This document specifies a way to create a stateful session with HTTP requests and responses. It describes two new headers, Cookie and Set- Cookie, which carry state information between participating origin servers and user agents. The method described here differs from Netscape's Cookie proposal, but it can interoperate with HTTP/1.0 user agents that use Netscape's method. [STANDARDS-TRACK]| IETF Datatracker
Cookies can give businesses insight into their users’ online activity. Unforunately they are subject to both the GDPR and the ePrivacy Directive, making compliance difficult.| GDPR.eu
The HTTP Referer request header contains the absolute or partial address from which a resource has been requested. The Referer header allows a server to identify referring pages that people are visiting from or where requested resources are being used. This data can be used for analytics, logging, optimized caching, and more.| MDN Web Docs
Understanding The Web Security Model, Part II: Web Applications| educatedguesswork.org