Cookies are small data files that a website sends to a user’s computer. They’re used to store information about how users browse a website.
- use as few cookies as possible, and stop setting any cookies that are not needed anymore
- store the smallest amount of information that you need, for as short a time as necessary
- get users’ consent before you set any cookies that are not essential to providing the service
How to create a cookies page
There’s information on the GOV.UK Design System about:
- how to create a cookies page including which cookies you need consent for
- how to create a cookie banner
Where to apply cookies
Cookies must only apply to your originating domain name. For example, www.servicename.service.gov.uk not .gov.uk.
You should only send cookies with the Secure attribute and, when appropriate, the HttpOnly attribute. These flags provide additional assurances about how browsers should handle cookies.
You might find the guidance on choosing digital analytics tools useful.
Updated guidance on how and when to get users' consent to set cookies.
Guidance first published