Pillar — Cookieless analytics

Analytics without cookies. Complete data, by architecture.

In 2026, cookie-based analytics measures roughly 13% of European traffic. The other 87% is rejected, blocked or capped before the tag fires. This is a guide to the alternative — what cookieless analytics is, what it counts, what it deliberately doesn't, and where it fits beside the rest of your stack.

TL;DR

Cookieless analytics is web analytics that captures pageviews, events and conversions anonymously, on the server side, from your own domain — without cookies, fingerprinting or personal identifiers. It captures 100% of traffic because there is nothing for browsers, consent banners or ad blockers to block, reject or expire. The trade-off is honest: you measure channels and conversions at aggregate scale, not individual people across sessions. For an eCommerce or media business making investment decisions on traffic mix, that trade-off is usually the correct one.

Captures 100% of traffic — no consent gate, no ad-blocker drop-off, no 7-day cookie expiry.
GDPR-compliant by architecture — no cookies, no PII, no cross-session identifiers. EU-only processing.
Last-click revenue attribution at channel and campaign level, on every visitor.
What it doesn't do — identify returning visitors, follow individuals across sessions, or build per-user profiles. If you need that, use a CDP.

Why cookie-based analytics fails in 2026

The cookie was designed in 1994 for session continuity — keeping you logged in, holding a shopping cart. Its use for analytics was a later adaptation that depended on conditions that no longer exist. Three structural shifts have made the cookie an unreliable measurement primitive in Europe, and they compound:

1. Consent rejection — 40 to 60% of EU visitors

Since the 2019 CNIL and ICO guidance hardened, a consent banner is required before any non-essential cookie is set. Real-world rejection rates sit between 40% (B2B) and 60% (B2C consumer) across European markets. Those visitors are still on your site, still buying, still leaving — but invisible to your analytics.

2. Ad blockers — ~40% of EU users

uBlock, AdBlock Plus and the Brave browser ship rule lists that strip third-party analytics scripts before they execute. The visitor never registers in your GA4 property at all — there is no consent to reject because there is no request. This loss is silent. It does not appear as a missed opt-in; it appears as missing sessions.

3. Safari ITP and Firefox ETP — 7-day cap on first-party cookies

Even when the visitor consents, Safari's Intelligent Tracking Prevention caps first-party analytics cookies at 7 days. Firefox does the same. A user who browses on Tuesday and converts on Thursday next week shows up as a new visitor. Attribution windows collapse. Returning-visitor identification stops working at scale.

Stack those losses and you are typically left with around 13% of European traffic visible in GA4. The rest is rejected, blocked or expired before measurement begins. Google's answer — Consent Mode v2 — is to model the missing data statistically. That is a useful estimate for some questions. It is not a measurement.

How analytics works without cookies

The architecture removes the cookie as a tracking primitive and replaces it with anonymous, first-party event counting. Three layers, one pipeline:

01
First-party pixel on your own domain
A small JavaScript tag (846 bytes in our case) sends each pageview to pixel.yourdomain.com— a CNAME under your own domain, not a third-party host. Because the request leaves the page from the first-party origin, ad-block rule lists do not match it. Because no cookie is set or read, no consent gate is required.
02
Anonymous server-side event counting
The pixel endpoint runs in Dublin and counts events at channel, campaign and landing-page level. No user identifier is created. No fingerprint of IP plus User-Agent is stored. The system knows that 142 pageviews arrived from Google CPC on a specific landing page; it does not know that visitor A and visitor B were the same person.
03
Last-click attribution and aggregate reporting
Each conversion event is attributed to the traffic source observed on the page load where it happened — last-click, 100% of the time, on 100% of data. Aggregates flow into dashboards, BigQuery, and an MCP server for AI agents. The output is channel performance: which sources drove revenue this week, and by how much.

The full architecture — pixel, pipeline, reporting layer — is documented on How it works. The technical glossary entry is at cookieless analytics.

What you measure — and what you don't

The honesty matters. Anyone who tells you cookieless analytics does everything cookie-based did is selling, not informing.

What it captures

100% of pageviews, sessions and conversion events.
Channel, campaign, source and medium for every event.
Last-click revenue attribution at channel level.
Funnel step counts — how many visitors reached step 1, step 2, step 3.
Landing-page performance, geographic distribution (country level), device class.
Conversion events from Shopify, WooCommerce, Magento, PrestaShop and custom checkouts via dataLayer.

What it does not

Identify a returning visitor across sessions.
Build per-user behavioural profiles.
Reconstruct an individual's path through your site.
Power user-level CRM triggers based on browsing history.
Replace a CDP for logged-in product analytics.
Provide individual-level retargeting audiences (use Google/Meta pixels for that, run in parallel).

For a CMO defending media spend, a CFO reconciling channel revenue against the P&L, or an eCommerce manager whose decisions live or die by traffic mix, the left column is the answer. For product analytics on a logged-in app, the right column is the wrong tool — pair with Mixpanel or Amplitude.

Cookie-based vs first-party server-side

The architectural difference shows up in six places that matter for measurement decisions.

