What Are Cookies?

Cookies are small text files that websites store on a visitor's browser. They serve many purposes — keeping you logged in, remembering your preferences, tracking your behaviour across the web, and enabling targeted advertising. They're a fundamental part of how the modern web works, but they also raise significant privacy concerns which is why laws now require websites to be transparent about them.

Do You Need a Cookie Policy?

If your website uses any of the following, you need a cookie policy: Google Analytics, Google AdSense, Facebook Pixel, any login system, any shopping cart, affiliate tracking links, or embedded content from YouTube, Twitter, or other platforms. In other words, almost every website that does anything beyond showing static text needs one.

Under GDPR, you also need to get consent from EU visitors before placing non-essential cookies. This is why you see cookie consent banners on most professional websites.

Types of Cookies You Should Disclose

There are four main categories of cookies that your policy should address. Essential cookies are required for the website to function and don't need consent — things like session cookies that keep users logged in. Performance cookies collect anonymous data about how visitors use your site, like Google Analytics. Functionality cookies remember user preferences. And targeting or advertising cookies track visitors across websites to serve personalised ads — Google AdSense falls into this category.

What Your Cookie Policy Should Say

A good cookie policy explains what cookies your site uses, which category each cookie falls into, who sets each cookie (you or a third party), how long each cookie lasts, and how visitors can control or delete cookies. It should also link to the privacy policies of any third-party services whose cookies you use, such as Google's privacy policy for Analytics and AdSense.

Google AdSense and Cookies

If you run Google AdSense on your website, this is particularly important. AdSense uses the DoubleClick cookie to serve personalised ads based on a user's browsing history. Your cookie policy must disclose this, and you should direct users to Google's Ads Settings page where they can opt out of personalised advertising. Failing to disclose AdSense cookies is one of the reasons websites get rejected during the AdSense review process.

How to Add a Cookie Consent Banner

For GDPR compliance, you need a cookie banner that appears the first time someone visits your site and asks for their consent before placing non-essential cookies. Free tools like CookieYes and Cookiebot offer free tiers that handle this automatically. You simply add a small script to your website and they take care of the rest.

Keeping It Simple

Your cookie policy doesn't need to be pages long. A clear, straightforward explanation of what cookies you use and why is far more valuable to your visitors than dense legal jargon. PolicyCraft includes cookie disclosures in your privacy policy automatically when you check the relevant options during generation.