'We use cookies' notification on Paypal payment window

Have received this notification (as per image) when purchasing from three different sites and have ignored it each time, but I find it quite concerning and am wondering if this is the new normal or something shonky.
I wrote to Paypal and got a standard ‘thank you for reporting a suspicious site…’ response, which indicated to me that they hadn’t gone beyond the subject line, so I wrote back with this image attached and got a ‘thank you for reporting a suspicious email’ response (!?).
Have you encountered this ‘we use cookies’ message when paying with PayPal?


I get this often too. It seems to me to be the new normal. In the past web sites did not tell you they were using cookies, but now many do. Sometimes the web application will proceed if you deny cookie use, sometimes it won’t. You can try anonymous mode that most browsers have these days that delete all cookies after you leave. I don’t think there is any malicious intent with cookies in this case. Just make sure the site is using HTTPS with a valid security certificate.


I posted this under another topic 3 days ago but have received no responses so far.

It is still occuring.

Any advice?

1 Like

Thank you Fred and Greg, I agree that the ‘we use cookies’ advice pops up regularly, but when it pops up on a secure link when I’m about to make a payment it makes me nervous… thank you for your thoughts on this - I appreciate your replies

1 Like

That is for the Choice website admins to answer. Public key security certificates used in the TLS protocol that is used for secure HTTP are more closely scrutinized these days. For instance signed certs are only valid for 2 years now; used to be much longer than that. Also common names and CN extensions can be checked in more detail.

1 Like

Me too. The “we will also use cookies to personalize ads” bit makes me want to exit right there and cease doing business with the company. Except it is probably just a template thing.


Ah - thank you, Gregr - online shopping is a scary place but oh so convenient lol

1 Like

With the passing of the EU Cookie Law (Directive 2009/136/EC), the European Parliament mandated that all countries within the EU must set up laws requiring websites to obtain informed consent before they can store or retrieve information on a visitor’s computer or web-enabled device.

As many businesses can have visitor from the EU or operations in the EU, cookie consent has become more an international norm (even our own business website hosted in Australia comes up with cookie consent by the website hosted).

It isn’t an issue.

Cookie contents appear when first visiting a website or the browser is set to delete cookies after leaving a website …


Thank you phb - for me the issue wasn’t the one of cookies, per se, but of a clickable item - ‘accept cookies’ - appearing in a payment window that has my details, including partial bank details, on it. As far as I know ‘accept cookies’, in this case, could be a non-PayPal malicious phishing link - that worried me…

This PC World link is nearly 6 years old: given the rapid changes in computing technology, is the article’s advice still pertinent? Or is there something newer? I’m assuming tracking via cookies is still a very valuable tool for amassing data…

Yes, the Cookie Law in the EU still applies and has triggered rollout of consent broader than just the EU.

Australia and many other countries currently do not require cookie consent…but many Australian websites have the popups (like our own) to gain user consent when accessing the website. Some websites won’t function without consent given by the user.

Paypal encripts payment information so the browser cookie from EPharmacy won’t be recording any of the payment details. It will however be collecting data from what you see and click-on when within the site (and potentially when using the browser for other websites - like Facebook does).

To overcome broader cookie tracking (tracking when not wanted), either open the website in an incognito window or set up your browser to delete cookies when it is closed down. Also change browser setting to block third party cookies. There are also browser extensions which perform similar functions as well and allow better management of cookies.

If one is concerned about cookies tracking IP addresses, then a VPN can also be used along with the above measures.

Deleting cookies on exit may not be fully successful as I have noticed that Facebook cookie remains after exit and restart. As a result, we use an incognito window when using Facebook or other data tracking websites.

This website explains the different type of cookies…


Great info phb but was the cookie notification from epharmacy? I purchased from three different sites and got the same notification in the paypal window each time - which isn’t a site you can browse in. That is the worrying bit for me - it makes no sense to have a ‘we use cookies’ notification in the pay window, unless it is at this point where paypal collects data on where you’ve shopped - but then they don’t need cookies to know that?

1 Like

I said a while back that this is probably a template thing. They are using a generic payment script or applet.

1 Like

Can you remember what the URL was in the browser at the time…this will give and indication to the source if the cookie?

It could possibly be. Paypal is part of eBay group which uses/collects data for targetted advertising.

no, phb,but a great idea - will take note if issue recurs - please bear with me, everyone, am not very savvy when it comes to tech issues :slight_smile:

1 Like

One needs to look at the whole URL as well rather than just the start. The start could be epharmacy but paypal is impeded somewhere in the remainder of the URL. I can’t remember how Paypal payment is embedded into eCommerce sites.

While I haven’t tried, if you hover your cursor/mouse pointer over the accept button, see if a URL appears in the bottom left bar of the browser. If a URL appears, it may also give indication to its source.

The same might be by right clicking the accept button. I a option of ‘copy link’ or similar appears, click it snd then paste the informarion into say a word document. This should be the same URL as if the cursor is hovered.

The other option is to look at the page code…but this is more for advanced users.

I do Paypal payments every month or two/three, and I will check next time I do one as well (if I remember as well).

BTW, Patpal does use cookies to allow payment to occur …


Thank you so much phb - I do appreciate the time and effort you’ve put into trying to assist me :smiley:

1 Like

Not sure this is PayPal cookies but it is possibly cookies epharmacy uses to send the transaction to PayPal for payment.