Dimension	Cookie-based (GA4, GA360, Adobe)	First-party server-side
Traffic captured (EU)	~13% after consent + ad-block + ITP	100% — no consent, no script, no expiry
Consent banner	Required before any tracking	Not required — no personal data
Ad-blocker impact	Script stripped on ~40% of visits	First-party request — not in rule lists
Cookie lifespan	Safari ITP caps at 7 days	No cookie — irrelevant
Returning-visitor ID	Possible (when cookie survives)	Not possible by design
Attribution model	Data-driven or last-click on 13%	Last-click on 100% of data
Data residency	US default (GA), EU optional (Adobe, Piwik)	EU-only (Dublin)

For the full feature-by-feature comparison against GA4, see SealMetrics vs Google Analytics 4. The enterprise tier (GA360, Adobe Analytics, Piwik PRO) is covered on Comparisons.

By your sector

The architecture is the same. The reconciliation patterns, KPIs and integration shape change with the model.

eCommerce

Cookieless analytics for eCommerce

Shopify, WooCommerce and Magento reconciliation. Revenue, attribution, conversion — without consent banners.

Read →Hotels

Cookieless analytics for hotels

Direct-booking attribution. Meta-search revenue. PMS reconciliation for Mews, Cloudbeds, Opera.

Read →SaaS

Cookieless analytics for SaaS

PLG funnels without consent banners. Works alongside Mixpanel and Amplitude. BigQuery export.

Read →DTC

Consentless analytics for DTC brands

How direct-to-consumer brands measure paid social, influencer revenue and email last-click without cookies.

Read →

Where it fits in your analytics stack

Cookieless analytics is not a replacement for every tool. It is the measurement layer — the source of truth for “how much traffic came in, where from, and what did it do.” The rest of the stack stays:

Alongside GA4 (for Google Ads conversion import)

Keep GA4 running for the integrations Google reserves for its own product: Ads conversion import, the Search Console join. Use SealMetrics as the number you make decisions on. Two tools, two purposes.

Alongside Mixpanel / Amplitude (for product analytics)

Product analytics needs user-level identification — logged-in event streams, cohort retention, feature usage by account. That is a different tool category. Run it after authentication; run SealMetrics on the marketing surface.

Alongside BigQuery (for warehouse modelling)

Full-resolution event and conversion counts export to BigQuery from the Growth plan up — no ETL, no sampling. Marketing-mix modelling, finance reconciliation and custom attribution windows live in the warehouse.

Not a replacement for Meta or Google ad pixels

Retargeting audiences and on-platform optimisation still need their respective pixels. They serve the bidder, not the measurement. Keep them; measure their actual contribution with SealMetrics.

Common questions

Is cookieless analytics legal under GDPR?: Yes — and the legal route is architectural, not contractual. Because no personal data, identifier or cookie is stored, the processing sits outside the material scope of GDPR and the cookie-consent requirement of ePrivacy. The CNIL exemption criteria, the German DSK guidance and the UK ICO PECR exemption all describe this same path. SealMetrics ships with a DPA, EU-only processing in Dublin, and a TPSR (Transfer, Privacy and Security Review) package for legal review.
How accurate is cookieless tracking compared with GA4?: It captures more, not the same. Cookie-based tools lose data three times in Europe: 40–60% of visitors reject consent, ~40% use ad blockers that strip the script, and Safari/Firefox cap first-party cookies at 7 days. Cookieless server-side collection is unaffected by all three. Hotel groups running both have measured 30–40% more traffic and 15–20% more attributed revenue against their own CRM.
Can I run it alongside Google Analytics 4?: Yes — we recommend it for the first 30 days. Most teams keep GA4 running for Google Ads conversion import and BigQuery legacy, and use SealMetrics as the source of truth for board-level decisions. There is no migration. One script tag, runs in parallel.
What can cookieless analytics not do?: It cannot identify a returning visitor. It cannot follow a single person across pages or sessions. It does not build per-user behavioural profiles. If your use case requires user-level identification (logged-in product analytics, CRM triggers based on individual browsing), you need a different category of tool — likely Mixpanel, Amplitude or a CDP. SealMetrics counts events anonymously and attributes conversions to the channel that drove them, at aggregate scale.
What about Google Consent Mode v2?: Consent Mode is a modelling layer: when visitors reject cookies, Google estimates the missing data statistically. It is still cookie-based at heart. The data you see in GA4 with Consent Mode is a model of the 87% you cannot measure. Cookieless analytics is a measurement layer — every visitor is counted, no model required. The two answer different questions.
How fast is implementation?: Five minutes to install the 846-byte first-party pixel on any CMS, SPA or headless setup. First data in the first hour. Full calibration within a week. Side-by-side with GA4 from day one — no rip-and-replace.

See your complete data in 30 minutes.

Book a walkthrough with the founder. We run the gap calculator on your real traffic and show you what GA4 is missing this month.

Start FREE Trial →Book a demo

Built by a founder · supported by a founder · EU-hosted by design