TechnologyWe hear a lot about computer 'cookies', but do we know how...

We hear a lot about computer ‘cookies’, but do we know how they work?

Cookies allow companies to send personalized advertising.Alvaro Garcia

We have all heard of the cookies computer science. Some even know that they are very important in facilitating user navigation, allowing faster loading of pages, and in personalized digital advertising. But do we know how they work?

When one connects to a web page, the user’s browser sends a request to a remote computer, called server, which sends you the reply back. Thus, use our telephone to read the entries of Chronicles of the Intangible supposes that the browser of our mobile starts a communication with the server of If all goes well, will respond by saying OK, here is the page you requested. The browser, then, receives a certain amount of information separated into two parts: on the one hand, the body of the response, which carries the data that is part of the content that will be shown to the user; on the other, a section with headers of the response, which contains non-visual data (aspects that the reader does not see reflected in the page, but that are important for the machines). Some of them are essential for successful communication.

More information

When requesting a server to read a web page, the body of the request is text in a format called HTML. The text in HTML includes the text that you want to display and, in addition, it has formatting marks, which tell the browser: “This text is in bold, this other in italics, here you have to place an image.”

But, so that the browser knows that what is being delivered is HTML and can draw it as such, with its italics and bold, the server sends the browser, in the headers section, information about the type of content that is being delivered to it. is sending: “Hey, watch out, what I’m sending you in the body is HTML text.”

Sometimes, along with bold, italic and many other formatting marks, the browser is told that an image or even a small program goes in a certain place that the browser can interpret and execute and with which we can solve the problem. Mambrino’s crossword (in memoriam) that has recently been published on the website of this newspaper. The image can be embedded in the HTML text itself; but, in others, the image is not sent directly, but the server sends the browser an Internet address from which the browser must request the image that goes on that site. This Internet address may be on the same server as in the original request (, in our example) or it may be in another.

In any case, the browser sends a new request to the server that has been indicated to download the image: the server will send it in the body of the response and, in the header section, the server tells the browser that the information that travels in the body is an image in JPG, PNG, a video, an audio or a program. In this way, with that information not visual that is included in the headers, the browser knows how to handle the information that is coming to it, drawing or writing it appropriately, or executing some instruction that tells me that I have correctly completed the crossword.

Thus, loading a single page like actually means that our browser sends many, many requests to the server: one for the text, one for each image we find, another for each video, another for each ad, and so on.

In addition to the type of content, in the header section that contains the responses to the requests, the server can place additional information, for example, one or more cookies, the known ones computer cookies with the information that the server decides. The illustration above shows some of the cookies what has left me when I have connected to your home page. Each one has, among other properties, a name (yam), a value (value) and an expiration date (Max-Age). The capacity of the cookies to monitor our activity on the network resides in that, every time I return to, my browser will send you all cookies that himself left me earlier. For example, the last cookie that appears in the figure is called _chartbeat2, its value begins with .1626 and it expires on August 1, 2022. If tomorrow, as usual, I return to the main page or visit any other page on the same server, my browser will send the server the name and value of this cookie, which will allow the server to know that I am the same person who was here yesterday.

Notice the reader on the left side of the figure that many other servers have also left me cookies: all of them come from the same data request to And it is that, when our browser is interpreting and showing the response it receives, sends other requests to other servers to download, we said before, images, videos or advertisements.

Thus, the request to read the main page of this newspaper has at some point sent a request to the second server that appears on the left side of the figure, identified as This server has left us two cookies: DSID (whose value is NO_DATA) and SDI (with value AHWq …).

If, afterwards, I visit a competitor’s newspaper, I will be initiating a communication with their server to retrieve their home page. The processing of the response is similar: multiple requests to various servers to retrieve text, photos, videos, advertisements … And, if any of these multiple requests is sent to, the value of cookies that this server left me when visiting THE COUNTRY will travel to this advertising server again, so and so that You will know that even though you are now reading the ABC, I just came from reading THE COUNTRY.

Perhaps the fact that these systems know this information is not too important, since it reveals about us the same thing that the bartender at the bar where we have breakfast knows about us, that he knows our schedules and sees every day how we are getting, from above the bar, the local or national newspaper and you know if we stop at the Opinion, Society or Sports section.

The threat to our privacy appears when these browsing data are related to other personal data: if I fill out a form with my name, email, my address, You will know that the one who reads those newspapers is Macario, that he is not interested in sports because he hardly visits those pages, but that, nevertheless, he answers correctly SALT to the three horizontal letters of The egg asks for it. You will also know, and not only because of the data on the form, but also because of the possibility of geolocating an IP with some precision, that I usually find myself in Ciudad Real. But also, if on any page you connect to (and there are many) I inadvertently accept permission to share my location, you will know exactly the coordinates of my home and my work.

Accepting cookies without reading their policy or personalizing them exposes us to being known and classified by these external systems, as we produce a huge amount of information when browsing, with which we are placed in certain groups of Internet users.

What if there were no cookies? Little programs such as hobbies, which our browser downloads and executes, can also access a lot of information from our computer, which can be sent to the server without our knowledge. In addition to the brand and version of the browser, our language, our IP, the resolution of our screen can travel, the font we use on our computer, the sessions we have open on social networks … The values ​​of these and other parameters make up our fingerprint, which allows us to identify ourselves with very high precision.

There is also the possibility of going to the bar in disguise, with a raincoat and hat and a mustache and glasses hairpiece. When we arrive, the waiter will give us El País and ask us if we want the usual.

Macario Polo Usaola He is a professor at the University of Castilla-La Mancha.

Chronicles of the Intangible is a space for the dissemination of computer science, coordinated by the academic society SISTEDES (Society for Software Engineering and Software Development Technologies). The intangible is the non-material part of computer systems (that is, software), and here its history and its evolution are related. The authors are professors at Spanish universities, coordinated by Ricardo Peña Marí (professor at the Complutense University of Madrid) and Macario Polo Usaola (professor at the University of Castilla-La Mancha).

To consult the chronicles of other years, Click here.

You can follow EL PAÍS TECNOLOGÍA at Facebook Y Twitter or sign up here to receive our weekly newsletter.