Is Cookie Rejection Ruining Analytics Data?
Editor’s Note: We welcome guest contributor Teague Dugan. He is a web analytics consultant with Semphonic, a digital measurement and analysis firm. Dugan’s analytics expertise includes implementation, reporting and analysis — using Omniture and Google Analytics.
The ability of web users to opt out of being tracked threatens analytics data. This is what happens when a user’s browser rejects cookies that are set by an analytics vendor, such as Omniture and Google Analytics. The entire discipline of web analytics is premised on cookies working.
But to what extent are cookies set by analytics vendors rejected? I decided to delve into my own company’s extensive client list to come up with an answer that’s based on hard data.
There is an important distinction regarding cookie acceptance and web analytics. “Rejection” occurs when a browser simply will not accept the vendor’s cookie. “Deletion” occurs when users manually clear cookies from their browsers. This article deals only with rejection, partly because it is a more serious problem, and partly because we have better data on rejection.
First, however, understand the difference between “first party” vs. “third party” cookies. It is a critical difference, as rejection rates among third party cookies are typically much higher. First party cookies are issued by the domain that the user is browsing. Third party cookies are issued by any domain other than the one currently being browsed — they are typically set by advertisers, marketers, and other companies. Certain analytics tools (notably Google Analytics) only use first party cookies. But other solutions — such as Omniture — may use first or third party cookies.
Analytics solutions rely on cookies for things like identifying unique visitors, session data, pathing between pages, and tying site success to an action or marketing campaign that preceded it. Cookie rejection prevents this functionality. For that reason, rejection is much worse than deletion.
For this analysis, I selected six clients — with their approval. Three of these clients issued first party cookies and three issued third party. I looked at cookie rejection rates for each in October 2012, and then compared that to rejection rates in October 2010. All clients use the same web analytics vendor, Omniture, which measures cookie rejection by simply determining if it can set a cookie on the user’s browser.
Rejection Rates: First Party Cookies vs. Third Party
Businesses with first party cookies (clients 1 through 3) had rejection rates between 0.5 percent and 4.5 percent. This is quite low and in keeping with what I’d expect, as many websites — notably ecommerce sites — require first party cookies to function. Businesses with third party cookies (clients 4 through 6) had rejection rates between 12.5 percent and 17.5 percent.
The most interesting finding was the growth in the rejection rate among businesses with third party cookies. The cookie rejection rate for client 4 increased from 11.4 percent to 17.2 percent from October 2010 to October 2012. The rejection rate for client 5 increased from 8.3 percent to 12.9 percent. Client 6′s rejection rate increased from 9.3 percent to 16.4 percent.
Of the clients using first party cookies, only client 2 saw a significant increase in cookie rejection rate — from 1.1 percent in 2010 to 4.3 percent in 2012. I wouldn’t expect first party cookie acceptance to change substantially, and the most plausible explanation for this change is growth in traffic to non-primary domains, as any web content that is not on the primary domain or a subdomain of the client’s main website will treat the first party cookie as a third party.
Mobile Devices Affect Cookies
The results are hardly surprising. Efforts toward greater consumer privacy have moved browser security increasingly toward third party cookie rejection. One force behind the growing divide in first party vs. third party cookie acceptance is the rise in mobile web usage. In particular, the Safari browser — the default browser for Macs and iPhones — is the only major browser to reject third party cookies by default. This has material implications for any website with substantial mobile traffic. As users become increasingly comfortable with browsing on mobile devices — smartphones and tablets — expect the gap between first party and third party cookie rejection to grow.
For example, one of our mobile-heavy third-party cookie clients saw a sharp drop in its conversion rate — orders per visit — starting in March 2012. The drop coincided with a spike in visits, which in turn was the result of a recent software upgrade to Omniture SiteCatalyst 15, which counts sessions — visits — for users it cannot cookie. SiteCatalyst 14, the previous version, does not include sessions it cannot cookie, and the software was responsible for both the spike in visits and in the drop the conversion rate
Perhaps an even scarier prospect, beyond mobile growth, for sites using third party cookies is the potential for one or several other browsers to follow Safari’s lead and reject third party cookies by default. This may be unlikely, but it would turn web analytics upside down.
Fortunately, third party cookie analytics users have a few resources to check rejection rates. While the available reports will vary by analytics vendor, look at mobile traffic as a portion of total traffic, mobile device usage (look for iOS/Apple devices), browser reports (take note of Safari) and most importantly, see if your analytics vendor has a report that breaks out cookie acceptance. For Omniture users, see the “Persistent Cookie” filter in the unique visitors reports.
Websites have relied on cookies for a long time. Neither cookies, nor the huge role they play in web data collection, are likely to go away anytime soon. However, my analysis indicates a vast and growing gap between first party and third party cookie acceptance.