Logo Logo


The General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) affect how your website may track visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

The methods for tracking internet users and their digital habits are becoming ever more sophisticated.

The cookie, the best known technology, is only one of them.

The purpose of online website tracking is for organizations, companies, websites etc. to gain insight into their users, their behaviour and preferences.

This insight serves to optimise user-friendliness and user experience. It also serves for statistical purposes, for customization, for commerce, and for profiling and targeted marketing.

Who are the website trackers and what do they want?

What is website tracking of visitors?

When a user browses on the internet, everything might potentially be tracked:

Website tracking is when users’ digital activity on a website or journey between websites is being monitored or recorded. It's very common, but the transparency leaves room for improvement:


This is a primary reason why the EU has enforced a strict regulation for protecting the privacy of its citizens in the digital realm: the GDPR (the General Data Protection Regulation), enforced 25 May 2018.

The purpose is to restore the control over one’s own data to the users, by augmenting the transparency and insight into how one is being tracked, by whom, and for what purpose, along with the possibility to prevent it from happening.

Read about cookie solutions for your website here.

Who are the website trackers and why do they track?

There is no simple answer to this question, because tracking is many things. Amongst the most common reasons, are:

1. Website tracking for statistics, functionality, performance etc.

Websites track users directly and by means of integrated third party tools such as Google Analytics, mainly in order to gain insight into how their website is being used.

This enables the website’s owner to improve and optimize the functions, functionality and features of their website, so that it meets user requirements as closely as possible.

2. Website tracking for commerce

Webshops and ecommerce websites track users in order to maximize their turnover.

Simply put, the more insight a commercial website has into its customers’ actions, interests and needs, the better it can present its products to the specific user, the more it will sell.

3. User tracking for profiling and targeted marketing

Websites also allow for third party advertisers to track their users and display ads to them in order to get revenue from their website.

Especially news sites and other websites with editorial content have a large presence of third party website trackers. Many of these sites provide articles for free and lack an external funding. Therefore, they have to monetize pageviews with significantly more advertising than websites promoting commercial products or websites owned by governmental or public entities.

Advertisers track users so that they can target their marketing as precisely as possible and display their ads to the most relevant potential consumers.

The technology that allows companies to place ads on somebody else's website is called display advertising. 

Ad networks

Typically, advertisers make use of large scale ad networks to help them market their products to their most relevant audience on the internet. The largest online advertising network is Google Adsense.

Research about online website user tracking

In January 2016, a study from Princeton University measured and analysed the online tracking on the top 1 million websites of the internet.

It’s the largest study yet of technology that tracks people’s movement around the internet.

The key finding of the study was that third party trackers present on the internet takes the form of a classic long tail graph:

Even though the researchers all in all detected over 81,000 third party trackers that were present on at least two websites (thereby indicating that they are third party trackers), only a handful of those were present on the majority of the 1 million analysed websites.

The top five most common website tracking tools were all owned by Google.

Google Analytics, a product used to log visitors to websites that integrates with the company’s ad-targeting systems, was found on almost 70 percent of sites. DoubleClick, a dedicated ad-serving system from Google, was found on close to 50 percent of sites.

The long tail of online website tracking

Illustration from the Princeton Study on Web Transparency

How do websites track visitors? | What tools and technologies do they use?

The most common and best known technology for tracking users is the use of cookies.

Other known online tracking technologies are pixel tags, ultrasound beacons, and browser fingerprinting, amongst others.

How websites track users with web cookies, HTTP cookies or internet cookies

The cookie is a simple string of text that is loaded on users browsers when they visit a website. Its purpose is to enable the website to recognize and remember its users.

The cookie was invented back in 1994 by Lou Montulli and John Giannandrea at Netscape, and originally served to provide websites with a ‘memory’, so that they could, for example, hold items in a shopping cart while the user browsed for goods on the site.

While the cookie still serves this purpose, it can also monitor users and give a great deal of insight into user behaviour.

The cookie is widely used for profiling and targeted marketing, and most websites set a great deal of cookies of first and third party provenance alike.

However, there has been quite a bit of negative public attention to cookies, and many users choose to block cookies from their browsers.

Read our full introduction to internet cookies.

Tracking website users without cookies

What are pixel tags for tracking?

Tracking pixels, also called pixel tags or 1x1 pixels, are transparent images consisting of a single pixel, that are present (albeit virtually invisible) on a webpage or in an email.

When a user loads the webpage or opens the email, the pixel is also loaded, enabling the sender of the pixel, typically an ad server, to read and record that the webpage is loaded or the email is opened and similar user activities.

The purpose is much the same as for third party cookies: to get insight into users for targeted marketing.

Ultrasound beacons: What are they and how do they work?

Ultrasound beacons or ultrasonic beacons, sometimes abbreviated uBeacons, are high-pitched sounds that are emitted from the device in use, e.g. when you visit a website that has the beacon installed.

The sound is inaudible to humans, but your dog can hear it, and, more importantly, all the other devices in proximity to the one you were using, react to it.

