Marketing and Growth
Cookies and Their Application in Marketing: A Guide for Marketers and Brands
Mar 22, 2024
Sachin Tyagi
VP of Growth
What are cookies?
Cookies are small text files stored on a user's browser when they visit a website. These files store data related to the user’s action in the browser, including information about the user's browsing behavior, preferences, and login details. Cookies are commonly used by websites to enhance user experience (Remembering your username & password), remember user preferences (you searched for a flight on a website without signing in and later returned to find the website suggesting you continue your search journey), and track user behavior for various purposes, including advertising and marketing. I found this video to clarify cookie functioning. There are two main types of cookies:
Figure 1: First- and third-party cookies can be seen using developer tools in the browser.
First-party cookies: These cookies are set by the website that the user is currently visiting. They are used to remember user preferences and provide personalized experiences on the same website.
Third-party cookies: These cookies are set by domains other than the current one. They are mainly used by advertising networks or tracking companies to collect user data across different websites. This data is then used to target ads and personalize marketing campaigns.
It's important to note that cookies do not contain personally identifiable information (PII) such as names or addresses. They typically store anonymous identifiers and website-related information.
Cookies in more technical Terms
Here's a more technical explanation of cookies:
Cookie creation: When you visit a website, the server sends a response header to your browser, which includes a "Set-Cookie" attribute. This attribute contains the cookie's name, value, expiration time, domain, path, and other properties. The browser then stores this information in a cookie file on your device.
Cookie storage: Cookies are stored in a specific folder on your device's hard drive. The exact storage location depends on your operating system and the browser you're using.
Cookie format: Cookies are usually text files with a specific format. They consist of key-value pairs, where the key represents the name of the cookie, and the value is the actual data associated with it. For example, a cookie might have a key-value pair like "username=myname".
Different types of cookies: In addition to first-party and third-party cookies, there are also session cookies and persistent cookies. Session cookies are temporary and exist only until the browser is closed. Persistent cookies, on the other hand, have an expiration date and remain on the device even after the browser is closed.
Cookie properties:
Expiration: Each cookie has an expiration date/time set by the website. When the cookie expires, the browser automatically removes the cookie from the device.
Domain: The domain property specifies the website domain the cookie applies to. For example, a cookie set for ".example.com" would be accessible to all subdomains like "www.example.com" or "shop.example.com".
Path: This property determines which paths within a domain the cookie should be sent to. For instance, a cookie set for a specific path like "/shop" would only be sent when accessing URLs within that path, such as "example.com/shop/products".
Secure and HttpOnly: These properties can be set to enhance security. The "Secure" flag ensures the cookie is only sent over HTTPS connections. The "HttpOnly" flag restricts cookie access to HTTP requests, preventing access via client-side scripting languages like JavaScript.
SameSite: The SameSite property reduces the risk of cross-site request forgery (CSRF) attacks. It defines whether the cookie should be sent with cross-site requests, providing better control over how cookies are used by third-party sites.
It's important to note that cookies may work differently depending on the browser and specific website implementation, but the basic principles highlighted above remain the same.
What role do cookies play in digital marketing?
Let's walk through a step-by-step example of how cookies play a role in digital marketing:
Visiting a website: Let's say you visit an online clothing store to explore their collection.
Cookie placement: When you land on the website, the server sends a small file (a cookie) to your device and stores it in your web browser.
Tracking user behavior: As you navigate through the website, the cookie collects information about your actions, such as which pages you visit, items you add to your cart, and any preferences you express (like your preferred color or size).
Personalized experience: The website uses the information stored in the cookie to provide a customized experience. For example, it may suggest related products that match your browsing history or display personalized offers and discounts.
Retargeting: If you leave the website without making a purchase, the cookie allows the website to remember your visit. Later, when browsing other websites or social media platforms, you may start to see ads from the clothing store reminding you of the products you viewed or showing you similar items. This is known as retargeting and it's possible because of third-party cookies.
Measurement and analytics: Cookies also play a vital role in tracking marketing campaign performance. They help advertisers measure the effectiveness of their ads, understand user behavior patterns, and make data-driven decisions to optimize their campaigns.
Ex. FBP and FBC cookies store the browser id and click id of a user visiting a website where Meta pixel is integrated. Meta pixel information is stored in these cookies with conversion events to meta for conversion attribution and remarketing campaigns.
Do cookies work on mobile applications?
Yes, cookies can also work on mobile applications, but they function slightly differently from web browser cookies. Here's how cookies work in mobile applications:
App-specific cookies: Mobile applications can set and use cookies within their app environment. These cookies are stored locally on the user's device and are accessible only by the specific mobile app that created them. These cookies store user preferences, session data, or other information related to the app's functionality.
Mobile advertising identifiers: In the context of mobile advertising, there are identifiers such as the Apple Identifier for Advertisers (IDFA) on iOS devices and the Google Advertising ID (GAID) on Android devices. These are unique identifiers assigned to each device and are used by advertising networks to track user activity and deliver targeted ads. Although they are not exactly cookies, they serve similar purposes in the mobile advertising ecosystem.
