ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Zombie Cookies: What They Are and How To Disable Them

Updated on July 1, 2016

Internet Privacy and Website Tracking

Internet privacy and how to protect it is a growing concern for many users. In the past, these worries were focused on what we share intentionally: our identities, our personal details, the opinions we post in public forums. In recent years, however, the focus of concern has shifted. Web analytics have become more sophisticated and, as a result, targeted advertising has become incredibly specific. Yesterday you emailed a friend to tell them about how much the kids love the new swimming pool, and today every ad on Facebook is trying to sell you inflatable rafts. What’s going on here? How did they KNOW? If you’re a little creeped out about these eerily specific ads you’re not alone. Privacy advocates are worried about pervasive website tracking too, and they have their eye on the main culprit: cookies!

Mutant Cookies From Beyond the Grave?

While the typical third-party tracking cookie is fairly easy to remove, there is a more persistent variety that is incredibly hard to find and remove, playfully termed the zombie cookie.
While the typical third-party tracking cookie is fairly easy to remove, there is a more persistent variety that is incredibly hard to find and remove, playfully termed the zombie cookie. | Source

Cookies: Delicious or Evil?

Cookies have been an essential part of how internet browsers work from the beginning. But what are they, and how do they work? Cookies go back to the early days of the World Wide Web. In 1994, developers at Netscape were trying to figure out how to make online shopping work. The website needed a way to “remember” who the customer was and what they wanted to buy. To do so, data would need to be stored temporarily. But where? Storing data for millions of shoppers on one server wasn’t a feasible solution, but storing one tiny file on each shopper’s computer would solve a lot of problems without burdening the user. Thus, the web cookie was born and went on to become an integral part of all web browsers.

So, cookies are just tiny text files that save basic data about an online session, such as shopping cart orders and users’ website preferences. Without cookies, the internet as we know it simply would not function. There is nothing good or evil (or yummy) about them; they are just tools. However, cookies have evolved to serve other purposes like online marketing. They have also been exploited to violate users’ privacy. Let’s explore some of the new “varieties” of cookies, what they are used for, and how to deal with the unwanted ones.

Percentages of Websites Using Various Subcategories of Cookies

Type of Cookie
Percentage of websites
Non-Secure Cookies
Session Cookies
Non-HttpOnly Cookies
Persistent Cookies
HttpOnly Cookies
Secure Cookies
Note: a website may use more than one subcategory of Cookies. Source:

First-Party vs Third-Party Cookies

First-party cookies are “set” by the website you are visiting. It’s as simple as it sounds: you go to, and sets a cookie. That cookie will be used for basic functions, such as remembering your preferences, or keeping track of how many times you’ve visited the page. Once you leave the webpage, the first-party cookie has nothing left to do.

Third-party cookies, however, are the ones you never asked for. They are set by a different domain from the one you are visiting. The source of these third-party cookies are often advertisements or widgets that the website displays on their page. These third-party domains can set a cookie just as easily as a first-party. Third-party cookies are used to track you across multiple websites and monitor your views, clicks, and anything else that might be relevant for marketing analysis. The third-party cookie can spy on you from ANY website that displays an ad or widget from the same domain that set it in the first place. This information is collected by the advertiser to construct a picture about who you are and what you like. This is then used to predict the types of things you buy.

How to Block and Remove Third-Party Cookies

If you don’t like the idea of advertisers looking over your shoulder while you browse the web, you’ll be relieved to know that managing third-party cookies is a straightforward process.

Blocking Third-Party Cookies:

  • Firefox: Tools > Options > Privacy. Uncheck "Accept third-party cookies.”
  • Google Chrome: Settings>Advanced Settings>Privacy>Content Settings. Check “Block third-party cookies and site data.”
  • Internet Explorer 11: Tools > Internet Options > Privacy > Advanced. Check “Override automatic cookie handling, and then choose “Block” under “Third-party Cookies.”

Removing Third-Party Cookies:
By far the easiest way to delete third-party cookies is to use a free piece of software called CCleaner. It is a well-known, reputable program with many other useful features tuning-up your PC. And best of all, it’s FREE!

Click here for CCleaner. Once you’ve installed the software, click “Cleaner” on the navigation bar and then check “Cookies” for each browser you use. Click “Analyze” and review the results. Then click “Run Cleaner”.

Mutant Cookies From Beyond the Grave?

While the typical third-party tracking cookie is fairly easy to remove, there is a more persistent variety that is incredibly hard to find and remove, playfully termed the “zombie cookie.” This tracking cookie takes advantage of vulnerabilities in Adobe® Flash® Player. In addition to setting typical small file-size cookies which are stored in your browser’s file directory, it also sets a “Flash cookie.” This Flash cookie is much bulkier and is stored in the Adobe Flash directory rather than your browser folder. These two kinds of cookies work together, making it harder to identify and delete.

They work like this:

The third-party sets two standard cookies, plus one Flash cookie. Every time you visit a third-party domain, the Flash cookie checks to make sure the standard cookies are present. If it doesn’t find them (i.e. if you have deleted the cookies), it recreates them! The outcome of this is a cookie that can’t be deleted; it keeps returning from “the dead,” again and again. The solution? Identify and delete the Flash cookie as well.

How to Destroy an Undead Cookie

To destroy this undead monster, we turn once again to CCleaner. This time, click Cleaner and select the Applications tab. Then check “Adobe Flash Player” under the Multimedia section. Click “Analyze” and “Run Cleaner” to remove the flash cookies.

You can also prevent Flash from setting these flash cookies in the first place. To do so, visit Adobe’s website.

The Global Storage Settings panel looks like an image at first, but it is interactive. Click on the second tab from the left. Then
1) Uncheck “Allow third-party Flash content…”
2) Move the slide-bar all the way to the left.

It is also worth noting that when browsing in Private or Incognito mode, any cookies set during your session will be automatically deleted when you close your browser.

Tech Glossary

  • Domain (name): The web location that your browser is pointing to.
  • Widget: Tiny apps embedded in a website that performs a simple function. Examples include Like, Subscribe, and social media Share buttons.
  • Cookie: A tiny text file stored in your browser that remembers information related to your current and/or past visits.
  • First-Party Cookie: A cookie set by the domain you are visiting.
  • Third-Party Cookie: A cookie set by a different domain from the one you’re visiting.
  • Zombie Cookie: A cookie that “comes back to life” after you’ve deleted it.
  • Flash Cookie: A much larger cookie that is stored in your Flash folder. Technically, it’s a Locally Stored Object (LSO).

© 2016 Aaron White


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)