Cookies: Acceptance vs CRO

Aimee Wilcox - UX Researcher @ Glue
Aimee Wilcox
  • UX Researcher
  • 24 min read
Cookie Optimisation

Increasing Marketing Potential

As technology and privacy concerns continue to evolve, understanding the laws governing the use of cookies becomes paramount for businesses. Furthermore, staying compliant not only ensures adherence to these regulations but also unlocks powerful marketing opportunities.

This report delves into the history of cookies, the different types of cookies, and a benchmarking study to shed light on the current cookie landscape, providing insights into industry practices and trends. By addressing these key aspects, we aim to equip you with the knowledge needed to navigate the complex world of web cookies both responsibly and legally, while also harnessing the marketing benefits that compliance offers.


Why They're Important

The potential that cookies unlock

Data collection is the key to marketing success, it builds understanding, improves customer experience, and distills trust into your brand. Cookie compliance is the gateway to unlocking this potential and enabling further avenues for marketing growth and product improvement.

Data from compliant cookies can be successfully used for...

By focusing on cookie compliance and its role in enabling these marketing possibilities, businesses can create more effective, data-driven, and customer-centric marketing strategies while maintaining legal and ethical standards for data privacy and protection.

Here we explore the crucial relationship between enhancing cookie consent and driving an increase in revenue and improved Return on Investment (ROI). Starting with an average user count, this infographic illustrates how a small boost in user acceptance can lead to a significantly larger audience for retargeting. When a portion of this audience is converted into paying customers and multiplied by the Customer Lifetime Value (CLV), it demonstrates the potential for a substantial uplift in additional, untapped revenue.

Figures are based on ASOS reported 26.4 million active users and an e-commerce brand average CLV of approx. £140.

How Glue Can Help

If you're eager to make your Cookie experience work not only for your user, but for your business, our Experiment Sprint framework can aid you to to achieve maximum success from your Cookie offering.


Across the Digital Landscape

Statistics and analysis from across the web - a worrying trend?

The current landscape of cookie banner use is marked by evolving standards and growing scrutiny. While the Information Commissioner's Office (ICO) has not explicitly mandated the inclusion of a "reject all" button in cookie banners, those failing to offer this option may face increased attention. The ICO's deputy commissioner has indicated a watchful eye on this matter, suggesting that the absence of a "reject all" option might impede individuals from freely giving or withholding consent, as it may not be clear that they have the choice to decline cookies.

The prevalence of cookie fatigue, where users express frustration with encountering numerous cookie pop-ups, has led to individuals unwittingly sharing more personal data than they might prefer. As the debate surrounding internet privacy and consent continues, the role of cookie banners in shaping user behaviour and protecting online privacy remains a subject of significant interest and concern particularly with the ICO.

To help you further unravel the array or tool options, we embarked on a journey, testing a total of 17 distinct tools to evaluate their performance. After extensive benchmarking and a meticulous exploration of various user scenarios, we've identified our top recommendations;


This service conducts thorough scans of your website, evaluating the cookies in use for compliance. It not only identifies cookies but also offers compliant cookie banners for website integration.

Visit Cookiebot


This platform prioritises privacy, offering insights and data analytics while also providing a customisable cookie banner solution. Users can tailor the banner to align with specific legislations like GDPR or CPRA.

Visit Onetrust


A Comparison Across the Sectors

Understanding the need of cookies

Cookies play a pivotal role in the functioning of the modern web, and their importance cannot be overstated. These small text files, stored on a user's device, facilitate a wide range of essential functions for websites and online services. Split into different categories of Cookies, they enable:

  • User Authentication: Cookies provide secure login capabilities, ensuring individuals can access their accounts and maintain session continuity.
  • Personalisation: Cookies store user preferences, enhancing the online experience by tailoring content and settings to individual preferences.
  • User Behaviour Analysis: Cookies play a vital role in tracking and analysing user behaviour, offering valuable insights for website owners to enhance content, design, and marketing strategies.
  • E-commerce Functionality: Cookies are essential in e-commerce, facilitating shopping cart functionality and preserving items for future visits, streamlining the online shopping experience.

However, their use must be balanced with privacy considerations and compliance with evolving regulations to maintain trust and transparency in the digital ecosystem.

Cookies are the backbone of a seamless and efficient online experience, benefiting both users and businesses alike.

In our benchmark study, we conducted a comprehensive analysis of 138 websites spanning 3 different sectors. To assess the benchmark status of these websites, we examined their cookie banners by visiting each site's homepage. We judged each website cookie banner against 15 categories. These can be found in Appendix 1.

