What is Cookie Syncing and How Does it Work?

AdTech Processes

What is Cookie Syncing and How Does it Work?

Few people realize that the Internet would be quite frustrating if it weren’t for cookies. Without them, we wouldn’t be able to add products to ecommerce shopping carts, we’d have to enter in our login details each time we accessed a website or application, and we’d have to change the default language of multilingual websites with every visit.

Cookies remember user preferences and information in order to deliver a better and more efficient experience.

But these little bits of data are also the lifeblood of online advertisers.

Advertisers use cookies to collect anonymous information about a website’s visitors. They then use this information to create profiles containing specific details about a user and to display relevant ads.

With mountains of user data brought on by more and more people accessing the Internet and the expansion of the online display-advertising ecosystem, the ability to target the right audience is an increasing challenge.

In order to combat this issue, a new process has been introduced – cookie syncing.

Cookie syncing is quite a complex process to explain right off the bat, so in order to fully understand the concept, we’ll start at the beginning and work our way up.

Ask us anything about cookie syncing

Send us your questions

What Are Cookies?

Cookies are small text files that collect certain pieces of information about online users.

Each time a user visits a new website, cookies are created by the Internet browser and saved onto the user’s computer. When that user returns to the website, the cookies will help it to remember certain things, such as what content the user viewed and which pages they accessed.

Cookies are used to remember certain pieces of information and perform particular functions:

Website setup: Some cookies are used to remember personal preferences that users have set previously, e.g. in which language to display content, which currency, etc.

Sign in: When a user signs into a website, a unique session ID is stored in the cookie so that the website “knows” who (which user) is logged in. Also, depending on the website’s security settings and the user’s browser settings, sign-in could be automatic.

eCommerce: Cookies are used by eCommerce stores to remember which products users looked at, added to the shopping cart, and purchased.

Analytics: Cookies are used to store an anonymous identifier of the user that collects data about the user’s interaction with the website under one profile and session.

Advertising: Cookies are used to identify which advertisements the user has viewed and interacted with (e.g. click on).

Behavioral profiling: Cookies are also used to create anonymous profiles which track the behaviour of the user across websites that have implemented a third-party tracking code. The data collected from this code is used for advertising. Based on the data collected, advertisers choose the most suitable ads to display to the user (the ads that have the highest probability of being of interest).

While various cookies can perform a number of functions, there are also a couple of different types of cookies and each will perform different functions.

Different Types of Cookies

There is a common misconception that all cookies are bad and violate user privacy.

However, some types of cookies actually improve a website’s user experience, and while other types of cookies are used for tracking and data collection, they only collect anonymous data – nothing that can be used to directly identify a particular user.

First-Party Cookies

First-party cookies are created by the websites we visit directly. For example, if you visit techcrunch.com, the cookie will be created in the techcrunch.com domain, not in a third-party domain (e.g. appnexus.com).

first party cookies
First-party cookies are created by websites within their domains.

These types of cookies help deliver a good user experience, as they remember specific pieces of information about the user and their behaviour (e.g. login details, products added to shopping carts, the preferred language, etc.). With first-party cookies, it is up to the website to decide what information to collect and store.

The big limitation of first-party cookies is that they can only be read on the domain of the website/publisher. This means they essentially become useless for advertising purposes on other websites, as the ad server serving an ad cannot read the information from cookies on other domains.

Third-Party Cookies

Third-party cookies, also referred to as tracking cookies, are collected not by the website, but by advertisers.

When a user visits a website, there can be a number of different third-party trackers collecting information, which can include data passed on from the publisher/website, such as the user’s interests, location, and age.

Third-party trackers can also track a user’s behavior, such as the content they view on that website and the things they click on (e.g. products and ads). The trackers create third-party cookies and use them to display adverts to the user when they visit different websites.

Third party cookies
Third-party cookies are created by third-party trackers (e.g. advertisers and other advertising technology platforms).

For example, if a user visits bestbuy.com and clicks on a product (e.g. a Samsung TV), third-party trackers will collect and analyze the information about that user and their activity on bestbuy.com. Then, if that user leaves bestbuy.com and accesses a different website, such as techcrunch.com, the user could be shown an advert for that exact same product, or something similar (e.g. another TV or another electrical product).

The way it works is that both bestbuy.com and techcrunch.com load a piece of code from an ad server (e.g. ad.doubleclick.net). When the user navigates to either website, the piece of code loaded from ad.doubleclick.net is from a different domain than the URL in the user’s browser, so the cookies set in ad.doubleclick.net are considered third-party cookies.

From Cookies to User IDs

While the number of functions a cookie can perform is vast, a cookie can only contain so much text, as they are restricted in size. In order to address this issue, some cookies now only contain a unique ID.

By storing a cookie with a unique ID on the user’s computer, advertisers and other companies can then store the rest of the information about the user on their own systems. This not only frees up the cookie’s space, but also allows advertisers to collect and analyze more information about the user.

However, the most significant benefit of creating a unique ID is that advertisers can use it for a process known as cookie syncing.

third party tracker sending user ID
Some cookies now just contain a User ID and the rest of the user’s information and data is sent to the advertiser’s database.

What Is Cookie Syncing?

As mentioned previously, cookies are domain specific, which means those created by one third-party tracker (e.g. lotame.com) cannot be read by another third-party tracker (e.g. appnexus.com).

