Skip to main content

Cookie categories explained

Cookies are sorted into categories so you can ask visitors for the right kind of permission. This page explains each category, gives examples, and offers a few rules of thumb.

Why categories matter

Most privacy laws expect visitors to make granular choices: accept analytics but reject marketing, or accept everything except cross-site tracking. Categories make that possible.

A clean category structure also makes your audit story easier to tell.

The four categories One Privacy uses

Necessary

These are the cookies your website cannot work without. Common examples:

A session cookie that keeps the visitor logged in.

A cart cookie that remembers what's in the visitor's basket.

A security token that prevents cross-site request forgery.

A load balancer cookie that routes the visitor to the same server.

Necessary cookies are always on. Visitors can't switch them off, and you don't need to ask permission for them.

Functional

These cookies remember the visitor's preferences. Examples:

A language preference (English vs French).

A region preference.

A "remember my choice" toggle from your own site.

A small UI state, like which sidebar tabs were open.

Functional cookies usually require consent, but the bar is lower than for advertising.

Performance

These cookies measure how visitors use your website. Examples:

Google Analytics.

Hotjar, Mixpanel, Amplitude.

Server-side analytics that read a visitor identifier.

A/B testing tools that measure variant performance.

Performance cookies require consent under most laws.

Targeting

These are the cookies advertisers and marketers use to track visitors and personalize content. Examples:

Google Ads conversion tracking.

Facebook Pixel.

LinkedIn Insight Tag.

Retargeting tags that follow visitors across websites.

DoubleClick, Criteo, The Trade Desk.

Targeting cookies always require explicit consent. They're the highest-bar category.

A handy decision tree

Ask these questions in order:

Does the website break without it? If yes, Necessary.

Does it remember a visitor's choice or preference? If yes, Functional.

Does it measure usage, traffic, or analytics? If yes, Performance.

Does it track the visitor for advertising or across websites? If yes, Targeting.

If a cookie does several things, pick the strictest category that applies.

Where you assign categories

In One Privacy, every cookie in your inventory has a category. Open Inventory in the left sidebar, find the cookie, and edit its category. See Categorizing cookies.

You can also bulk-update categories for many cookies at once after a fresh scan.

What visitors see on the banner

The Cookie Settings popup groups cookies by their category, with a short description and a toggle. Visitors can accept some categories and reject others. See Cookie settings popup.

What's next

Categorizing cookies.

Cookie inventory overview.

GDPR guide.

CCPA / CPRA guide.