This is what we think a marketing person needs to know about tracking.

We cover:

  • What are the different ways that an individual can be tracked
  • What is a Tracking Pixel?
  • Cookies (first and third party)


What are the different ways that an individual can be tracked across one or more websites?

  • Stateful Tracking – This type of tracking involves storing information on a user’s device – there are several ways of doing this. The most prevalent being the use of Cookies (see below for more information on Cookies).
  • Navigational Tracking – tracking using information attached to the URL such as UTM parameters.
  • Fingerprint or stateless Tracking – this is about using properties and configuration of the user’s browser and device (plus potentially location, IP address, CPU details and more) to create a potentially unique profile for that user.
  • Cross site Tracking – tracking across multiple first party websites.

more detailed information can be read on webkit (the browser engine owned by Apple that is used in their Safari web browser).

Google has a strict policy against utilizing fingerprinting for ads personalization, as it doesn’t allow reasonable user control and transparency.

How do you see information about visitors to your website?

Most websites use a web analytics tool to view information about visitors to their site. The tool uses a ‘pixel’ or ‘tag’ (see below) to send information to the web analytics tool.

Data about visits can then be viewed using the tool.

The most commonly used web analytics tool is Google Analytics, which is free (though there is a paid version that is very expensive).


What is a Tracking Pixel?

A ‘Tracking Pixel’ is a slightly misleading term as the tracking mechanism is actually a snippet of Javacript code. This piece of code is included on each page of your site and collects information from three sources:

  • the HTTP request to the server (the user contacting the server where your website is stored and asking to be sent the website page) – data collected includes: hostname, the browser type, referrer, and language
  • the user’s browser/system information such as Java and Flash support and screen resolution; and
  • first party cookies – data stored in cookies about the user session and any ad campaign information from the page request

All this information is then sent to the analytics server using a list of parameters attached to a single-pixel GIF image request (hence why it is called a tracking pixel – the pixel is used to send the data back to the analytics server).

The curtailed example of the list of parameters looks like this:

A request to send data to the Google Analytics server is called when:

  • A new page is requested
  • An event is triggered (such as a download of a PDF)
  • A purchase transaction occured (a separate request for each item in a purchase)
  • A user segment is triggered

Read more on Google’s Tracking Code Overview


A Cookie is a small text file that is stored on your browser when you visit a website.

Cookies are pieces of information while tags set cookies and send that information to say an analytics server.

Cookies can have different uses but broadly they identify you as a visitor to the site and allow settings, logins, shopping carts to be remembered as well as visitor analytics.

First Party Cookies vs Third Party Cookies

A first party cookie is owned by the website that stored the cookie. A third party cookie is owned by a different website to the one visited.

Third party cookies are now disallowed by leading browsers (Firefox, Safari, Chrome) and other privacy focused browsers. Third party cookies have been used to map users across websites to deliver retargeting ads and to build a profile of each person.

Data collected from first party cookies can be sent to third parties if the visitor provides consent. This is required for Facebook to collect conversion data for example.

Google Analytics (GA) tracking tag and Google Ads conversion tracking tag

If you are advertising with Google Ads then to get accurate information about a conversion you need to install the Google tag which can send data to Google for Google Ads, Google Analytics and other products.

Both these tags set first party cookies as the tag is installed on your web page.

You can install this tag via Google Tag Manager – this makes updates and managing cookies and tags much easier as you install the Google Tag Manager code on your site then manage cookies/tags via Google Tag Manager.

These tags set new cookies on your domain that will store a unique identifier for a user or the ad click that brought the user to your site. The unique identifier is called a clientID (unique to the user’s browser and device – if the user comes to your site on a different browser or device then a new clientID will be generated). The unique clientID is a combination of a randomly generated unassigned integer and a time stamp.

The Cookies capture information about pages you visit, events, purchases which is sent to the GA server using the pixel image request.

The cookies receive the ad click information from a GCLID parameter (Google click identifier – see below).


URL Parameters – UTM, gclid, fclid

The Google Analytics Tracking Code can use information contained in parameters captured in the URL of the link that the visitor clicked on to come to your site.

UTM Parameters

The most common type of Tracking Parameter is UTM – here is an example of a link with UTM parameters:


It consists of two parts: the ‘parameter’ (such as source or medium) and the value (such as google or organic).

Google Analytics (or whatever web analytics tool you use) will use this information to assign a source of google and a medium of organic against the visitor.

