your digital shopping cart. The next time you visit the same website from which the cookie was generated, that website will immediately be able to use the information you previously provided.

However, cookies can also be used to learn your interests and target you for advertising purposes. You may not like them collecting information about you if you want to keep your online activity to yourself. It’s important to note that due to the GDPR and many US state and federal laws, most websites must notify you that they use cookies. They need your consent to do so. It’s your choice whether you choose to use them or not.

Some cookies can crawl and track you as you visit websites, identifying your behavior patterns. So what do super cookies do?

What are super cookies?

Super cookie definition

Super cookies are cookies stored on a user’s computer indefinitely. They store information like a user’s browsing history, login details, or ad targeting information. However, they are not technically traditional cookies because they are collected in a different part of the hard drive than browser cookies.

Read more

Super cookies can be found in several forms, each with its own unique purpose. They can infiltrate networks and function as unique identifier headers (UIDHs). UIDHs serve as identifiers that set apart your network connection from another user’s. Websites can secretly track user behavior using these IDs. What’s more, super cookies are more challenging for users to recognize and eliminate than regular cookies.

Because super cookies are more persistent than regular cookies, you must understand them. Knowledge of super cookies can help you mitigate the potential security risks and protect your personal info. Let’s go through different types of super cookies:

  • HTTP cookies. Browsers use HTTP cookies to store user preferences, login status, and session information. While HTTP cookies are not “super,” they can be used in advanced tracking mechanisms when combined with other cookies.
  • Flash cookies. Flash cookies are small data files that Adobe Flash Player uses to monitor users’ online activity. They have a large storage capacity and work by customizing user experience. Flash cookies keep track of sensitive information and browsing history. So hackers may exploit the data records in flash cookies to carry out data breaches.
  • Zombie cookies. Zombie cookies, also known as persistent cookies or evercookies, are a type of HTTP cookie that can recreate itself after deletion.
  • HSTS super cookies. HSTS super cookies are designed to protect websites against man-in-the-middle attacks. However, they might store browser flags that hackers can use to identify you and be difficult to remove.

How do super cookies work?

Super cookies usually don’t use local storage like regular cookies do. Instead, they are injected at the network level as unique identifier headers (UIDH) by your internet service provider (ISP). You may not know about their existence because the ISP may use them secretly. They can independently identify tracking headers and use the data to serve targeted web ads.

Some super cookies can restore the data from your deleted cookies and link the data with new ones. They can access your login credentials, image and file caches, and plug-in data. The worst part is that ad blockers can’t block them, and you can’t clear them by deleting your browser history and cache data. However, you can refuse them if your ISP allows you to and prevents third parties from monitoring your online activity.

Are super cookies a threat to your privacy?

ISPs can inject super cookies to improve advertising revenue and share your data with other companies. Internet users have no control over this threat to their privacy. Super cookies could lead to the leaking of private data, government surveillance, and exploits by cybercriminals. Some of the main threats that come with super cookies include:

  • Profiling. Super cookies collect data about users’ online activity, preferences, and behavior, potentially disclosing shopping habits, political affiliations, or health-related data. It may allow advertisers to create detailed user profiles without their knowledge and target users with ads.
  • Cross-site tracking. Super cookies can track users’ online activity across multiple websites. Cross-site tracking allows advertisers to monitor users’ browsing more broadly.
  • Invasive advertising. Advertisers use data collected by super cookies to deliver personalized and intrusive ads, which can violate privacy and even be manipulative.
  • Security risks. Super cookies that contain personal information may become a target to hackers. Hackers can create a user’s profile based on the data stored by super cookies. The persistent nature of super cookies can also be a security risk, bypassing user consent.

Steps to protect your online privacy

Super cookies are mysterious yet powerful creatures – detecting and deleting them is nearly impossible. The traditional cookie clean-up won’t make them go away, nor will setting “Do not track: in your browser or browsing in private mode. However, you can take some countermeasures to protect your personal information:

  • Use a reliable browser. Use a reliable browser that prioritizes privacy and offers advanced protection against trackers. Trustworthy browsers have built-in privacy solutions that help manage super cookies tracking.
  • Clear your cookies. Delete third party cookies from your browser to mitigate potential super cookie damage. Although it may not eliminate all super cookies, it is a good cyber hygiene practice for managing regular cookies.
  • Use privacy extensions. Most reliable browsers provide security extensions to limit tracking cookies.
  • Disable Flash Player. Flash cookies play an essential role in monitoring users’ online behavior. So disabling Adobe Flash Player can prevent Flash cookies from accessing your device.
  • Use a VPN. Choose a reliable VPN to encrypt your IP address and browsing traffic. It will make it harder for super cookies to track you across different sites. A VPN will not directly protect you from cookies but will add an extra layer of security to your online activity.
  • Keep your browser up to date. Update your browser regularly to get the best of the latest security patches and enhancements.

Like what you’re reading?

Get the latest stories and announcements from NordVPN

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We won’t spam and you will always have the choice to unsubscribe

Also available in: Français, Nederlands.


author aurelija e 1 png

Aurelija Einorytė

Always attentive to technology's latest advancements, Aurelija Einorytė develops content to improve the safety of readers' internet experience. She believes everyone has the right to know the ins and outs of cybersecurity and seeks to explain them in an accessible, understandable way.