Documentation menu

Cookieless Tracking

Wide Angle Analytics uses a cookieless tracker by default. Unless you opt in for cookie-based analytics or enable browser fingerprinting, the tracker on your website will implement the most privacy-friendly approach to visitor analytics.

This section describes the collection mechanism and data processed and stored in the default, cookieless, non-fingerprinting mode. If you change any of these settings, the scope of processed data and necessary disclosures might change.

How does Cookieless tracking work?

Privacy-First Request Based Tracking


Wide Angle Analytics uses a JavaScript tracker script on your website to send requests to the Analytics API. The request sent to the Analytics API is an HTTP request.

The nature of the HTTP protocol dictates that the receiving system, in this case, the Wide Angle Analytics service, will receive the following information:

  • Http-Referer header, indicating where the HTTP request originated from,
  • User-Agent header, indicating which type and version of browser sent the request,
  • Client Hints headers, as described in this section, and
  • IP Address of the device that sent the request.

This information is used to generate a session ID. This ID is additionally randomized with a daily salt value. This means that a visit from the same browser, from the same website, and from the same IP address will be unique only within the duration of a single day.

The salt is never persisted. It exists only in transient memory for no more than 24 hours.

On the next day, a new salt is generated, and all past data cannot be reversed or re-identified, even if all other request data is available again. This provides strong, non-reversible anonymization while simultaneously allowing for unique visitor counts within the scope of a single day.


SHA256 ( Current Site + IP Address + User Agent + Daily Salt ) = Session ID  

Besides the above, the HTTP request will contain a few other pieces of information plus the analytics data in the message body. This additional data is not used for identification. This data is used solely for statistical purposes and plays no part in temporary session ID generation.

It is also worth noting that a user's Session ID is not shared between different websites (not to be confused with pages). This means that if a user visits website and later navigates to, even if both sites use Wide Angle Analytics, these two sessions will be distinct. Wide Angle Analytics does not support, nor does it allow, tracking users across multiple websites.

You will find more details regarding obfuscation on a separate page.

Improving Cookieless tracking


If you have access to a Terminal Device, i.e., can read device and browser details on the device, you can further improve the reliability of unique visitor tracking. This, too, is a cookieless tracking method; however, it comes with certain compliance requirements. Please be aware that enabling this setting might necessitate collecting explicit visitor consent.

By enabling browser fingerprinting, you will activate so-called canvas fingerprinting. A special tracker script will generate a unique device signature using device settings. In this mode, the formula looks as follows:


SHA256 ( 
  Browser Fingerprint + 
  IP Address + 
  User Agent + 
  Screen details + 
  Daily Salt ) = Session ID  

This formula generates a more reliable session ID, but, as before, it is unique only within the scope of a single day. After no more than 24 hours, there is no possibility to reidentify the previously generated session IDs.

Using Explicit Identifier in Cookieless Mode


An extreme case of Cookieless tracking allows for the use of an explicit customer ID passed through the website script configuration. This ID is beyond the control of Wide Angle Analytics and is the sole responsibility of the website operator. The ID will undergo the same non-reversible obfuscation as described above.


SHA256 ( 
  Customer ID + 
  IP Address + 
  User Agent + 
  Screen details + 
  Daily Salt ) = Session ID  


Modes of Cookieless Tracking and Basis for Session ID Derivation:

Generation Type Default Terminal Device Access
for Identification
Request Generation ✅ YES ⛔ NO
Browser Fingerprinting ⛔ NO ✅ YES
Customer ID ⛔ NO ⛔ NO

Still need help? In that case please contact our support via, email or chat.