- Cookieless tracking measures anonymously and per session, without consent-requiring cookies and without transferring data to the US.
- As a result, in many cases the cookie banner disappears, which improves the first impression and your conversions.
- Google Analytics brought many site owners legal warnings; the cookieless route avoids this ongoing legal risk.
- Proven tools include Plausible, Matomo, Fathom, Umami and PostHog. My site runs statically and cookielessly with Plausible.
What is cookieless tracking? Simply explained
Cookieless tracking essentially means a website that measures its visitors’ behaviour without permanently storing personal data and without sending that data to third parties outside its own site. The term is not entirely accurate, because hardly any modern website works completely without cookies. What is meant is doing without exactly those cookies that require consent, namely the ones that track users across sites and devices.
The key difference from classic tracking with Google Analytics is where the data goes. With ordinary web analytics, your visitors’ IP address, browser, device and behaviour end up with a third party, often in the US. With cookieless tracking the measurement stays anonymous and per session, no recognisable user profile is created, and as little as possible leaves your own house. That is exactly why in many cases you no longer need a consent banner.
You still measure how many people visit your site, where they come from and which content works. You simply stop tracking individuals permanently and across devices. Less surveillance, the same insights for your decisions.
Why I run my website without cookies
When I rebuilt ctseo.de, one thing was clear to me early on: I want to move away from permanently tracking my visitors, and I don’t want that banner that pushes in front of the content on the first click. For me this is a matter of respect towards the visitor and of professionalism. Anyone running a site as an SEO and AI visibility specialist should be the best showcase for clean, fast and honest work.
The second reason is purely practical. I don’t need data on every single visitor at all. I want to know which channels work, which content gets read and where enquiries come from. I see all of that anonymously and GDPR-compliant, without a single consent-requiring cookie. What I give up I don’t need in practice, and what I gain is a faster, cleaner and legally calmer site.
Cookie types: what needs consent?
To understand why a website can work without a cookie banner, a quick look at the types of cookies helps. Broadly, there are two big groups. First-party cookies come from the website you are visiting. Third-party cookies come from external providers and send data to domains outside your site, classically for advertising and cross-device tracking. The first and obvious step towards cookieless is to banish all third-party cookies from your site.
With your own cookies it is worth taking a closer look. Technically necessary cookies, without which a site does not function, are harmless and need no consent. But as soon as a cookie collects user behaviour for statistics or stores things like login states beyond the session, it usually becomes consent-requiring. A simple rule of thumb is duration: what only applies to the current session is mostly uncritical. What stores user data beyond the visit triggers the consent requirement. It is exactly these persistent, tracking cookies that cookieless tracking avoids.
An example makes it tangible. A cookie that only remembers you opened a menu in this session is harmless and disappears when you close the browser. A cookie, on the other hand, that tags your visit with an identifier that recognises you next time and on other sites builds a user profile and requires consent. This boundary is exactly where it is decided whether your site needs a banner or not.
Does my website need a cookie banner?
The short, honest answer: it depends on what your site actually loads and stores. Under the applicable privacy rules you need consent as soon as you store or read information on the user’s device that is not strictly necessary. So if your site sets analytics or marketing cookies, a consent banner is mandatory. If you consistently do without exactly those things and also embed no tracking third-party services on page load, the most common reason for the banner disappears.
That is precisely the core of the cookieless approach. No consent-requiring cookies, no third-party tracking on load, so nothing you would need to obtain consent for. The visitor lands on the content immediately, and you still measure, just anonymously.
The fact that many operators now fear Google Analytics has a real background. After the European Court of Justice’s Schrems II ruling in 2020, the basis for straightforward US data transfers fell away. The data protection organisation noyb then filed around 101 complaints across Europe against sites using Google Analytics. From early 2022 the authorities in Austria, France, Italy and the Netherlands classified its use without a sound basis as impermissible. In Germany a veritable wave of warning letters followed: mass-sent letters demanded that site operators cease and pay damages, often around 100 euros and with the threat of legal action. On top came court rulings, for example from the Regional Court of Dresden with a threatened penalty of up to 250,000 euros, and from the Regional Court of Cologne, which prohibited Deutsche Telekom from using Analytics without sufficient consent. Anyone who measures cookielessly and without a third-country transfer simply has nothing that could be attacked this way.