Cross-application tracking: While cookies can track user behavior across multiple websites in a web browser, cross-application tracking in mobile apps typically relies on other mechanisms. Advertising networks, for example, may use device identifiers, SDKs (Software Development Kits), or custom tracking methods within apps to collect and share data across multiple apps.
It's important to note that mobile applications have their own unique ways of tracking and storing user data, and they may use a combination of techniques beyond cookies.
What is retargeting and how is it achieved?
Retargeting, also known as remarketing, is a digital marketing technique that utilizes cookies, particularly third-party cookies, to display targeted advertisements to users who have already interacted with a website. Here's a more detailed explanation of how retargeting with cookies works:
Initial website visit: Let's say you visit an online clothing store and browse their collection. When you land on the website, a first-party cookie is created and stored in your browser.
Cookie tracking: As you interact with the website, the first-party cookie remembers the pages you visited, items you viewed, and any other specific actions you took, such as adding items to your shopping cart. This information is stored within the cookie.
Cookie syncing: The website may work with advertising networks or third-party vendors (Meta, Google, Criteo, etc.) that specialize in retargeting. For these networks to serve retargeted ads, they need to connect to the first-party cookie on the clothing store's website. This process is known as cookie syncing. It allows the advertising network to associate the user's browsing behavior on the clothing store's website with a unique identifier or profile managed by the network.
Ad placement: After leaving the website, as you browse other websites or social media platforms that have partnered with the same advertising network or vendor, the network recognizes the unique identifier associated with your cookie. It can then display targeted ads related to the clothing store's products or showcase similar items based on your previous browsing behavior.
Conversion tracking: Retargeting can also be used to measure conversions. For example, you click on a retargeted ad and purchase something on the clothing store's website. The retargeting vendor can track this conversion event using conversion pixels or other tracking mechanisms. This information helps the advertiser measure the effectiveness of their retargeting campaigns and optimize their advertising strategies.
The effectiveness of retargeting campaigns heavily relies on the availability of third-party cookies. As privacy concerns related to third-party cookies emerge, web browsers and governing bodies are implementing measures to restrict or phase out these cookies. This has led to an exploration of alternative solutions such as first-party cookies, contextual targeting, and individual user consent frameworks for personalized advertising.
More on cookie syncing role of 3rd party cookies
Cookie syncing is the process of establishing a connection between a first-party cookie stored on a website visitor's browser and a third-party cookie stored by an advertising network or vendor. This connection allows these third-party entities to associate a user's behavior on the website with their unique identifier or profile, enabling targeted advertising. Here's a breakdown of how cookie syncing works and the role of third-party cookies:
Website interaction: A first-party cookie is created and stored in the visitor's browser when visiting a website. This cookie contains information about the user's activity and preferences on that specific website.
Advertising network involvement: The website may have integrated with an advertising network or vendor to display ads to its visitors. These networks are typically responsible for serving targeted advertisements across various websites.
Syncing process: To enable retargeting, the advertising network needs to connect the user's first-party cookie data with their identifier or profile. This is where cookie syncing comes into play. The advertising network requests permission from the website to synchronize its third-party cookie with the first-party cookie.
Redirecting to a matching domain: Both the website and the third-party advertising network agree on redirecting the user's browser to a matching domain, controlled by the advertising network. This matching domain acts as a bridge between the website and the third-party domain, allowing the synchronization of cookies.
Matching IDs and data transfer: The matching domain receives the browser request and extracts the first-party cookie data from the request headers. Simultaneously, the advertising network's server sends its own third-party cookie to the matching domain. The matching domain can then compare the IDs or data in these cookies to establish a connection between the user's browser and the advertising network's identifier.
Synchronized identifier association: Once the connection is established, the advertising network can associate the user's browsing behavior on the website with their unique identifier or profile in their third-party cookie. This allows the network to track the user's actions and deliver personalized ads when they browse other websites integrated with the same advertising network.
It's important to note that third-party cookies are crucial in the cookie syncing process, as they are stored and accessed by an entity external to the website or the user. However, due to evolving privacy concerns and user demand for more control over their data, there has been a shift towards limiting or phasing out third-party cookies. Many web browsers are implementing restrictions and exploring alternative solutions prioritizing user privacy while enabling targeted advertising.
How do third-party cookies get into the user's browser?
Third-party cookies are typically placed in a user's browser when they visit a website with integrated content or services from third-party domains. Here's a step-by-step breakdown of how third-party cookies can be added to a user's browser:
Website integration: A website owner may integrate content or services, such as advertisements, social media widgets, analytics tools, or other third-party scripts, into their website. These third-party elements are usually sourced from separate domains.
Requesting third-party content: When a user visits the website, their browser sends a request to the website's server for the main content. Along with this request, the browser also encounters references to third-party content.
Retrieving third-party content: To fulfill the request, the website server responds with the main content and includes additional references to the third-party content. The browser interprets these references and sends separate requests to the third-party domains to retrieve the associated content.
Third-party response: The third-party server receives the browser's request for its content and responds by sending the requested content, such as scripts, advertisements, tracking pixels, or other elements.
