Last Modified on December 18, 2024
As the world becomes more privacy-centric, the challenges to marketing your website or app visitors have increased considerably.
Also, internet users are becoming increasingly aware of their digital footprint coupled with governments worldwide tightening their privacy laws, which makes things quite challenging.
But does this mean that your days of retargeting your visitors are over? Thankfully, not. There are still ways to deliver personalized experiences and do retargeting without cookies.
In this post, we’ll discuss how digital marketers can use newer technologies and strategies to keep their retargeting efforts effective and privacy-compliant through the following topics:
- What is Retargeting with Cookies?
- Understanding Types of Cookies
- How to do Retargeting without Cookies?
- Limitations of Cookieless Retargeting
- Other Alternatives to Retargeting
Let’s jump into the cookieless world!
What is Retargeting with Cookies?
Retargeting is when businesses/websites try to bring back the visitors who have already visited their sites/apps to try to convert them.
Since they have already visited the site or viewed a certain product, there are more chances of converting them into customers if they are shown relevant ads which serve as a reminder.
These ads are shown to visitors on other websites, not the same website they originally visited because they’ve already left that site without buying much.
This has been going on for a long time because not only is it effective, but it is also cheaper to ‘retarget’ than to market to new customers/markets.
The problem is that it was possible thanks to third-party cookies (more on their types later) that tracked users’ activity online.
Third-party cookies are the bad guys and first-party cookies are the good guys. Therefore, Google’s original plan was to completely kill third-party cookies in Chrome like some other browsers (Brave, Firefox, Safari, etc.).
They changed this later on (July 2024) where users can now make an ‘informed choice’ of how they want to be tracked and can change their decision at any point.
Even so, third-party cookies have fallen out of favor, and using them only makes things ‘complicated,’ to say the very least. Imagine the ethical backlash? Not worth the risk, right?
Besides, if there are ways to circumvent all the controversy then why not? Before we move on to how we can deal with these issues, let’s look into different types of cookies and how they work.
Understanding Types of Cookies
Cookies have been at the core of the billion-dollar advertising industry since their inception in 1994. A cookie is simply a file on your browser that stores data.
Their goal was to tag return users and remember your site preferences, login details, and shopping carts which later on evolved to be used for retargeting and personalization among other things.
Let’s have a look at different types of browser cookies starting with the ones you often hear about in the table below:
| Description | First-Party Cookies | Second-Party Cookies | Third-Party Cookies |
| Data Source | Created and stored by the website you’re visiting. | Not really cookies but second-party data collected in a first-party context and then shared with a trusted partner. | Created and stored by domains other than what the user is visiting (e.g., ad networks). |
| Purpose | Enhance user experience (e.g., login, preferences, cart items). | Extend functionality through trusted partnerships (e.g., targeted offers, affiliate marketing). | Track user behavior across multiple sites for ads, analytics, or user profiling. |
| Control | Controlled entirely by the website being visited. | Limited to specific agreements or partnerships. | Often accessible across multiple unrelated domains. |
| Access | Only the visited website has direct access to these cookies. | Shared explicitly by the first party with consent. | Accessible by third parties (e.g., advertisers, trackers) across different websites. |
| Transparency | Typically disclosed in the website’s privacy policy. | Should also be disclosed in the privacy policy. Requires explicit agreements and user consent to comply with laws. | Historically less transparent to users, leading to privacy concerns. It also requires user consent to comply with laws. |
| Privacy Implications | Generally low risk- Tied to one domain (the site you’re visiting). | Medium risk – Depends on how the data is shared and used. | High risk – Tracks users across the web and may lead to intrusive profiling. |
| Examples | Remembering login details or keeping items in a shopping cart. | An airline sharing booking data with a car rental partner or tour operator(s) for targeted offers. | Ads following you across sites (e.g., retargeting ads on other websites). |
While this table covers the most common terms you hear when it comes to cookies, there are other types of cookies that we are going to explore below:
- Session – These are temporary and expire when you close the browser. For instance, banking sessions that end once you log out or e-com stores keeping the items in the cart while you’re browsing.
- Persistent – Stored on your device and expires after a certain date or when deleted. The date is attached by the website though they shouldn’t persist for more than 6 months. They can be used for remembering your chosen language or region when you visit a site for the first time.
- Secure – They are only transferred over encrypted connections i.e., HTTPS. For instance, they could be any cookies used for online transactions to protect sensitive data.
- HttpOnly – These cookies are only accessible by servers, JavaScript cannot access them and helps to mitigate risks like cross-site (XSS) attacks. The server generates a unique session identifier without which it cannot recognize subsequent requests belonging to the user. This session ID is stored in the HttpOnly cookie and sent to a server in the HTTP headers, that’s why it can’t be accessed client-side via JavaScript.
