Cookieless Tracking

Pillar: how to track usage without dropping cookies. Patterns, configurations, and concrete cookieless setups for self-hosted analytics — the kind that don’t trigger a CMP banner under EU law and don’t fight your visitors’ ad-blockers.

Cookieless is not a single technique. It’s a stack of decisions: identifier rotation, IP anonymization, server-side event collection, and consent-classification logic. This pillar takes each layer one by one — what it is, what it costs, what breaks if you skip it.

Why “cookieless” matters in 2026

Three forces converged: CNIL’s interpretation of GDPR Art. 5(3) treats most analytics cookies as identifiers requiring consent; Apple’s ITP and Firefox’s ETP block third-party cookies by default; and Chrome’s gradual third-party cookie deprecation has shifted the conversation from “should we drop cookies” to “what do we use instead.”

For self-hosted analytics, cookieless is also a deployment simplification — fewer compliance surfaces to defend, no banner to A/B-test, no cookie policy to keep current.

Published guides

• Cookieless Tracking Made Simple — What It Is and How It Works — the foundation. Five self-hosted setups (Plausible CE, Matomo with IP-anon, Umami, GoatCounter, server-side events). Mechanism level.

Cookbook entries shipping next

• Plausible CE cookieless config — full walk-through — every config knob (hash-rotation, salt persistence, fingerprint widths) and why each is what it is.
• Matomo IP-anonymization mode — the EU-acceptable Matomo configuration that runs without consent banners (the privacy/anonymize-ip + useDefaultTrackingValuesIfNoConsent combo).
• Server-side cookieless events with NextJS — sending events from a server route instead of the browser, with a daily-rotating identifier.
• Cookieless A/B testing — splitting traffic without persistent identifiers (and what you give up in cohort retention reporting).
• The CNIL cookieless checklist — what regulators look for in a cookie-banner-free setup, point-by-point.

Related across pillars

• EU compliance teardowns — the regulatory backdrop. Cookieless is not “GDPR-exempt.” Read this before assuming you can skip the banner.
• Custom events & goals — once you’ve gone cookieless, modeling goals across sessions takes a different shape. The events pillar covers that.
• Install recipes — every cookbook recipe ships with a cookieless-by-default configuration; the cookieless pillar zooms in on the why.