Cookie placement: As part of the response from the third-party server, a "Set-Cookie" header is often included. This header contains the necessary information to create a third-party cookie, such as the cookie's name, value, domain, expiration, and other properties. When the browser receives this header, it creates a third-party cookie and stores it in its cookie storage, associating it with the third-party domain.
Future interactions: From this point forward, whenever the user visits a website with integrated content from the same third-party domain, their browser automatically includes the associated third-party cookie in the requests made to that domain. This enables the third-party domain to track the user's activity across different websites, allowing for personalized advertising, analytics, or other services.
What is the difference between cookies and pixels? What role do pixels play in digital marketing?
In digital marketing, cookies, and pixels are used for tracking and collecting data, but they serve different purposes.
Cookies: A cookie is a small text file stored on a user's device when they visit a website. It enables the website to remember the user's preferences, login information, and browsing history. In digital marketing, first-party cookies (placed by the website being visited) and third-party cookies (placed by a domain other than the one being visited) are used to track users' activities across different websites, gathering valuable data for targeted advertising and personalized experiences.
Pixels: A pixel (a tracking pixel, web beacon, or tag. Ex. Meta Pixel, GTAG, etc.) is a small piece of JavaScript code embedded on a website or in an email. When a user accesses the website or opens an email, the pixel is triggered and sends information stored in the cookies back to the source server (ex. Meta Pixel sends it to Facebook servers). Pixels are commonly used to track conversions, measure campaign performance, and retarget users based on their interactions with ads or websites.
While both capture user data, pixels are mainly used for tracking specific actions or events (e.g., product purchases, form submissions) and gathering campaign-related insights, and cookies are used for broader user tracking and profiling.
How are pixels used to retarget users?
Retargeting, also known as remarketing, is a digital marketing strategy that targets ads to users who have previously interacted with a website or shown interest in a product or service. Pixels play a crucial role in enabling retargeting campaigns. Here’s how pixels are used to retarget users:
Pixel Placement: Marketers place retargeting pixels on specific pages of their website or in their email campaigns. These pixels are typically embedded within the website or in marketing emails.
Tracking User Interactions: When a user visits a webpage or opens an email containing the pixel, the pixel is triggered and sends information back to the ad platform or retargeting provider.
Building Retargeting Lists: The data collected by the retargeting pixel is used to create audiences or retargeting lists based on specific user interactions. For example, a list might consist of users who have added a product to their cart but did not complete the purchase.
Serving Targeted Ads: Once a retargeting list is created, marketers can serve targeted ads to these specific users across various platforms and ad networks. These ads are tailored to the user's previous interactions, such as displaying the products they viewed or reminding them to complete their purchases.
Optimization and Measurement: Marketers can monitor the performance of their retargeting campaigns, analyzing metrics like click-through rates, conversions, and return on ad spend. This data helps optimize the campaign and enhance its effectiveness.
Retargeting with pixels allows marketers to stay engaged with potential customers who have already shown interest in their products or services. It enables personalized advertising and helps increase brand recall, conversions, and overall campaign effectiveness.
How does Google use cookies in advertising?
Google uses cookies for:
Serving and rendering ads: NID cookie is used to display ads on Chrome for signed-out users; ANID, IDE, and ID cookies for displaying ads on non-Google sites.
Personalizing the ads: ANID, and IDE cookies are used for ad personalization.
Remembering the ad preferences of the user: ANID, and ID cookies are used to remember if a user has turned off ad personalization.
Identify signed-in (on any Google site) user on a non-Google site: DSID cookie.
Measure user activity and performance of ads:
_ga
(Google Analytics);gcl
cookies measure conversion for Google campaigns.
How does Meta use cookies in advertising?
Meta uses cookies for similar purposes to Google. Fbp
and fbc
cookies are used to identify anonymous users and track conversion events.
How has the deprecation of 3rd party cookies and other privacy initiatives impacted marketing on Google and Meta?
Initiatives such as ATT by Apple and privacy sandbox on Android by Google to a certain extent have impacted the accuracy of conversion tracking, the correct measurement of ad performance, and the right feedback to Meta and Google servers. This poor feedback has hindered the capacity of Google and Meta to display the ads to the intended audience, consequently, the ROI on ad-spends is declining. Brands need to fix this broken feedback loop and the only way to do it is to build first-party data infrastructure:
That can improve conversion tracking without compromising individual privacy.
That can cater to client-side and server-side conversion tracking and is thus immune to network issues, ad-blockers, etc.
Seamlessly integrates with ad engines (Meta, Google, email marketing tools, etc.).
Offers adequate customization options to align the data objectives with brand objectives.
Offer actionable intelligence to brands to maximize business goals.
Conclusion: Cookies including third-party cookies have played a critical role in the digital marketing ecosystem. However, with the advent of privacy issues, brands need to realign their strategies to maintain marketing effectiveness.
If you have any questions, or feedback, or want to discuss this topic, please write to me at sachin@attryb.com or Contact Us.
References:
https://policies.google.com/technologies/cookies?hl=en-US
https://www.support-people-susceptible-to-radicalisation.service.gov.uk/cookies
https://arxiv.org/pdf/2208.00710.pdf
PS: Generative AI has been used to create some of the content for this article.
Keep Reading
Load More