A supercookie is a type of tracking cookie inserted into an HTTP header by an internet service provider (ISP) to collect data about a user's internet browsing history and habits. Also known as a Unique Identifier Header, a supercookie isn't technically an HTTP cookie, but rather information injected into packets sent from a user's device and the service it connects to. When the internet service provider (ISP) detects a user's HTTP traffic it inserts an extra HTTP header into the packets after they leave the user's computer.
Supercookies can be used to collect a wide array of data on users' personal internet browsing habits including the websites users visit and the time they visit them. It does not matter which browser is being used or if users switch browsers. Supercookies can also access information collected by traditional tracking cookies -- including login information, cached images and files and plug-in data -- and store that information even after the traditional cookie has been deleted. Each supercookie can get as large as 100 KB.
In 2014, Verizon Wireless added supercookies to all of its mobile users as part of its advertising programs, a move that was strongly opposed by privacy advocates such as the Electronic Frontier Foundation. Unlike traditional tracking cookies, there is no easy way for a user to know a supercookie was added during their Internet browsing session. A supercookie cannot be removed by deleting the cache of the web browser like a traditional cookie because of the extra header inserted into the packets after they leave the user's computer or mobile device. Ad blocking software is also ineffectual against supercookies, which can leak sensitive user information and be used by third parties, such as advertising companies, to track individuals across multiple websites. The only ways users can protect themselves from supercookie tracking is to use an encrypted connection over HTTPS or use a virtual private network (VPN).