Skip to main content

Server-Side Cookieless Tracking

Server-side cookieless tracking enables privacy-first company-level analytics without relying on user identifiers or browser cookies. This approach is ideal for organizations that need to understand account-level engagement while maintaining strict privacy compliance.

What is Server-Side Cookieless Tracking?

Server-side cookieless tracking is a method for capturing company-level website interactions directly from your backend without:

  • Storing or transmitting individual user identifiers (userId)
  • Using anonymous identifiers (anonymousId) for tracking individuals
  • Relying on browser cookies or local storage

Instead, it leverages IP-to-Company lookup to attribute events to organizations, providing valuable B2B insights while respecting user privacy.

How It Works

  1. User visits your website - The browser sends a request to your server
  2. Server extracts the client IP - Your backend captures the visitor's IP address from the request
  3. Event sent to Dreamdata - The event is sent with the IP in the context object, without any user identifiers
  4. Company attribution - Dreamdata performs an IP-to-Company lookup to associate the event with an organization
  5. IP address deleted - The IP is securely deleted within 14 days and is not used for individual profiling

When to Use Server-Side Cookieless Tracking

This approach is ideal when:

  • Privacy regulations apply - You need to comply with GDPR, ePrivacy Directive, or similar regulations
  • Users haven't consented - Track company-level engagement before or without individual consent
  • B2B focus - You primarily care about which companies are engaging with your content, not individual users
  • Sensitive industries - Healthcare, finance, or government sectors with strict data handling requirements
  • Complementing client-side tracking - Use alongside consented tracking for complete coverage
  • Multi-domain setups - Company attribution via IP works across all your domains without any cross-domain configuration
Cross-Domain Tracking

Unlike identified tracking, cookieless tracking does not require cross-domain or cross-subdomain configuration. Since attribution is based on IP-to-company lookup rather than cookies or user identifiers, the same company will be attributed regardless of which domain the visitor is on.

If you need to track individual user journeys across domains, see the Cross-Domain Tracking documentation for identified tracking approaches.

Implementation

Basic Setup

Use the Node.js SDK with a static placeholder for anonymousId (required by the SDK) and pass the client's IP address in the context object:

import { Analytics } from "@segment/analytics-node";

const analytics = new Analytics({
  writeKey: "<YOUR_DREAMDATA_API_KEY>",
});

// Track without user identifiers - only company-level attribution
analytics.track({
  anonymousId: "cookieless", // Required field, use a static placeholder
  event: "Page Viewed",
  properties: {
    url: "/pricing",
    title: "Pricing - Acme Inc",
  },
  context: {
    ip: "203.0.113.42", // Client's IP for company lookup
  },
});
Important

The SDK requires either userId or anonymousId. For cookieless tracking, use a static placeholder value like "cookieless" or "anonymous" for the anonymousId field. This value will not be used for user identification.

Cookieless vs Identified Tracking

Use cookieless tracking (static anonymousId) when:

  • You only need company-level attribution
  • Users haven't consented to individual tracking
  • Privacy regulations restrict user identification

Use identified tracking (unique userId or anonymousId per user) when:

  • You need to track individual user journeys
  • You want to link anonymous and authenticated activity
  • Users have consented to personalized tracking

For identified server-side tracking, see the Generating Identifiers section in the Node.js SDK documentation.

Express.js Example

import express from "express";
import { Analytics } from "@segment/analytics-node";

const app = express();
const analytics = new Analytics({
  writeKey: "<YOUR_DREAMDATA_API_KEY>",
}).on("error", console.error);

// Helper to extract real client IP (handles proxies)
function getClientIp(req: express.Request): string {
  const forwarded = req.headers["x-forwarded-for"];
  if (typeof forwarded === "string") {
    return forwarded.split(",")[0].trim();
  }
  return req.ip || req.socket.remoteAddress || "";
}

// Cookieless page view tracking
app.get("*", (req, res, next) => {
  const clientIp = getClientIp(req);

  analytics.track({
    anonymousId: "cookieless",
    event: "Page Viewed",
    properties: {
      url: req.originalUrl,
      path: req.path,
      referrer: req.get("Referer"),
    },
    context: {
      ip: clientIp,
      userAgent: req.get("User-Agent"),
      page: {
        url: `${req.protocol}://${req.get("host")}${req.originalUrl}`,
        referrer: req.get("Referer"),
      },
    },
  });

  next();
});

app.listen(3000);

