How we do analytics without cookies

Conventional analytics invents a unique identifier for each visitor, so they can recognize that when you view different pages, you’re the same person.

They store this information in a cookie, which is just a piece of information stored on your computer.

There are many problems with cookies:

  • They can track your behavior between multiple websites (e.g. Google/Facebook knows almost everything their users do) and users have no idea
  • They can persist almost forever
  • Most of your users will not consent to cookies, so you can’t legally measure those visitors
  • Recent legislation (e.g. GDPR) means you need to ask for permission to use cookies, which is annoying and puts off your visitors

Here, we’ll outline the journey that your user data takes when visiting a website containing the Silktide Analytics script. We’ve split it into three parts, “Data Collection”, “Data Journey”, and “Privacy Preservation”.

Data collection

Step 1: Load the Silktide Analytics script

Silktide’s lightweight script is fast-loading at just 18 kB. It doesn’t set or require cookies.

Step 2: Establish if you are a new user

Privacy is the main priority for Silktide Analytics, so we do not store your IP address or User Agent alongside your browsing history. In order for your user data to be anonymized, we need to perform some math functions.

hash(ip + userAgent + propertyId + salt)
  • To identify a visitor, Silktide Analytics combines their IP address (ip) and User Agent (userAgent) using a cryptographic hash function with a rotating salt. That’s a mathematical way of encrypting some data in a way that cannot be reversed.
  • The resulting hash (hash) is a unique identifier for the visitor that cannot be reversed or used to track them across websites.
  • The hash is unique to each website (propertyId), which means it’s not possible to track the same visitor across multiple websites. We use SHA-256 (an industry-standard hashing algorithm) to generate our hashes.
  • The IP address and User Agent are immediately forgotten upon creating the unique identifier.
  • The salt changes every 24-48 hours, which means the identifier also changes every day. The addition of salt also means that Silktide Analytics doesn’t need to store any personally identifiable information (PII), nor is able to restore any.
  • The salt is never stored. After 24-48 hours, it is deleted forever. This means the hashes are not reversible, by Silktide or by anybody else.

When a user lands on a web page containing the Silktide Analytics script, a check is made against the unique identifier. If one is found, that user is classified as a returning visitor. If not, they are considered a new user.

All users are considered new if it’s been more than 24-48 hours since their last visit.

Data movement

Step 3: Send a page-view event

Once a user is identified as new or returning, a page-view event is sent to Silktide’s servers. The event looks similar to this:

"propertyKey": "5hej242d435g4k58l70f71043fwsr2733",
"url": "",
"referrer": "",
"viewWidth": 885,
"events": [
"event": "page_load"
  • The propertyKey is the unique identifier for our customer’s web property (i.e. their website or collection of their websites). Because we’ve included the propertyId in the hash function, the same visitor across different customers has a different identity to us. So even if we wanted, we could never determine if a visitor to one customer was the same as a visitor to another.
  • The url is the current web page the user has viewed
  • The referrer is the previous website the user visited. For privacy purposes, the full path is not stored or transmitted, only the domain.
  • We store the viewWidth of the user’s browser as a way of reporting what kind of device the user is visiting from.
  • events are either built-in Silktide Analytics events ( like a page_load) or any custom event you set up yourself, like a specific button click or checkout submission.

All data is stored in the customer’s region of choice, either the EU or the US.

No data is transmitted between the two regions – they are entirely separate. This data segregation ensures your compliance with local privacy laws.

Step 4: Count bounce rate, time on page, and frustration events

Silktide measures common events that you’d expect in an analytics platform, but without you having to set up any complicated additional scripts.

By default, we include a measure of time spent on the page, and whether a user visits only that page before leaving. We also measure how far down a page a user reads, which helps you understand how engaging your content is. We show click events that have no outcome as a measure of user frustration.

All this information is presented in heat maps, which are unlimited and available on every page you have tested with Silktide.

An example of the types of events Silktide measures in order to report on this data is outlined below:

duration: 8,
event: "page_update",
maxScroll: 100,
readToSelector: "#blog-post-1",
readWords: 709,
totalWords: 4231,
usedKeyboard: false,
usedMouse: true,
usedTouch: false,

Privacy preservation

Step 5: Customer data is privacy-safe

Your customer data has now completed its journey. By using the methods above, it’s possible for you to comprehensively track user behavior without invading their privacy

  • Silktide Analytics preserves privacy by not using cookies
  • Visitors are given unique identifiers that cannot be tracked across websites
  • Silktide Analytics never stores any personally identifiable information (PII)
  • Data is stored in compliance with EU data privacy laws
  • Silktide Analytics deliberately never stores text entered into a search box or a form, including query parameters
  • Referrer data is simplified to just the website and not the specific webpage

Is there a trade-off in the data I can collect versus, say, Google Analytics?

To an extent, yes. With Google Analytics, and indeed any analytics product that sets a cookie, you can get data from returning visitors for an almost indefinite amount of time. This is because once the cookie is set, it’s stored on the user’s computer. If it’s not set to expire by the company setting it, or deleted by the user from their device, that person can be identified forever whenever they return.

This is not great for user privacy. Notably, platforms like Google or Facebook, which have their tracking pixels across many millions of websites, can track user behavior on whichever website they visit. They use this data to create a profile of a visitor and serve adverts. This is why you see adverts related to things you may have recently searched for or websites you’ve recently visited, regardless of which website you are currently visiting.

Silktide’s approach is more privacy-friendly. We can see a visitor as returning if they come back within 24-28 hours, but after that, they are completely forgotten and appear as a new user. However, during the time they visit, we can still give you all the statistics you’d expect from an analytics platform like the pages visited, the length of visit, and more. On top of this, we include an unlimited heatmap solution, so you can see user behavior on every page of your website.

The benefit of our approach is that you could, if you’re not using other tracking pixels that set cookies, remove your cookie consent banner. For EU web visitors, this provides a much better user experience.

Frequently asked questions

Big tech tracks your every move online. Under GDPR, it’s illegal for personally identifiable information to be sent outside the EU. But Google’s servers are located in the US, so by using Google Analytics you could be breaking the law. Not just this, but Google also tracks user data, building a profile of online activity online. That profile is used to send targeted ads to users whichever website they visit. All this is made possible by the use of third-party cookies. Eliminate cookies, and you can help to eliminate user tracking online and create a more privacy-focused Internet.

Analytics built for web managers. Get your demo today

Back to top