Honest context so you have the full picture: since mid-2023, with the EU-US Data Privacy Framework and Google Analytics 4, things have eased somewhat, and with clean consent and a banner, Analytics is more defensible today than in 2022. But you still need the banner and the consent, the topic remains legally contested, and such adequacy decisions have already been struck down twice, first Safe Harbor, then Privacy Shield. The cookieless route simply avoids this ongoing risk entirely.
Important note: I am not a lawyer, and this section is not legal advice. Whether and in what form your site needs a banner depends on the individual case. For a binding assessment please consult a lawyer or your data protection officer. I take care of the clean technical implementation; the legal assessment stays with the specialists responsible for it.
The best tools for cookieless tracking
The good news: you don’t have to give up measurement, you just change the tool. There are now several mature Google Analytics alternatives that work cookielessly and in a privacy-friendly way. Here are the tools I recommend, with an honest assessment of their limits too.
Plausible is my favourite and also runs on ctseo.de. It measures anonymously and per session, sets no consent-requiring cookies, is lightweight and is hosted in the EU. For most small and mid-sized businesses the feature set is more than enough. If you want, you can even self-host Plausible as open source.
Matomo is the more powerful alternative, also configurable to be cookieless and optionally self-hosted, which gives full data ownership. It has more features than Plausible but is heavier to run. Fathom and Umami go in the same direction as Plausible, lean and privacy-friendly; Umami is open source and self-hostable. PostHog offers a cookieless mode and is interesting if, besides reach, you also need product and funnel analytics.
On the other side sit consent management tools like Cookiebot or Usercentrics. They are good solutions if you want to manage banners and consent cleanly, but they solve exactly the problem that the cookieless route avoids from the start. For campaign measurement I use UTM parameters instead of personal tracking, which Plausible and Matomo can read, plus server-side evaluation. That way I see which channel works without following the individual user.
| Tool | Cookieless | EU hosting | Self-hostable | Banner needed | Best for |
|---|---|---|---|---|---|
| Plausible | Yes | Yes | Yes | No | Small to mid-sized websites, service providers |
| Matomo | Yes | Yes | Yes | No | Full data ownership, more features |
| Fathom | Yes | Yes | No | No | Simple, fast reach measurement |
| Umami | Yes | Your choice | Yes | No | Tech-savvy users, open-source fans |
| PostHog | Yes | Yes | Yes | No | Product and funnel analytics |
| Google Analytics | No | No | No | Yes | Deep advertising and cross-site tracking (with consent) |
Note: "Banner needed" refers to the privacy-compliant standard setup; Matomo and PostHog must run in their cookieless mode for this. Details to the best of my knowledge, when in doubt check each provider’s current terms.
In the end the choice of tool matters less than a clean, complete implementation. A single forgotten third-party service, an embedded video or an external font can trigger the banner again. This is exactly where the real work lies, and exactly where a look from someone who knows what to watch for pays off.
How I built ctseo.de without a cookie banner
One point is especially important to me, because it is rarely implemented this consistently: my entire website is built completely statically in HTML and CSS. No cumbersome content management system, no database, no clutter of background scripts. That is the reason for the extremely fast loading times, and it makes the cookieless implementation much easier, because there is simply far less that could collect data in the background.
For measurement I use Plausible, cookieless and hosted in the EU. When my site is opened, my visitor’s browser contacts only my own server and this one lean analytics, nothing else. There is no Google on page load, no external fonts from foreign servers, no embedded tracking services. Even my contact form sends enquiries server-side, meaning the processing happens on the server and not via tracking scripts in the visitor’s browser. That keeps the site clean and free of consent-requiring cookies.