Note: values are case sensitive – we recommend always using lower case

Google Analytics has 5 standard traffic dimensions it reports on.

  • Source: This captures the origin the user came from. If a user comes directly to your site then that is captured as [none].
  • Medium: Think of this as the type of pipe the user came down to get to your site: was it from a link in an email, paid search ad, search engine result, affiliate link, display ad. Social ad etc.
  • Campaign: This can capture a value about the campaign associated with the link (the name or id of an email campaign or paid campaign.)
  • Content: This can capture information that helps you identify different ads or email links within a campaign.
  • Term: This can capture information about the keyword that triggered the ad (paid only.)

When you create campaigns in Google and Facebook you have the option of adding UTM Parameters – we strongly recommend this.

You can create other UTM Parameters to capture more information and configure Google Analytics to report on those parameters too.



Google Ads use an encrypted tracking parameter called gclid (short for google click identifier). It looks something like this:


gclid contains more information about the click than a standard set of UTM parameters, however it can only be decrypted by Google properties and only created by a Google property – so if you are using or think you might use a different web analytics tool in the future then make sure you also use UTM Parameters.



Facebook also has its own encrypted tracking parameter called fclid. This is decrypted by the Facebook Pixel on your website and information used in your Facebook reporting.

Google Analytics can not interpret fclid so you will need to use UTM parameters on Facebook ads if you want Google Analytics to track information about the visit.


What if a user blocks analytics cookies?

If a user blocks analytics Cookies this usually means that your Google Analytics tag will not fire and no record of that visit will be recorded in Google Analytics.

To try and mitigate the impact of this Google has launched consent mode for GA4. This allows for ‘cookie-less’ firing of your Google global site tag which pings consent-state enabled privacy safe data about the visit. A consent-state enabled ping is fired for each new page load, event or conversion on the site.

The pings can include:

  • Functional information (such as headers added passively by the browser):
    • Timestamp
    • User agent (web only)
    • Referrer
  • Aggregate/non-identifying information:
    • An indication for whether or not the current page or a prior page in the user’s navigation on the site included ad-click information in the URL (e.g., GCLID / DCLID)
    • Boolean information about the consent state
    • Random number generated on each page load
    • Information about the consent platform used by the site owner (e.g. Developer ID)

GA4 can then use machine learning to model behaviour of anonymised consent-state enabled visits with behaviours of users it can track.


Setting up UTM Parameters in Facebook

>>>> Read how to set up UTM Parameters in Facebook

>>> Read our step-by-step guide to optimizing Google Ads


The interactive video below highlights some of the analyses we cover:


Please be really careful making changes to your Google Ads account

  • Google doesn’t always respond how you (or we) think it will. The way we think about Google Ads may not be the best set-up for your account.
  • Only change one thing at a time.
  • If possible, always use an experiment to test a change – particularly for significant changes such as moving bidding strategy to Maximize conversion value (Target ROAS).
  • Protect your financial downside by testing with limited spend in the experiment/change. Note that moving to a smart bidding strategy requires a learning phase where Google may not be efficient.
  • Be careful if adding/removing primary conversion actions – changing what Google is converting to can radically change what and who Google targets and how much it’s willing to spend.
  • Remember, all changes to your account are at your own risk. Mapflo shall not be liable for any damages; losses; lost revenue or lost profit.


Glossary of Terms

AOV = Average Order Value

CM1 = Contribution Margin 1 = revenue minus COGS (cost of goods sold) in an order.

CM2 = Contribution Margin 2 = margin on an order after all costs directly attributable to that order such as COGS, shipping, payment fees, customer service etc. (except for marketing).

CM3 = Contribution Margin 3 = CM2 less marketing spend. An ‘Estimated CM3’ value uses an assumed CM2 %.

CPA = Cost Per Action. In this report taken to mean cost per conversion or cost per order.

Keywords = words or phrases (assigned to an ad group) that match a user’s search term and trigger Google to bid to show an ad.

Lifetime CM3 = CM3 from all orders (or subscription payments) for a customer.

Profit = CM3 less all fixed overheads (such as salaries and office rent). Hence Optimising CM3 also optimises profit at the same cost base

ROAS = ‘Return On Ad Spend’ = conversion value divided by cost. A ROAS of 400% means you get four pounds of revenue back for every pound of ad spend.

Search term = the word or phrase that a user searches for on Google.