If you work in online advertising, then you’ve probably heard of cookie syncing. But what is it? How does it work? And why do AdTech and data companies use it?
In this post, we’ll take answer those very questions, and many more!
You can first start by watching our short video to get an overview of what cookie syncing is and how it works, and then read the rest of the post below to learn more.
The Humble Web Cookie
Few people realize that the Internet would be quite frustrating if it weren’t for cookies. Without them, we wouldn’t be able to add products to ecommerce shopping carts, we’d have to enter in our login details each time we accessed a website or application, and we’d have to change the default language of multilingual websites with every visit.
Cookies remember user preferences and information in order to deliver a better and more efficient experience.
But these little bits of data are also the lifeblood of online advertisers.
With mountains of user data brought on by more and more people accessing the Internet and the expansion of the online display-advertising ecosystem, the ability to target the right audience is an increasing challenge.
In order to combat this issue, a new process has been introduced – cookie syncing.
Cookie syncing is quite a complex process to explain right off the bat, so in order to fully understand the concept, we’ll start at the beginning and work our way up.
What Are Cookies?
Cookies are small text files that collect certain pieces of information about online users.
Each time a user visits a new website, cookies are created by the Internet browser and saved onto the user’s computer. When that user returns to the website, the cookies will help it to remember certain things, such as what content the user viewed and which pages they accessed.
Cookies are used to remember certain pieces of information and perform particular functions:
Website setup: Some cookies are used to remember personal preferences that users have set previously, e.g. in which language to display content, which currency, etc.
Sign in: When a user signs into a website, a unique session ID is stored in the cookie so that the website “knows” who (which user) is logged in. Also, depending on the website’s security settings and the user’s browser settings, sign-in could be automatic.
eCommerce: Cookies are used by eCommerce stores to remember which products users looked at, added to the shopping cart, and purchased.
Analytics: Cookies are used to store an anonymous identifier of the user that collects data about the user’s interaction with the website under one profile and session.
Advertising: Cookies are used to identify which advertisements the user has viewed and interacted with (e.g. click on).
Behavioral profiling: Cookies are also used to create anonymous profiles which track the behaviour of the user across websites that have implemented a third-party tracking code. The data collected from this code is used for advertising. Based on the data collected, advertisers choose the most suitable ads to display to the user (the ads that have the highest probability of being of interest).
While various cookies can perform a number of functions, there are also a couple of different types of cookies and each will perform different functions.
Different Types of Cookies
There is a common misconception that all cookies are bad and violate user privacy.
However, some types of cookies actually improve a website’s user experience, and while other types of cookies are used for tracking and data collection, they don’t contain highly personal information, such as a person’s name or emails address.
First-party cookies are created by the websites we visit directly. For example, if you visit techcrunch.com, the cookie will be created in the techcrunch.com domain, not in a third-party domain (e.g. appnexus.com).
These types of cookies help deliver a good user experience, as they remember specific pieces of information about the user and their behaviour (e.g. login details, products added to shopping carts, the preferred language, etc.). With first-party cookies, it is up to the website to decide what information to collect and store.
Third-party cookies, also referred to as tracking cookies, are collected not by the website, but by advertisers.
When a user visits a website, there can be a number of different third-party trackers collecting information, which can include data passed on from the publisher/website, such as the user’s interests, location, and age.
Third-party trackers can also track a user’s behavior, such as the content they view on that website and the things they click on (e.g. products and ads). The trackers create third-party cookies and use them to display adverts to the user when they visit different websites.
For example, if a user visits bestbuy.com and clicks on a product (e.g. a Samsung TV), third-party trackers will collect and analyze the information about that user and their activity on bestbuy.com. Then, if that user leaves bestbuy.com and accesses a different website, such as techcrunch.com, the user could be shown an advert for that exact same product, or something similar (e.g. another TV or another electrical product).
The way it works is that both bestbuy.com and techcrunch.com load a piece of code from an ad server (e.g. ad.doubleclick.net). When the user navigates to either website, the piece of code loaded from ad.doubleclick.net is from a different domain than the URL in the user’s browser, so the cookies set in ad.doubleclick.net are considered third-party cookies.
You can read more about the difference between first-party and third-party cookies in our previous post.
From Cookies to User IDs
While the number of functions a cookie can perform is vast, a cookie can only contain so much text, as they are restricted in size. In order to address this issue, some cookies now only contain a unique ID.
By storing a cookie with a unique ID on the user’s computer, advertisers and other companies can then store the rest of the information about the user on their own systems. This not only frees up the cookie’s space, but also allows advertisers to collect and analyze more information about the user.
The Problem AdTech Companies and Advertisers Face With Cookies
The big limitation of cookies is that they can only be read on the domain that created them. This means that AdTech companies can’t read cookies created by other AdTech platforms or by the website itself, essentially limiting their effectiveness for advertising purposes on other websites.
In order to share user data, AdTech platforms perform a process known as cookie syncing.
What Is Cookie Syncing?
For advertisers, this restricts the potential amount of information they can collect about a user.
Therefore, in order to accurately target an audience, advertisers need to incorporate user data from various domains and sources, which happens as part of data-buying agreements and partnerships between different companies.