Also called Ultrasonic cross-device tracking (uXDT), the uBeacon serves to bridge the gap between the digital world and the physical one.

One of the primary benefits of the ultrasound beacon is that it enables the sender to gain insight into what devices are connected with each other: your pc, mobile, tablet, etc. - Thereby solving the headache of marketers and other trackers alike, that users can move between devices.

More and more mobile apps silently track users by means of ultrasound beacons for other sophisticated purposes:

For example, some retail stores have ultrasound beacons installed at their entrance, that interact with your mobile phone when you go inside, enabling marketers to track and target consumers in the physical world as well as online.

So, if you for instance went to a brand store for, say, sneakers, that had an uBeacon emitter installed at their entrance, this particular brand of sneakers now knows that you may be interested in their shoes, even if you never went to their website or searched for their shoes online.

What is browser fingerprint tracking?

Even if a user blocks tracking cookies and uses VPN to blur their IP-address, there still are other methods for tracking users.

One of them is fingerprinting. The fingerprint is the uniqueness of your specific computer, device or browser.

Whenever a user visits a website, their computer or device provides the site with highly specific information about their system and settings. The use of this information to identify and track users is known as device or browser fingerprinting.

The uniqueness can consist of your particular configuration, your setup, or even the dust on the lens of your camera!

Other technologies and methods for tracking users

In addition to regular cookies, pixel tags, ultrasound beacons and fingerprinting technologies, there exists other methods for tracking users, such as undeletable zombie cookies or super cookies, dynamic cookies, Silverlight Isolated Storage, IndexedDB, etc.

As the world is coming to realize, in the digital age, data is an extremely valuable asset, that can be used for everything from owning markets, affecting the masses, to even win elections.

The methods for getting insight and tracking users is always evolving, and the means are impressively creative.

The GDPR and the ePrivacy Directive are two EU initiatives to regulate user tracking and protect personal privacy. They are probably not in themselves sufficient, but they are important steps in the right direction.

How does Cookiebot work?

Cookiebot makes your website’s use of cookies and other tracking technologies fully compliant, by restoring transparency and user consent to the tracking going on on your website.

It is one of the only fully GDPR and ePR compliant solutions on the market.

Cookiebot consists of three main features:

Website scan

The Cookiebot scan detects and identifies all known types of tracking on the website.

It scans all the pages of your website by directing 7-8 simulated users at your website with requests every 1.5 seconds. This is few enough to not interfere with your website’s performance, but enough to detect all the types of tracking going on on your website, including dynamic cookies, ultrasound web beacons, pixel tags and fingerprinting.

Cookie consent system

When a user visits your website, Cookiebot deactivates all loaded scripts but the strictly necessary ones until the user has given their consent to the cookies, thereby complying with the requirement of prior consent.

All the cookies and other tracking technologies are listed, and grouped into four comprehensible categories, that the user can choose to opt in and out of.

All received consents are securely stored as documentation that the consent has been given, also a requirement of the GDPR.

Transparency and full control

The monthly scan results in a full report of all tracking technologies in use on the site, giving insight and control to the website owner as to what tracking is in use on their site.

The cookie declaration reporting all active cookies can be published as part of your cookie policy or privacy policy, thereby meeting the requirement for specific and accurate information to your users about the tracking at all times.

As required by the GDPR, your users may go back at any time and change their settings or withdraw their consent. In the cookie declaration, features are automatically provided for the user to change or withdraw their consent whenever they want.


MIT Technology Review: Largest Study of Online Tracking Proves Google Really Is Watching Us All

Princeton University Study: Online Tracking: A 1-million-site Measurement and Analysis

AudioContext Fingerprint test page

Wired: Google tracks everything you do. Here's how to delete it

Howstuffworks: How Internet Cookies Work

The Guardian: Behavioural tracking and neuroscience are tools for sustainable innovation

Electronic Frontier Foundation: New Cookie Technologies: Harder to See and Remove, Widely Used to Track You

Electronic Frontier Foundation: How Online Tracking Companies Know Most of What You Do Online (and What Social Networks Are Doing to Help Them)

Electronic Frontier Foundation: Browser Versions Carry 10.5 Bits of Identifying Information on Average

The Guardian: Tracking the trackers: What are cookies? An introduction to web tracking

Privacy Policies: Your ISP Is Tracking Every Website You Visit: Here’s What We Know

Verticalrail: What is an ad network

Earningguys: 15 top ad networks for publishers

Gizmodo: Facebook knows how to track you using the dust on your camera lens

VisualIQ: Cookies, Tags, Pixels and IDs: Tracking the Consumer Journey

Test if your browser is safe against tracking with the Electronic Frontier Foundation

Multiloginapp: About browser fingerprinting

The Hacker News: Hundreds of apps using ultrasonic signals to silently track smartphone users

Vice: Your phone is listening and it's not paranoia

Clickz.com: A beginner's guide to display advertising

Technische Universität Braunschweig, Brunswick, Germany: Privacy Threats through Ultrasonic Side Channels on Mobile Devices

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free