Technology

Working with cookies and similar technologies

Cookies are small data files that a website sends to a user’s computer. They’re used to store information about how users browse a website.

This guidance is about how to use cookies, but you should also follow it when using any other technologies that store information on a user’s device, like HTML5 local storage.

How to use cookies

Keep use of cookies to a minimum, and be transparent about the ones you do use. You must:

  • use as few cookies as possible, and stop setting any cookies that are not needed anymore
  • store the smallest amount of information that you need, for as short a time as necessary
  • publish a cookie policy telling users about the cookies you’re using
  • get users’ consent before you set any cookies that are not essential to providing the service

How to create a cookies page

There’s information on the GOV.UK Design System about:

Where to apply cookies

Cookies must only apply to your originating domain name. For example, www.servicename.service.gov.uk not .gov.uk.

Do not use cookies on domains that host only static assets like images or JavaScript - they slow response times for users without providing any benefit.

You should only send cookies with the Secure attribute and, when appropriate, the HttpOnly attribute. These flags provide additional assurances about how browsers should handle cookies.

You might find the guidance on choosing digital analytics tools useful.

Last update:

Removed some information about publishing your cookie policy and getting consent, providing links to where these now live in the design system. Reviewed the content to make sure it is up to date.

  1. Updated guidance on how and when to get users' consent to set cookies.

  2. Guidance first published