We chose 46 websites from each of the following sectors: Financial Services, Hospitality, Retail and Wholesale.

A breakdown of our key findings;

Necessary cookies

  • Essential cookies: debugging, fraud prevention and security.
    • Websites do not need to gain permission for their use. However it is still important to inform users of their use, as per GDPR users should be aware of all ways their personal data is being collected, used and stored.
    • Out of the 113 websites that separate cookies into categories, 106 (94%) have essential cookies.
      32 Financial services 33 Hospitality 41 Retail and wholesale
  • Performance: used specifically for gathering data on how visitors use a website.
  • Functional: cookies that help enhance a website's performance and functionality.

Advertising cookies

One of the biggest concerns that users have is how their data is used for targeted advertising.

One study found that users thought the perceived risk was higher than the perceived benefit.

Suggesting that they are uncomfortable with their data being captured for use in advertising. However others report that they are more likely to purchase a product from a targeted ad. There are two types of advertising cookie;

  • Advertising: designed to collect device information for displaying targeted ads based on your interests.

    One of the biggest concerns that users have is how their data is used for targeted advertising.
  • Third party cookies: created and stored on the user's device by a website other than the one they're currently browsing.

Studies have found that cookie banners can trigger feelings of anger in users, as they are creating a barrier to gaining access to the content they are trying to view, this is becoming an increasing problem in the fast paced society. This means the longer the process to manage cookies the more frustration the user feels.

106 of the 132 (80%) analysed had a multistep cookie banner processes.

  • 29 financial services
  • 35 hospitality
  • 24 retail

In order to comply with legislation, websites often have a detailed cookie policy that contains specific details of the exact cookies used and their providers, as well as the length of time they store cookies. This is often too detailed to include on the cookie banner. Therefore it is best practice to signpost users to the full policy, to ensure they have all of the key details when making the decision to accept or deny the use of cookies.

The different types of cookies across the web

There are different types of cookies which websites use. We analysed 132 websites, of which, 113 (86%) categories their cookies. Looking deeper into those 113...

The Law

Legislations in the land of cookies

Understanding the legal landscape surrounding the use of cookies is essential for businesses operating in the digital realm. The laws governing cookies vary from country to country, and compliance is crucial to avoid potential fines and legal consequences.

EU and UK 🇬🇧 🇪🇺

In the European Union and the United Kingdom, the use of cookies is covered by two pieces of legal legislation, PECR (Privacy and Electronic Communications Regulations) and GDPR (General Data Protection Regulation). The primary aim of the legislation is to ensure that websites obtain consent from visitors before storing or retrieving any information on their computer, smartphone, or tablet.

PECR - businesses must;

  • Inform users about the presence of cookies: Website operators must clearly and simply inform visitors that cookies are in use, avoiding burying this information within a privacy policy.
  • Explain the purpose of cookies: Websites must provide a clear explanation of what cookies are and what they do. This transparency ensures that individuals understand what they are consenting to.
  • Obtain user consent: Consent should be obtained through a positive action, such as clicking an "accept" button. This process should occur the first time a user visits the website, and it's advisable to seek consent regularly, considering that individuals often share devices. Any changes to cookie usage require renewed consent.

GDPR - businesses must;

  • Emphasis on Transparency: Websites must have transparency regarding data processing, including cookie usage.
  • Data Protection: Websites must have robust data protection measures when dealing with personal information obtained via cookies.
  • User Rights: Websites must ensure that users' rights regarding their data are upheld, and businesses must respect these rights when utilising cookies for data processing.
  • Compliance Obligation: Businesses are obligated to comply with GDPR provisions when using cookies to process personal information, aligning with the regulation's principles.

Not following GDPR regulations can lead to serious financial ramifications, with fines up to €10 million or 2% of the entire global takings of the previous fiscal year.

United States 🇺🇸

In the United States, there are no federal laws specifically addressing the use of cookies. However, several states have implemented their own laws concerning cookies. Some notable examples include California, Virginia, Colorado, Utah, and Connecticut.

California's law applies to businesses meeting specific criteria, including: transacting the personal data of 100,000 California residents, generating annual revenue exceeding $25 million, and earning more than half their annual revenue through the sale of personal data of California residents.

  • Cookie Disclosure: Covered businesses must inform users about their cookie usage.
  • Opt-Out Option: Businesses under the law are required to provide users with the option to opt out of cookie tracking.
  • No Explicit Opt-In: Unlike some other regulations, California law does not mandate consumers to explicitly opt in for cookie tracking.