Next.js API Route Example

import { Analytics } from "@segment/analytics-node";
import type { NextApiRequest, NextApiResponse } from "next";

const analytics = new Analytics({
  writeKey: process.env.DREAMDATA_API_KEY!,
  flushAt: 1,
}).on("error", console.error);

function getClientIp(req: NextApiRequest): string {
  const forwarded = req.headers["x-forwarded-for"];
  if (typeof forwarded === "string") {
    return forwarded.split(",")[0].trim();
  }
  return req.socket.remoteAddress || "";
}

export default async function handler(
  req: NextApiRequest,
  res: NextApiResponse,
) {
  const clientIp = getClientIp(req);

  await new Promise<void>((resolve) =>
    analytics.track(
      {
        anonymousId: "cookieless",
        event: "Resource Downloaded",
        properties: {
          resourceName: req.body.resourceName,
          resourceType: "whitepaper",
        },
        context: {
          ip: clientIp,
          userAgent: req.headers["user-agent"],
        },
      },
      resolve,
    ),
  );

  res.status(200).json({ success: true });
}

Adding Campaign Data

You can still track marketing attribution without user identifiers by including UTM parameters in the context:

analytics.track({
  anonymousId: "cookieless",
  event: "Page Viewed",
  properties: {
    url: "/demo",
  },
  context: {
    ip: clientIp,
    campaign: {
      name: req.query.utm_campaign as string,
      source: req.query.utm_source as string,
      medium: req.query.utm_medium as string,
      term: req.query.utm_term as string,
      content: req.query.utm_content as string,
    },
  },
});

Comparison with Client-Side Cookieless Analytics

FeatureServer-Side CookielessClient-Side Cookieless
ImplementationBackend codeJavaScript SDK with anonymous: true
Ad blocker resistance✅ Not affected❌ Can be blocked
Setup complexityRequires backend developmentSimple script installation
Data enrichmentFull control server-sideLimited to browser data
IP handlingYou extract and send IPAutomatic
Real-time trackingDepends on implementationAutomatic on page load

For client-side cookieless tracking, see the Cookieless Account Analytics documentation.

Best Practices

1. Always Include IP Address

The IP address is essential for company attribution. Without it, events cannot be matched to organizations:

context: {
  ip: clientIp, // Required for company lookup
}

2. Handle Proxy and CDN Headers

When behind a load balancer, CDN, or reverse proxy, extract the real client IP:

function getClientIp(req: Request): string {
  // Check common proxy headers in order of preference
  const headers = [
    "cf-connecting-ip", // Cloudflare
    "x-real-ip", // Nginx
    "x-forwarded-for", // Standard proxy header
  ];

  for (const header of headers) {
    const value = req.headers[header];
    if (value) {
      return typeof value === "string" ? value.split(",")[0].trim() : value[0];
    }
  }

  return req.ip || "";
}

3. Include User Agent for Better Attribution

Adding the user agent helps with analytics and debugging:

context: {
  ip: clientIp,
  userAgent: req.get("User-Agent"),
}

4. Track Meaningful Events

Focus on high-value interactions that indicate company interest:

  • Page views (especially pricing, product pages)
  • Resource downloads (whitepapers, case studies)
  • Demo requests
  • Feature exploration

5. Combine with Consented Tracking

Use cookieless tracking as a baseline, then enhance with full tracking when users consent:

function trackEvent(req: Request, event: string, properties: object) {
  const hasConsent = req.cookies.consent === "true";
  const clientIp = getClientIp(req);

  if (hasConsent && req.cookies.userId) {
    // Full tracking with user identification
    analytics.track({
      userId: req.cookies.userId,
      event,
      properties,
      context: { ip: clientIp },
    });
  } else {
    // Cookieless company-level tracking
    analytics.track({
      anonymousId: "cookieless",
      event,
      properties,
      context: { ip: clientIp },
    });
  }
}

Impact on MTUs

Events tracked with cookieless server-side tracking follow the same MTU rules as client-side cookieless analytics:

  • ✅ Events matched to a company count toward your MTU usage
  • ❌ Events that cannot be associated with a company are discarded and do not count

This means you only pay for events that provide actionable company-level insights.

Privacy Considerations

Legal Notice

Dreamdata does not provide legal advice. Consult with your legal or privacy team to assess your compliance posture for your specific use case.

Server-side cookieless tracking is designed to support privacy-compliant analytics:

  • No persistent identifiers - No cookies, no user IDs stored
  • IP retention limited - IP addresses are deleted within 14 days
  • Company-level only - No individual user profiling
  • Consent-compatible - Can be used before consent is given for company-level analytics, or as a fallback when consent is declined

This approach aligns with how Consent Management Platforms (CMPs) use IP-based geolocation to determine regional compliance requirements.