- SameSite – They include a ‘SameSite’ attribute to control cross-site request handling to prevent cross-site request forgery (CSRF) attacks by restricting how cookies are sent with cross-site requests. For instance, a cookie with SameSite=Strict won’t be sent with requests initiated by third-party websites.
- Super – While they are conflated with Zombie aka Ever cookies, they are a bit different as they are set with an origin of a top-level domain (e.g., .com) or a public suffix (e.g., .gov.uk, .co.uk, .edu, etc.). For instance, if measureschool.com sets a supercookie, that cookie would be visible to any other ‘.com’ website. But due to privacy concerns, general dislike against them, and being blocked by most browsers today, they are not much in use anymore.
- Zombie – As the name suggests, if you delete them they come back to life making it hard to get rid of them. This is because they are stored in multiple locations, such as local storage, HTML5, and Flash storage. Again, it’s pretty clear that they are not privacy-friendly and can come back to life from another location if one is deleted from a specific location. However, like Super cookies, they are also not popular, and with growing privacy laws, user awareness, and modern browsers they are not very common.
How to do Retargeting without Cookies?
Let’s look into ways how we can do retargeting without third-party cookies.
1. Personalization with First-Party Data
As we learned above, first-party data is stored and owned by you (the website/owner). This data can be leveraged to do personalization which in turn can tempt the users into thinking ‘This website gets me!’ in the simplest terms.
Nobody hates personalization because they get to view/experience things they generally prefer.
If you show the colors, sizes, or types of products (or content) they generally browse, then they are more likely to revisit your site as well as have the option to choose from products that fall into their ‘prefer-it’ radar.
In fact, in a privacy-conscious world, your first-party data is where you start from for the most part. So leveraging it needs to be part of your strategy!
2. Use First-Party Data to Know Your Customers
This is somewhat connected to the first point where we use the first-party data collected through first-party cookies for personalization.
But the same data can also be used to analyze their buying or browsing patterns, their choices (add to cart or wishlist), and so on.
This can be used for personalized ads (not just general personalization). You can also use it to do email campaigns to bring back visitors who haven’t bought anything as well as existing customers.
3. Contextual Advertising
Simply put, matching the page content with the ad’s content. Essentially, you’re going where your users are and being more ‘relevant.’
While it doesn’t target users who specifically visit your website, it still does a decent job of matching the users who browse the type of products/content that your website sells/publishes.
For instance, if you sell sporting goods and users are consuming related content, then that’s where your contextual advertising kicks in. These users will have more chances of converting than you advertising to someone browsing jewelry pages.
The key here is to be quite ‘relevant.’
4. Advertising Platforms and Server-side Tagging
Also referred to as ‘walled gardens’ – advertising platforms track their logged-in users in a first-party context, so they have a lot of data on their likes and dislikes.
This means you don’t need third-party cookies. You can target them with relevant ads and make it even more interesting if you use server-side tagging to send the data directly to the platform.
For instance, Meta Conversions API can receive the data directly about actions like viewing a product or adding to the cart, but not completing a purchase without using any third-party cookies.
This allows for better retargeting as the platform knows what actions a user has been performing on the site.
The likes of Microsoft, Snapchat, Pinterest, etc. are already offering similar solutions while more platforms will be offering it as we go deeper into the cookie-less tunnel.
5. Predictive Modeling
You can leverage your first-party data to use predictive modeling to predict user behavior based on the patterns seen in the data.
The data can also target similar audiences on the platforms and expand your reach.
6. Cohort Based Targeting
Newer technologies like Google’s Privacy Sandbox (FLoC, Topics, etc.), TURTLEDOVE, and Unified ID 2.0 (UID2) help to remarket while maintaining individual user privacy.
The technologies focus on aggregated data, i.e., large groups of users with similar interests vs identifying users by hashing any personal data like emails. This removes the need for third-party cookies.
While these strategies can be quite helpful in circumventing privacy issues around third-party cookies, they are not without limitations.
Limitations of Cookieless Retargeting
While retargeting without cookies is helpful in a privacy-centric world, it comes with significant challenges, including reduced precision, higher costs, and limited scalability, especially for smaller businesses. How?
- Contextual advertising can backfire – If your products/services are displayed on a controversial website or content type, then it can affect your brand’s reputation and do some damage. If a user has already purchased what you’re selling and they are only interested in learning more about it, then your ads could become irrelevant and even annoying to them.
- Targeting can be ineffective – Without cookies user-data, granularity will be reduced making targeting less personalized. This can make it difficult to show highly relevant ads and retargeting campaigns will have to rely on broader audiences which can be less effective.