The Consumer Data Protection Act (CDPA) is a significant data protection law in Virginia, that applies to for-profit businesses that operate in Virginia and process personal data from at least 100,000 consumers yearly or process personal data from 25,000 consumers and earn over 50% of revenue from selling personal data. Non-compliance can lead to civil penalties of up to $7,500 per violation, including attorney fees.

CDPA grants individuals several rights to protect their personal data:

  • Right to Access: The right for individuals to request and receive a copy of their personal data held by an organisation.
  • Right to Opt-Out: The right for individuals to decline or opt out of the collection and use of their personal data, particularly for marketing or sales purposes.
  • Right to Correct: The right for individuals to rectify or update their inaccurate or incomplete personal data.
  • Right to Delete: The right for individuals to request the deletion or removal of their personal data from an organisation's records, also known as the "right to be forgotten".
  • Right to Data Portability: The right for individuals to obtain their personal data from one organisation and transfer it to another, typically for use with a different service or platform.

Navigating the complex landscape of cookie laws and regulations is critical for businesses operating in the digital space, as compliance not only ensures legal adherence but also fosters trust among users concerned about their online privacy.

Legislation surrounding cookies will continue to evolve as a reflection of society's commitment to safeguarding user privacy in the digital age. As technology advances and user expectations shift, policymakers will strive to create a robust legal framework that ensures responsible cookie usage, fosters transparency, and empowers individuals to have greater control over their online data.

Consumer Insights

How Users View Cookies

Understanding the perception of cookies

In the past, there was limited awareness of how cookies functioned and their purpose. The introduction of cookie banners has started to shed light on their role and educate users however, studies have revealed both positive and negative attitudes towards cookies.

  • A 2021 study found that 80% of participants were aware that cookies could track their internet activities, with higher awareness among younger users and those aged over 55.
  • While 65% of respondents expressed concerns about excessive cookie usage, an interesting 60% of consumers were willing to share more data for personalised benefits. However, these privacy concerns increased when users did not perceive clear benefits, as seen in the discomfort reported by 70% of consumers regarding tailored reporting.
  • Consumers are increasingly emphasising their desire for control over their data, with a significant 94% stressing the importance of managing the information they share with companies. Despite this heightened awareness and negative perceptions, the 2021 study found that only a third of internet users had adjusted their browser settings to limit cookie usage.

A look at social media reveals user frustration with the influx of banners and pop-ups that disrupt their browsing experience. In some cases, poorly designed cookie banners even hinder users from completing tasks on websites.

Striking the right balance between compliance and a seamless user experience is now a significant challenge for companies.

The statistics included in this report have been compiled using a combination of AI-generated data and our own independent research, providing a well-rounded basis for our analysis.

Section 6

From Challenge to Opportunity!

Unlocking the potential of cookies

In the dynamic digital landscape, businesses must proactively embrace the evolving perceptions of users towards cookies and cultivate their trust. Building user confidence is paramount, and this entails a commitment to adaptability and innovation.

The risks of not evaluating your Cookies can result in:

  • Privacy Concerns: Failing to offer clear information about cookies and obtain user consent can raise privacy concerns. Users may feel that their online behaviour is being tracked without their knowledge or consent.
  • Legal Non-Compliance: Non-compliance with data protection regulations, such as GDPR, can result in hefty fines and legal consequences for businesses. Inadequate cookie management can put companies at risk of legal actions and penalties.
  • User Frustration: Users may become frustrated if they cannot easily manage their cookie preferences or if they continually receive intrusive cookie pop-ups. This can lead to a poor user experience and potentially drive users away from the website.
  • Reduced Trust: Ineffective cookie practices can erode user trust in a brand. Users may question the transparency and credibility of a website or organisation that does not handle their data and cookies responsibly.
  • Inaccurate Analytics: Cookies play a crucial role in tracking user behaviour and providing valuable insights for website optimisation. Without effective cookie management, businesses may receive inaccurate data, hindering their ability to make informed decisions and improve their online offerings.
  • Ineffective Advertising: Poorly managed cookies can lead to irrelevant or poorly targeted ads being displayed to users. This can result in wasted advertising budgets and a negative user experience, as users are bombarded with ads that do not align with their interests or preferences.

No need to worry! We can assist you in redesigning and experimenting with a new cookie message solution.

If you're eager to make your Cookie experience work not only for your user, but for your business, our Experiment Sprint framework can aid you to to achieve maximum success from your Cookie offering.