One detail that is often underestimated: I also load no fonts from external servers but serve them from my own domain. That way, when someone simply views my site, not a single piece of information leaves the house towards a third party. It is exactly this consistency in the details that makes the difference between a site that is only roughly data-thrifty and one that truly works without a banner.
The underrated bonus: speed, Google and AI visibility
Cookieless pays off in more than just data protection. Because I load no heavy tracking and consent scripts and serve the site statically, it is extremely fast. And speed is not a nice-to-have. Google treats loading time and Core Web Vitals as a ranking factor, fast sites keep visitors and win more enquiries. A cookie banner, by contrast, delays the first impression and blocks the view of the content.
Even more exciting is the effect on AI visibility. AI search systems like ChatGPT, Gemini and Perplexity and their crawlers read a lean, instantly available site without a consent hurdle flawlessly. A site that only loads behind a banner or behind heavy scripts makes it unnecessarily hard for machines. So building cookielessly and statically improves classic Google visibility and the chance of being cited in AI answers at the same time. Where your brand stands there today is shown by my free AI visibility check.
How fast and clean this feels in practice you can best see right on my own site:
ctseo.de scores 100 % on Google
Speed is not a nice-to-have. Google treats loading time and Core Web Vitals as a ranking factor, and fast sites keep visitors and win more enquiries. What I deliver for my clients you can see right on this page, measured officially with Google PageSpeed Insights. Even AI agents read and use this page flawlessly, a direct advantage for your visibility in AI systems.
Top scores in Google PageSpeed Insights. Values can vary slightly between measurements, feel free to check for yourself.
Why cookieless tracking almost always pays off
You might think cookieless is only for data protection idealists. The opposite is true, and the strongest reason is a very tangible one: conversion and trust. The banner itself actually costs you deals.
The banner is a hurdle right on arrival. Many visitors click it away in annoyance, bounce or refuse tracking. Without a banner the visitor lands on your content immediately, which improves the first impression and the bounce rate. Especially for an online shop, less friction between click and product often means directly more revenue, because every tenth of a second and every unnecessary click counts.
Without consent refusals you measure fully again. When a large share of your visitors object to tracking, exactly that data is missing in your Google Analytics. Your numbers become patchy, and decisions rest on a sample of those who agreed. Anonymous, cookieless measurement captures all visitors again; you see the real picture instead of an excerpt.
Especially for online shops there is more to it. If customers refuse tracking precisely during checkout, your numbers break off exactly where it counts, at the cart and the checkout, and you optimise blindly. Every additional tenth of a second of loading time measurably increases cart abandonment; a fast, banner-free site reduces it. And a fast, cleanly structured shop is also read and recommended better by AI shopping assistants, an advantage that is only just starting to matter.
Who it fits especially well: local service providers, freelancers, consultancies, B2B sites as well as content and lead sites where honest reach and channel measurement is entirely enough. For these cases the pure cookieless route is often ideal. When to weigh it up: sites that rely heavily on cross-platform advertising tracking or complex retargeting, such as shops with product-based remarketing. Here you still need consent for certain services depending on your goal, and we deliberately choose a suitable mix. Honest stays honest, so no one gets false expectations.
The most common pitfalls when switching
The path to a cookieless site rarely fails because of the analytics tool, but because of the many small services that quietly set their own cookies or build connections to foreign countries. This is exactly where the real work lies, and a single overlooked building block can force the banner again.
The typical traps are almost always the same. Embedded YouTube videos set cookies on load, and often only a click-to-load solution or a privacy-friendly provider helps. External fonts loaded directly from a foreign server transmit your visitors’ IP address. Embedded maps, chat widgets, review seals and social media feeds bring the same problem. Ready-made website builders and many WordPress plugins also load third-party services unasked, which you have to check one by one.