- Limited alternate identifiers – Dependency on first-party data requires explicit user consent, even more so if it’s an email address, phone number, and other such data. On the other hand, techniques like device fingerprinting are being increasingly regulated, falling out of favor, and not being very reliable.
- Increased costs for small businesses – Cookieless solutions like contextual advertising, server-side tagging, and collecting first-party data require investment in technologies like machine learning, server-side tracking, and consent management and collection of quality first-party data. This can make it difficult for small businesses to adopt them easily.
- No clear direction – Technologies like Google’s Privacy Sandbox, Unified 2.0, TURTLEDOVE, etc. have their solutions working in the background. If more such solutions are thrown into the mix, it will cause more fragmentation and confusion. This makes it difficult to choose one of them and will also make it difficult to run consistent retargeting campaigns.
- Shorter data retention periods – Cookieless solutions often rely on shorter data retention periods which can make it difficult to understand user behavior or patterns as you need long-term data to determine any pattern.
- Increased reliance on platforms – While platforms like Meta, Google Ads, Amazon, Microsoft, etc. have a lot of first-party data allowing for various cookieless strategies, they also maintain tight control over it. This can reduce independence and increase costs as the platforms can change their policies and prices whenever they like.
- Challenging to find the real ROI – In the absence of cookies, it becomes quite hard to attribute conversions to any specific retargeting campaigns, making it difficult for digital marketers to understand the true ROI of their efforts.
- Ever-evolving legal landscape – Privacy laws like GDPR, CCPA, etc. continue to evolve, potentially restricting newer tracking methods or throwing you off track when you’ve already invested in adapting newer technologies.
We hope these limitations will help you understand the challenges that come with cookieless tracking, but perhaps it’s still better than not retargeting at all.
You also understand other ways of understanding user behavior while respecting their privacy. But there are some other alternatives to retargeting.
Other Alternatives to Retargeting
If you’re not keen on retargeting, you could focus on other strategies to help you get people to your website and turn them into customers.
Some of them we already discussed in cookieless retargeting, e.g., Contextual Advertising but we’re going to explore some others below:
- Using lookalike/similar audiences – Advertising platforms like Meta, Google, etc. have machine learning technologies to identify users who would behave or resemble your existing user base. This can help you reach new users while being privacy compliant, although you’d still be dependent on the platform or its algorithm.
- Interest-based targeting – Targeting customers based on some generic traits like their interests, demographics, and other general behavior vs specific past actions can help to target users that you want to convert. But you’ll be casting quite a wide net, so your campaigns might not be very effective.
- Retarget based on engagement – If people are interacting with your social media profiles, subscribing to newsletters, or responding to email campaigns and/or your mobile app, you can use that data to create your marketing campaigns. This means you’re limited to people who have engaged in some way, so there’s a higher chance of converting them. However, at the same time, you’ll need a strategy to continuously grow your audience.
- Inbound/content marketing – Creating valuable content will attract and nurture potential customers whether it is free resources, informative blog posts/videos, or other SEO strategies. However, this can be long-term and take more time before it generates any results. While you won’t be spending on ads, you’d still have to spend on resources to create quality content.
- Build community – Having a Facebook group or any other type of community around your brand where your existing and potential customers can ask questions and interact is another good way to build trust and keep bringing them back to your website. For instance, letting them know of any exclusive offers for them only. It might be challenging if you’re a new business that is just starting out or perhaps your product/service doesn’t need a group on its own. In this case, you can join groups and forums where people talk about the category of your products or your competitors,’ e.g., skiing gear enthusiasts.
Summary
We started by learning about retargeting with cookies and why/how it can help us increase conversions by showing people what they like or what is relevant to them.
We then moved on to different types of cookies – from first-party to super cookies, when and how they can be used, as well as how some cookies are not ethical to use and difficult to kill, i.e., Zombie cookies.
This led us to explore how we can do retargeting without cookies using different strategies, but primarily focusing on collecting and using first-party data as well as leveraging predictive modeling, and cohort-based targeting, among other things.
However, the alternatives are not without issues. So, we looked at the limitations of these strategies and how they can be problematic yet perhaps not as bad as no retargeting at all.
Lastly, we landed on some ‘other’ alternatives to retargeting where cookies are not involved and we can still try to get users to our website each requiring investment.
The important thing is to ensure we are aware of the privacy implications of any strategy we are using and if the user data we have is all consented to.
If you’re interested in learning more about cookieless tracking with GA4, check out our post on Demystifying Google Analytics 4 Cookieless Tracking.
Have you tried retargeting without cookies? What strategies have worked well for you? Let us know in the comments below!