  • User-Centric Design: CRO experimentation allows you to adopt a user-centric approach when refining your cookie offering. By conducting A/B tests and gathering user feedback, you can tailor your cookie message and consent options to align with user preferences and expectations.
  • Improved User Experience: Through iterative testing, you can optimise the presentation of your cookie message to make it less intrusive and more user-friendly. This can lead to a smoother and more positive user experience, reducing the chances of users leaving the site due to cookie-related frustrations.
  • Enhanced Compliance: CRO experimentation enables you to find the right balance between compliance with data protection regulations and user engagement. You can test different consent mechanisms to ensure they meet legal requirements while being clear and transparent to users.
  • Better Engagement and Consent Rates: Experimentation allows you to identify the wording, design, and placement of your cookie message that resonates most with your audience. This can lead to higher consent rates and increased user engagement with your site.
  • Optimised Data Collection: By refining your cookie offering through experimentation, you can collect more accurate and relevant user data. This data can be valuable for personalisation, analytics, and improving your overall digital marketing strategy, ultimately benefiting your business's success.
Exploring the Evolution of Cookies

Two Decades of Progress

Crumbs! A brief history of cookies, where it all began

The history of the cookies we use on the web today can be traced back to 1994 when Lou Montulli had the innovative idea of incorporating them into the Netscape browser. His objective was refreshingly straightforward: to keep track of whether someone had previously visited a website.

So you're browsing items, and you say: I like those shoes. You click on the button that says: I want to buy these things. And you expect it to go in the cart—and not just disappear.
Lou MontulliComputer programmer and 'Cookie' inventor

Before the advent of cookies, the web operated in a markedly different manner. Websites were essentially static pages with information. This was largely due to the way the web worked, known as HTTP (Hypertext Transfer Protocol), which was designed for delivering static content and lacked the capability to maintain user state. As a result, the internet of that era was primarily a platform for information retrieval and sharing. Activities like online shopping, personalised user experiences, and maintaining user accounts were not within the original capabilities of the internet.

However, the introduction of cookies marked a transformative moment in the evolution of the web. These small data files served as digital breadcrumbs, allowing websites to recognise and recall who you were and what you had done on their platforms. This breakthrough technology paved the way for the emergence of online stores, where items could be placed in virtual shopping carts, and for websites to remember your preferences and login credentials, delivering personalised digital experiences. This shift not only enabled the growth of e-commerce but also fundamentally altered the landscape of the internet, turning it into a dynamic, interactive space.

As fantastic as cookies can be at enabling personalised user experiences, there has been controversy around their use.

Cookies, while serving valuable functions, also have a dark side, as they can be misused for invasive tracking and privacy breaches. Striking the right balance between convenience and user protection remains a digital challenge.

They have also become a focal point in discussions about user privacy and data security. As a result, ongoing developments in cookie technology and regulations continue to shape the way we navigate the web. Legislations around the world were developed and are constantly evolving to ensure the Cookie is used positively around the world.

The future prospect of cookies across the web; a change of direction?

Some of the categories of cookies are seeing pivotal changes across the landscape. The era of third-party cookies being the cornerstone of data collection for example, is coming to an end.

Google’s plans to phase out cross-site tracking through third-party cookies in Chrome by the end of 2023, following the steps of other browsers. Apple's Safari browser who has already abandoned third-party cookies since 2017.

This shift has implications for analytics tools like Google Analytics and various platforms and tools heavily reliant on cookies, including Facebook Pixel and LinkedIn Insights tags are poised to face a transformative period in their operations. Advertisers and marketers must adapt to these changing landscapes, finding innovative ways to engage audiences and derive insights while respecting evolving privacy norms and regulations.

Excitingly, we are already seeing the emergence of new analytic tools such as Plausible who position themselves as a privacy-focused alternative to Google Analytics. It offers users the ability to monitor website performance without relying on cookies, ensuring that personal identifying information is not collected. While this approach limits some data granularity, such as unique monthly visitors, it strikes a balance between actionable data and user privacy.

The future of cookies holds promise and excitement, provided they are managed thoughtfully. Emerging global legislations and regulations are paving the way for businesses to create a positive and trustworthy user experience when navigating their cookie strategies.

What Next?

How Glue Can Help

Get in touch

Glue Experiment Sprints

If you're eager to make your cookie experience work not only for your user, but for your business, our Experiment Sprint framework can aid you to to achieve maximum success from your cookie offering.

To learn more, please request access to our Experiment Sprint Information Deck.

You'll discover the purpose, benefits and methods behind our Experiment Sprints and how they can drive CRO and ROI improvements.

A male and female colleague standing in front of a whiteboard that has post it notes and writing on regarding a CRO experiment.
How to choose the right usability tool
View Next Page