Code on screen

COOKIELESS TRACKING: IDEA, BENEFITS AND MISCONCEPTIONS

The “cookieless” tracking topic has been around for quite a while now. The problem is that there are numerous interpretations and contexts in which it is used, which makes it quite difficult to understand what it really is. In the following piece, I would like to briefly go through what cookieless tracking is all about and what it means (or doesn’t ) for your measurement strategy

What’s Inside?

What is Cookieless tracking?

Cookieless tracking is an anonymized way of capturing information about visits to and interactions with your website without the need to store user-identifiable data. Since the most common way in Web 2.0 is to store such information as cookies, hence the name.

As you might already know, cookies are small text files that are stored in your browser/computer. They may contain all kinds of information: from a timestamp at which you paused your favorite TV show, up to the first marketing channel that you used to land on a website. However in the tracking context, cookies very often contain identifiers (such as User ID, Client ID etc.) that can be traced back to individual users. Bad news is that under GDPR, such identifiers are considered personal data and require active user’s consent, which in turn greatly diminishes the volumes of tracked data, thus impacting reporting and analytics accuracy.

The idea of cookieless tracking allows you to avoid using cookies with personal information and user identifiers. In certain cases it also allows you to track without an active consent. Before we take a look at benefits and limitations of such a tracking method, let’s get on the same page about how it actually works from a technical perspective.

Below is my bleak depiction of how a cookieless tech works compared to, say, standard client-side tracking in a marketing context.

Warning for my fellow web analysts: it is over oversimplified 

Standard Client-Side Tracking Architecture using a Tag Management System

When your website or application is fully booted/rendered, it makes a call to your Tag Management solution of choice. In turn, the tag manager loads the configured tracking libraries that often set cookies with user identifiers. After certain interactions (like page views, scrolls, video plays, clicks etc.) have been performed on your website, the tag manager compiles respective hits to the vendor servers, which may write additional cookies as a response (usually in a third-party context)

Cookieless Client-Side Tracking Architecture using a Tag Management System

As you can see, the “cookieless” data flow stays similar to the standard client-side tracking flow, with the exception of not using the user-identifiable cookies – where both first- and third-party cookies can be prevented from settling down in your browser. That is exactly this seemingly small change that makes a big difference when it comes to processing this data.

Caveat: certain browsers (like Safari or Brave) can already block or cripple third-party cookies by default, without any implementation effort on your side. Such browsers are using Intelligent Tracking Prevention (ITP) mechanisms to either block, limit or purge third-party cookies after a certain period of time has elapsed. I highly recommend getting yourself acquainted with this topic and to always follow the latest updates. If you want to design a reliable and scalable Web Analytics Solution, it is essential to understand how such mechanisms as ITP impact cookies.

So what? How does this impact my data accuracy and measurement?

While we are sending all the interactions like page views, clicks, custom events and other types of hits, we are not attaching an important parameter to those requests – a user identifier. Without a user identifier, we are not able to reliably say that Hit A and Hit B belong to the same user, or whether several Sessions (i.e. various collections of such hits that happened within a single visit) belong to the same person. What we are left with is a pool of events that cannot be mapped to any user profile, making it extremely difficult (or even impossible) to create segments, track across sessions and maintain a realistic user count. 

It is like being in a parking lot full of cars without license plates. We can see the cars’ dimensions, colors and brands, however we know nothing about their origin and registration, let alone can we identify their owners.

On the other hand, you can track interactions with your apps and websites with very low data gaps (i.e. reality vs. tracked) by fully respecting the users’ privacy and anonymity. Why? Since often tracking without user identifiers is considered anonymous and may not require consent in the form of cookie banners. Needless to say, you need to consider other privacy-related factors such as anonymizing IP addresses, storing the data in the right place (geographically) and other factors, according to your local Data Privacy laws.

As a result, various non-user and non-session related KPIs will be available to you. This will allow to perform fundamental analyses such as Traffic and Product Performance, Page Analytics, Referrer and Last-Click Attribution Analysis or even a Pathing Analysis (if there are session IDs implemented). Other types of web analysis techniques that are related to users and sessions (such as Cohort Analysis, User Segmentation, Attribution Modeling and others) will be unavailable to you.

Ultimately, the lack of user data is the price you have to pay to track more interactions, even if it means sacrificing quality and analytics.

What cookieless tracking is not

Nowadays, the term cookieless is used ambiguously in various contexts. While there can be some room for interpretation, it is important to understand what cookieless tracking is not.

Cookieless does not mean complete absence of cookies, it means absence of cookies with user-identifiable data

Cookieless is not only related to cookies per se, it is also related to other forms of browser storage, for example the localStorage object. That means you cannot simply store user-identifiable data in such browser storage objects and call your setup “cookieless”

 Often, cookieless tracking is used in a Server Side context (i.e. server-to-server communication instead of client-to-server), however it is not always the case. Cookieless tracking can also be used with client-side components, when you still load tracking SDKs or libraries without setting cookies. For example, Google’s Consent Mode technology that allows you to send cookieless pings, which improves data modeling accuracy

Summary

Eventually, cookieless tracking is a big step towards a better world of privacy-friendly web analytics. It also makes the Web more secure, potentially eliminating cookie leaks and other sinister JavaScript hacks.

As of now, the out-of-the-box cookieless technologies are far from perfect in terms of delivering the same data quality compared to cookie-based tracking. In the ever-changing privacy world, I genuinely expect more and more MarTech, AdTech and Web Analytics providers to develop new technologies that can sunset the cookie era, making the user’s experience better, the privacy more secure and the processes more transparent.