For advertisers, this restricts the potential amount of information they can collect about a user.

Therefore, in order to accurately target an audience, advertisers need to incorporate user data from various domains and sources, which happens as part of data-buying agreements and partnerships between different companies.

Advertisers are able to achieve this by mapping user IDs from one system to another. An example of this would be mapping a user’s ID from a Demand-Side Platform (DSP) to a Data Management platform (DMP). This process is known as cookie syncing.

The cookie-syncing process is used by most advertising-technology platforms, including ad networks, demand-side platforms (DSPs), data-management platforms (DMPs), ad exchanges, supply-side platforms (SSPs), and various other platforms and data providers.

The results of the cookie-syncing process benefit those mentioned above, as they are able to exchange user data across different platforms, and therefore, better target audiences with online advertisements.

How Does Cookie Syncing Work?

Cookie syncing works when two different advertising systems (aka platforms) map each other’s unique IDs that they have both gathered about the same user.

In this situation, a cookie-matching table is created that maps the ID of one platform to IDs for the same user on other platforms. The result would look like this:

Internal ID (profile ID) Platform X’s ID Platform Y’s ID

The example above illustrates how different advertising platforms map and sync cookies, but how do they collect information about users in the first place?

Well, it all starts with the browser.

Each time a user visits a website that contains ads (or third-party tracking tags), the browser sends an ad request to a technology platform (e.g. an ad exchange). The ad exchange then creates a unique user ID, if one doesn’t exist already, and stores that ID in a cookie.

It’s important to note here that it is a third-party cookie because the ad request is made to an ad platform’s domain, not the domain of the website the user is visiting.

Within this ad request, the ad exchange also calls a pixel URL supplied by a different advertising system (e.g. a DMP). The ad exchange includes the user ID, which the ad network created for that user, as a parameter in the pixel URL call.

Cookies with a user ID
The third-party tracker (appnexus.com) fires a pixel and sends the user ID to the DMP (lotame.com).

The DMP’s server reads the user ID created by the ad exchange from the parameter in the URL, and reads the cookie in its own domain to see if it already has an ID for this particular user. If one doesn’t exist, then the server creates a user ID of its own.

Then, it stores the information about its own ID and the ad exchange’s ID in a cookie-matching table. The DMP can pass its own identifier back to the ad exchange so that the sync is bidirectional. It does this by doing a pixel redirect back to the ad exchange and passes its own ID as a parameter.

So now, both the ad exchange and the DMP have each other’s IDs for that particular user.

This ID-creation process happens for almost every ad, and the cookie-syncing process occurs across many different advertising-technology platforms.

Here’s a step-by-step overview of how it works:

  • A user visits a website that contains an ad.
  • The browser sends an ad request to an ad exchange.
  • The ad exchange sends back the request and creates a (third-party) cookie.
  • The ad exchange redirects (http redirect) the ad request to the pixel URL on the DMP’s side, passing the user ID in the URL parameter. The DMP reads its own cookie, or creates a new cookie, and then saves the user ID passed from the ad exchange along with its own user ID in the cookie-matching table.
  • If the sync is bidirectional, the DMP makes the redirect back to the ad exchange, passing its own ID in the URL parameter. The ad exchange receives this request, reads its own cookie, and stores the DMP ID along with its own ID in the cookie-matching table.
  • Now, both the ad exchange and DMP have each other’s’ user IDs in each other’s databases.

To learn more about the technical side of cookie syncing, read our post on the Amazon Web Services (AWS) technical blog where we explain how to use Lambda@Edge for cookie syncing

What Are the Typical Cookie-Match Rates?

Cookie-matching rates — i.e. the percentage of cookies IDs that are able to be synced between 2 different platforms — various greatly among AdTech and MarTech platform.

Typically, anything below 40% is considered a poor match rate, with 60% of above considered a decent cookie-match rate.

So why the big discrepancy?

Well, there can be a number of reasons that determine the success of cookie syncing and subsequent cookie-match rate, including:

Cookie churn: Refers to the amount of cookies that are lost due to certain user behaviors, such as deleting cookies on a regular basis, blocking third-party tags from firing on websites (e.g. via ad-blocking software), and browsing the web in private or incognito mode.

Location: If your US-based DSP syncs with a European-based DMP, then you’ll likely find that the cookie pool from the DMP doesn’t contain enough of your audience, leading to a low cookie-match rate.

Final Thoughts

Cookie syncing is an important part of the online advertising ecosystem due to its ability to transfer data from one platform to another. However, it faces a number of challenges, including the ever-growing rise of ad-blocking software (from plugins to browser privacy settings like Webkit’s Intelligent Tracking Prevention) and of course the EU’s General Data Protection Regulations (GDPR), which requires companies to obtain consent from EU/EEA citizens and residents before they can share data with one another.

Want to add cookie-syncing capabilities to your AdTech platform?

Discover why we are the leaders in AdTech development and how our full-service development teams can help you collect and exchange data with cookie syncing

Discover our cookie-syncing development services

Tagged under

FREE AdTech & MarTech Resources

Thousands of C-level executives, software engineers, marketers, and advertisers all learn about the inner workings of AdTech and MarTech with our bimonthly newsletter — and so can you! Subscribe today and get access to the latest and best articles, videos, and guides!