That is why, before every switch, I check with the browser’s developer tools exactly which domains are actually contacted on page load and which cookies are set. Only when that list is clean is the site truly cookieless. This detail work decides whether no banner is needed in the end or whether one sneaks back in, and it is the reason an experienced implementation pays off.
Conclusion
Cookieless tracking is long no longer a sacrifice but in many cases the smarter choice. You still measure everything you need for good decisions, but do without the annoying banner, without the ongoing legal risk around US data transfers, and without unnecessary friction that costs conversions. As a bonus, your site gets faster, which pleases Google and AI search systems alike.
On ctseo.de I live exactly that: built statically, lightning-fast, measured cookielessly and without a cookie banner, yet GDPR-compliant. The hard part is not the idea but the complete, legally calm and conversion-oriented implementation, without a forgotten third-party service tipping everything over again. That is exactly what I help you with.
Frequently asked questions
Hardly any modern website works entirely without cookies, which is why the term is a bit misleading. What is dispensable are exactly the consent-requiring cookies, the ones that track users permanently and across sites. Technically necessary cookies, for the basic function or the current session, may stay. So the goal is not absolute zero, but a site that sets no surveilling cookies and sends no user data to third parties.
Yes, and for shops especially, dropping the banner and the faster site pay directly into conversion. For simple reach and channel measurement the cookieless route is usually entirely enough. As soon as you need deep, product-based retargeting or cross-platform advertising tracking, there is no way around consent for certain services. In practice you then combine both sensibly, cookieless base measurement for everyone and consent only where it brings real value.
It varies strongly by audience, industry and banner design, but a noticeable share refuses or clicks it away in annoyance. Every one of these refusals is then missing as a data point in your statistics. It is especially frustrating because it is often exactly the privacy-conscious, high-value users who refuse, so you fail to measure an important part of your visitors. Anonymous, cookieless measurement captures them all again.
With clean consent, a correctly embedded banner, the data processing agreement with Google and the current configuration of Analytics 4, its use has become defensible for many sites. But you still carry the banner, the ongoing management of consents and a legally contested topic with you. Whether the effort is worth it or a switch to a cookieless solution is smarter for you, I am happy to look at specifically for your site.
As a hosted service Plausible is paid, usually staggered by the number of monthly page views, but with no maintenance effort of your own and hosted in the EU. Since Plausible is open source, you can alternatively run it on your own server for free, though then you carry setup and upkeep yourself. Which option makes sense depends on your budget, your technical effort and your desire for data ownership.
There is no flat figure, because the effort depends strongly on your current setup, above all on how many tracking services, videos or external embeds have to be replaced. For a lean site it is often more manageable than many think; for grown sites the work is in the detail. I give you a solid estimate as soon as I have briefly checked what your site currently loads.
For a tidy site the core is often done quickly; it gets more involved when many third-party services, videos, maps or fonts have to be replaced cleanly. So the time needed depends less on the analytics itself than on the number of building sites around it. Because a single overlooked service can trigger the banner again, I check beforehand exactly what needs doing and then give you a realistic timeframe.
Yes, you then measure your ads’ impact mainly via UTM parameters instead of personal profiles and still see which campaign brings visitors and enquiries. For more detailed conversion tracking Google now offers more data-thrifty routes such as Consent Mode and server-side tagging, which you can add depending on your goal. Very fine-grained, personal ad tracking, however, remains consent-requiring; here it is worth weighing up what you really need.
Absolutely. A privacy policy is mandatory independent of the cookie banner and must transparently explain which data you process for what purpose, including anonymous, cookieless measurement. This covers, for example, the analytics tool used, your host and the server log files. Without a banner the policy only becomes leaner and more honest; it may never be left out.
Yes, cookieless analytics can also be embedded in WordPress, often with just a few steps. The catch is themes and plugins that like to set their own cookies unasked or load third-party services like fonts, maps or social feeds and thus make the banner necessary again. Here it is worth a close look at which building blocks are truly clean and which you should replace or embed differently.