Advertisers are able to achieve this by mapping user IDs from one system to another.
An example of this would be mapping a user’s ID from a demand-side platform (DSP) to a data management platform (DMP). This process is known as cookie syncing.
The cookie-syncing process is used by most advertising technology (AdTech) platforms, including ad networks, demand-side platforms (DSPs), data-management platforms (DMPs), ad exchanges, supply-side platforms (SSPs), and various other platforms and data providers.
The results of the cookie-syncing process benefit those mentioned above, as they are able to exchange user data across different platforms, and therefore, better target audiences with online advertisements.
How Does Cookie Syncing Work?
Cookie syncing works when two different advertising systems (aka platforms) map each other’s unique IDs and subsequently share information that they have both gathered about the same user.
But how do they collect information about users in the first place?
Well, it all starts with the browser.
Each time a user visits a website that contains ads (or third-party tracking tags), the browser sends an ad request to an advertising technology platform (e.g. a DSP). The DSP then creates a unique user ID, if one doesn’t exist already, and stores that ID in a cookie.
It’s important to note here that it is a third-party cookie because the ad request is made to an AdTech platform’s domain, not the domain of the website the user is visiting.
Within this ad request, the DSP also calls a pixel URL supplied by a different advertising technology platform (e.g. a DMP). The DSP includes its user ID, which it created for that user, as a parameter in the pixel URL call.
The DMP’s server reads the user ID created by the DSP from the parameter in the URL, and reads the cookie in its own domain to see if it already has an ID for this particular user. If one doesn’t exist, then it creates a user ID of its own.
Then, it stores the information about its own ID and the DSP’s ID in a cookie-matching table. The DMP can pass its own identifier back to the ad exchange so that the sync is bidirectional. It does this by doing a pixel redirect back to the ad exchange and passes its own ID as a parameter.
In this situation, the cookie-matching table for both the DSP and DMP would look like this:
|Internal ID (profile ID)||DMP ID||DSP ID|
So now, both the DSP and the DMP have each other’s IDs for that particular user.
This ID-creation process happens for almost every ad, and the cookie-syncing process occurs across many different advertising technology platforms.
Here’s a step-by-step overview of how it works:
- A user visits a website that contains an ad.
- The DSP receives the ad request.
- The DSP sends back the request and creates a third-party cookie.
- The ad exchange redirects (http redirect) the ad request to the pixel URL on the DMP’s side, passing the user ID in the URL parameter. The DMP reads its own cookie, or creates a new cookie, and then saves the user ID passed from the DSP along with its own user ID in the cookie-matching table.
- If the sync is bidirectional, the DMP makes the redirect back to the DSP, passing its own ID in the URL parameter. The DSP receives this request, reads its own cookie, and stores the DMP ID along with its own ID in the cookie-matching table.
- Now, both the DSP and DMP have each other’s’ user IDs in each other’s databases.
To learn more about the technical side of cookie syncing, read our post on the Amazon Web Services (AWS) technical blog where we explain how to use Lambda@Edge for cookie syncing
How Is User Data Shared Between AdTech Platforms?
The actual matching of cookies is only one part of the cookie-syncing process. The next phase involves sharing the user data.
Once the cookie IDs have been synced between two AdTech platforms, they can now share or request data contained in the cookies by referencing each other’s user IDs.
This process is typically done via a server-to-server integration with the data being transferred in large batch files. Although the actual cookie-matching part happens in real time, sharing the data between platforms happens at a specified time, e.g. once a day.
It’s important to note that cookie syncing is only performed in web browsers, whether that be desktop or mobile web browsers, across all types of online advertising, including display, native, and video ads.
The reason for this is because unlike native mobile apps that use the device’s Advertising ID (IDFA & AAID) as a way to identify users, web browsers don’t emit a consistent user identifier and cookies from one domain (e.g. adnxs.com) can’t be accessed by a platform operating under a different domain (ad.doubleclick.net), so the only way to identify a user across different websites is by collecting and syncing their cookie ID.
What Are the Typical Cookie-Match Rates?
Cookie-matching rates — i.e. the percentage of cookies IDs that are able to be synced between 2 different platforms — various greatly among AdTech and MarTech platform.
Typically, anything below 40% is considered a poor match rate, with 60% of above considered a decent cookie-match rate.
So why the big discrepancy?
Well, there can be a number of reasons that determine the success of cookie syncing and subsequent cookie-match rate, including:
Cookie churn: Refers to the amount of cookies that are lost due to certain user behaviors, such as deleting cookies on a regular basis, blocking third-party tags from firing on websites (e.g. via ad-blocking software), and browsing the web in private or incognito mode.
Location: If your US-based DSP syncs with a European-based DMP, then you’ll likely find that the cookie pool from the DMP doesn’t contain enough of your audience, leading to a low cookie-match rate.
Cookie syncing is an important part of the online advertising ecosystem due to its ability to transfer data from one platform to another. However, it faces a number of challenges, including the ever-growing rise of ad-blocking software (from plugins to browser privacy settings like Webkit’s Intelligent Tracking Prevention) and of course the EU’s General Data Protection Regulations (GDPR), which requires companies to obtain consent from EU/EEA citizens and residents before they can share data with one another.