Why is cookieless tracking becoming more relevant?

The General Data Protection Regulation (GDPR) has been in force since May 2018. Because the GDPR does not clearly regulate the use of cookies and the topic of user tracking, it will be supplemented by the Telecommunications Telemedia Data Protection Act (TTDSG) as of 1 December 2021. Until then, rulings of the Federal Court of Justice had prescribed the handling of the collection of data through cookies. The law states that explicit and informative consent, e.g. in the form of cookie banners of a cookie content management tool, is mandatory for setting cookies or similar mechanisms. The only exceptions are cookies that are technically absolutely necessary and those used to transmit messages via a public telecommunications network.

Crossed-out stack of cookies symbolising the end of cookie-based tracking

Cookies are a practical tool in the performance analysis of advertising measures and websites. Due to the obligation to give consent, collecting sufficiently valid data has become a major challenge. Different evaluations of cookie consent management platforms state that on average 40-50% of website users refuse the use of cookies, which means that a large proportion of sessions and thus user behaviour on the site can no longer be measured. Some sources even say that legally compliant cookie consent queries can even achieve only 14 % consent.

And that's not all: some browsers block cookies directly by themselves. For example, the Google browser Chrome is the only one that still allows 3rd party cookies, and even 1st party cookies are deleted by the Apple browser Safari after 1-7 days and by the Mozilla browser Firefox after just one day (always up-to-date information on the topic of "cookie status" here: https://www.cookiestatus.com/).

What are cookies, what is cookie-based tracking and what does it enable?

Cookies are text files that are stored in the user's browser when a website is called up and can be called up again by the web server at a later time. In the world of cookies, a distinction must be made between 1st and 3rd party cookies.

Icon of a bitten cookie representing a first-party cookie

1st Party Cookie

This type of cookie enables users to be recognised on their own website. This is used, among other things, to save items in shopping baskets in online shops, but also to analyse user behaviour on a website and customer journeys up to conversion, including the touchpoints and marketing channels involved.
Icon of two bitten cookies representing a third party cookie

3rd Party Cookie

These cookies are usually advertising cookies that do not come from a website operator itself, but from a third party, as the name suggests. These in turn provide third parties with data on the behaviour of users on certain websites by creating movement profiles for the purpose of playing out advertising.

With regard to 1st party cookies, it is therefore no longer possible to recognise users over a longer period of time in website sessions where cookies are no longer set. As a result, some analyses are no longer possible and the following data, among others, are lost

What is cookieless tracking and what is possible with it?

So what can be done at a time when it has become difficult for marketers to obtain relevant cookie-based information? With regard to the playout of advertising, a form of targeting that is not new is gaining in importance again: semantic targeting or contextual advertising . It enables advertising to be played out to specific target groups without the use of cookies. To do this, website operators use keywords to indicate which subject areas their pages contain. Based on these keywords, advertisers can then place ads that are relevant to the topic.

Dashboard with Cookieless Tracking Key Figures

Google & Co. are not giving in so quickly and are working on solutions as alternatives to cookies. In this context, Google presented the "Topics" and "FLEDGE" concepts. The aim is to continue to play out target group-specific advertising. To this end, the user's interests are stored in the browser and he or she is added to interest groups. Advertising from the website visited and its advertising partners is then played to these groups.

All is not lost for web analytics and conversion tracking either. There are some technical alternatives that allow the collection of relevant data for performance optimization. It must first be noted that cookieless tracking does not necessarily mean tracking without consent! According to the GDPR, cookieless tracking methods that enable the recognition of a user also require the user's explicit consent. Likewise, in the case of cookieless tracking, no data may be transferred to insecure third countries such as the USA without the consent of the user. This applies in particular to the use of the web analysis tool Google Analytics. In the following, we will now present a few options for cookieless tracking that allow users to be recognized on their own website over a longer period of time (but note: all of them require the consent of the users!):

Icon of a fingerprint


With fingerprinting, characteristics and settings of the user's terminal device are converted via an algorithm into an ID by which the user can be recognised.
Icon of a tick


This variant uses the browser's cache. When a page is called up, an ID, the ETag, is stored in the cache for recognition until the cache is deleted.
Icon of a tick in a sign

Authentication Cache

This method works similarly to the ETag, but here fictitious access data are automatically generated and stored in the cache.

Tracking without user identification and "hybrid" solutions

And last, but not least, there is of course the possibility to collect relevant marketing and website usage data without identifying and "tracking" the user. This data can be collected on the basis of legitimate interest without the user's consent. This works via the browser: Information transmitted by the browser is compiled into an identifier (the so-called " hash procedure"). This information is constant within a visit. In this way, interactions with the same identifier can be assigned to a visit and users can be distinguished. No data is stored on the end devices. However, in order to meet the legitimate interest as defined by the GDPR and to prevent recognition over a longer period of time, the IP address of the user must also be anonymised. This is possible, for example, by adding a random value that changes daily. This method can also be used to collect the following information, among other things:

Some providers also offer so-called "hybrid" solutions. In this case, the consent query determines whether cookies may be set. If the user consents, the corresponding information is then collected through the use of cookies. If the user refuses, the cookieless tracking variant applies, which only collects data within the scope of legitimate interest.

Our conclusion

In the future, it will not become any easier to play out targeted advertising and measure the performance of websites and communication measures. But it is not impossible, and marketers should consider the alternatives in good time.
Our experts will be happy to support you on this topic and with any other questions you may have about performance marketing and marketing analytics!

How we can support you in performance marketing?
Learn more now!
Workstation with a laptop on which a Google Analytics

How can customer data change your marketing?

In online marketing today, almost everything is measurable. In order not to get lost in the KPI overload, it is important to identify the individually relevant key figures. Learn more about important KPIs and their role in data-driven marketing in our white paper!

Interested? I look forward to your questions and exciting conversations.

Sonja Rösler
Send an e-mail