Cookieless Tracking

It is very likely that you are currently using Google Analytics or another analytics platform like Adobe or Matomo to track behaviour on your website. The basic implementation is relatively straightforward: create an account, add the tracking code into all your website headers and watch your data and insights accumulate.

Why cookies?

Those 9 or 11 lines of code (in the case of Google Analytics' gtag.js or analytics.js) make everything work automagically. However, magic is not in the snippet itself, but in the code it fetches in the background. Every time the browser of a user loads one of your pages, the script fetches the actual gtag.js or analytics.js file from an external server. This causes 2465 to 4492 lines of code to be processed.

One of the many functionalities of this code is to store cookies in the browser of the user. This is for a good reason: browsers render webpages using HTML, and the process through which HTML is loaded from a server is stateless by design. This means that no information persists between pageviews. So it’s easy to measure pageviews: just record an event every time a page is loaded. But in order to match individual pageviews against a session or a user, requires a workaround. Cookies have been that workaround for the past 20 years. These little files exist inside your browser and persist across pageloads. So if you’re able to store a session ID or user ID in the cookie during pageload 1, you can match that data during pageload 2.

Do we still need cookies?

The General Data Protection Regulation (GDPR) and ePrivacy regulations are impacting how you should treat visitors on your website, especially with regards to the use of personal identifiable information (PII) and processes that enable the identification of individuals. Needless to say, you can no longer utilize cookies for web tracking without taking user consent into account. This has resulted into the cookie consent jungle we experience today.

So while most companies are choosing to move forward with their usage of cookies, albeit with the appropriate cookie consent dialogs, you don’t have to go down this route. Do you actually need cookies? They’re great for stitching individual events into sessions and user journeys. But with the rise of Ad Blockers, Intelligent Tracking Prevention (ITP), ‘Do Not Track’ functionalities and active cookie opt-outs, the reliability of stitched data in web analytics is greatly declining. So Google Analytics and other platforms are still stitchting events to show you sessions, journeys, conversion paths and much more, but you should definitely question the reliability of such aggregations.

Go cookieless on your existing analytics platform

While there are alternative solutions that can for example protect cookie data with countermeasures or can serve as a replacement for cookies altogether, it’s still a good idea to ask yourself if you actually want and need to use cookies. Website and application owners are spoiled by the ease of analytics platforms. But the old mindset of collecting everything you can has to change into a mindset of only collecting what you need. If you don’t need to stitch data using cookies, you can easily abandon those without necessarily having to abandon your analytics platform. This could also mean that you can drop that annoying cookie consent banner. This is exactly the implementation we currently use on this platform with Matomo, which supports cookieless tracking out of the box.

If you’d like to learn more about the specifics of such an implementation with Google Analytics, you might want to read this article by Helge Klein. It describes how to configure the Google Analytics tracking code in such a way that it doesn’t store data in cookies.