Technically, super cookies are not cookies. At least not the HTTP cookies most of us are familiar with which are placed in our browsers by websites in order to store and access information about us. The HTTP cookies we’re familiar with provide full visibility and transparency, they can be edited by the user, and of course, deleted.
Super cookies, on the other hand, are not as user-friendly. While they have inherited their name from serving the same overarching purpose of 3rd parties (collecting information about your browsing behavior and patterns) they are not powered by the same technology. In fact, super cookies are not stored in your browser and are nearly impossible to detect. Super cookies are ordinarily used by ISPs and Telecom companies to detect HTTP traffic across devices using their services. Once HTTP activity is detected, these companies will insert an extra HTTP header into the data packets sent from the user’s device to the service which it is connected to. The HTTP header is added after the data has left a user’s device, and therefore its existence and contained data can be transmitted without the user’s knowledge.
The super cookie can contain a very large scope of data (up to 100 KB) concerning a user’s personal internet browsing. In fact, the super cookie can include data obtained from the user’s traditional HTTP cookies, including sensitive information like passwords, cached images, and more.
Once a super cookie has been added to a user’s internet browsing session by their ISP or cellular carrier, there isn’t much a user can do about it. The only effective way to protect oneself from said super cookies is by vigilantly browsing over HTTPS connections or by using a VPN (virtual private network).