How to Track Website Visitors Without Cookies

Tracking website visitors without cookies is possible, accurate enough for almost every decision you need to make, and legally simpler than cookie-based tracking. Here is how it actually works in 2026.

By BYO Team Last updated May 16, 2026

The mechanism: server-side fingerprints

Instead of storing an identifier in the visitor browser, a cookieless analytics platform computes an identifier server-side from the visitor's IP address, user-agent string and a per-site secret salt. The result is a one-way hash that distinguishes visitors within a session window but cannot be reversed back to identify the person.

What you can still track

Pageviews per page. Unique sessions per day. Top referrers and traffic source category. Country (from IP geolocation). Browser, operating system, device, screen resolution, language. Time on page. Bounce rate. Custom events you define (button clicks, form submissions, video plays).

What you cannot do

Cross-device identity (same person on phone + laptop = two visitors). Multi-week attribution (the same person next month = a new visitor). Personalised funnels (no cookie means no persistent user state). Most advertising attribution beyond a 30-minute window.

Installation steps

1. Sign up for a cookieless analytics platform (BYOViral free plan works). 2. Register your domain. 3. Copy the one-line script tag (typically 500-700 bytes). 4. Paste it before </head> on every page (in WordPress, drop it in the theme header or use any "Insert Headers and Footers" plugin). 5. Verify the first real-time pageview within seconds.

When you still need cookie-based tracking

Ecommerce with multi-touch attribution back to Google Ads or Meta Ads — keep GA4 + the ad pixel. Long-term cohort analysis (e.g. "users who signed up in March vs April") — you need user identity, which needs cookies or login. Personalised content where the site adapts based on past visits — needs persistent client-side state.

Frequently asked questions

Will my numbers match Google Analytics exactly?

Usually they differ modestly. Cookieless tools filter bots more aggressively and count sessions without persistent identity, so absolute totals can vary site by site. Trends and rankings track closely.

Is it really legal to do this without a cookie banner?

Several European data-protection authorities (e.g. the CNIL) have indicated that fully aggregated, non-identifying measurement is treated differently from cookie-setting analytics. Rules vary by jurisdiction; always confirm specifics with your own legal counsel.

Can a cookieless platform see returning visitors?

Within a 30-minute session window — yes. Across longer windows there is no persistent identifier, so the same person revisiting next week counts as a new visit. This is intentional.

Try BYOViral free

Privacy-first analytics with no cookies, no consent banner, and a real free tier.

Create your free account →
Cookieless analytics Pageviews vs visitors Referral traffic Browser share Search engine share Global Stats Top sites