As users browse websites accessible via the Internet or the World Wide Web, (or simply the “Web”) they download content from web resources onto their computing devices. Typically, users download web content using an Internet protocol such as a HyperText Transfer Protocol (“HTTP”). Because Internet protocols such as HTTP are stateless protocols, each request and response message in the protocol is atomic. Because of the atomic nature of protocols, a web server cannot determine that two requests were made from the same client or are related in any way.
Cookies store state information that is transmitted between a client and a web server. A web server sends cookies to a client. Typically, the cookie information is included in the HTTP message that downloads resources from the web server to the client. Each cookie comprises a name-value pair and optional attributes. The value of a name-value pair stores the state information for a particular name. When a user subsequently requests a resource from a web server, the client sends another HTTP request to the web server. This HTTP request includes cookies and the state information associated with the cookies from previous requests. Based on the state information included in the cookie, a web server generates an HTTP response that includes resources specific to the client. The web server then transmits the HTTP response to the client.
Some cookies can be used to track the activities of a user as the user browses the Web. A user may not want to have his browsing activities tracked by cookies and thus does not want to store those cookies on his computing device. Conventional browsers provide a solution by allowing a user to manage cookies that are stored locally on a client. Typically, cookies may be identified by their attributes, such as a domain, a path, and/or a name. Based on these identifying attributes, conventional browsers allow a user to configure a set of rules that determine whether a domain has permission to store cookies on the computing device. For example, a user may configure a browser to reject cookies that are received from a website http://example.com, but accept cookies from a website such as http://example.net. In another example, a user may configure the browser to accept a cookie having a particular set of attributes from a website http://example.net but reject another cookie from the same website having a different set of attributes.
However, this approach often does not provide enough transparency to the user about the purpose for which a particular cookie is stored on a computing device. For example, the name of the name-value pair of a cookie may not be human-readable and/or may contain opaque strings of text. Because cookie information typically is not human-readable, users often cannot make an informed decision about which cookies they prefer to store or to block on their client devices.