Bounce tracking is a technique widely used by advertisers, marketers, and analytics platforms to track user behavior across different websites and gather detailed data on your online activity. This method involves redirecting your request through one or more intermediary domains before you reach your intended destination. Instead of going directly to a webpage, your request might pass through a server, such as ads-tracker.com, where your data is collected (all the time, without your consent). This could include your IP address, browser type, operating system, cookies, session information, and more.
The main purpose of bounce tracking is to bypass restrictions on third-party cookies. As modern web browsers become more privacy-conscious, they are increasingly restricting the use of third-party cookies, which are going to be dead by the end of 2024. Bounce tracking circumvents this by storing tracking data in first-party cookies on the target websites. First-party cookies are not subject to the same restrictions as third-party cookies which enables advertisers and analytics platforms to continue monitoring user behavior and linking actions across multiple domains, even when the user attempts to block third-party tracking.
This method offers significant benefits to marketers by providing them with valuable insights into user behavior, but it raises serious concerns about user privacy. Many users are unaware that their clicks are being silently rerouted through intermediary tracking servers, without their knowledge or consent. This effectively undermines privacy efforts, including using privacy-focused browsers, VPNs, or extensions designed to block tracking. For users who attempt to limit online surveillance, bounce tracking represents a significant challenge because it works behind the scenes to evade detection.
How Bounce Tracking Works
When you click a link, the process generally involves these steps:
Request
Your request is routed through a tracking server. Instead of directly accessing https://example.com, you might first be redirected to https://ads-tracker.com/ref?id=partner123&target=https://example.com.
The tracker server records your visit, assigns you a unique ID, and stores this data. Here's how it works:
GET /ref?id=partner123&target=https://example.com. HTTP/1.1
Host: affiliate-tracker.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Cookie: tracking_id=partner123
Redirect
HTTP/1.1 302 Found
Location: https://store.com/product
Set-Cookie: affiliate_id=partner123; Path=/; HttpOnly; Secure
The affiliate tracker collects your data, and the destination site may use JavaScript to read the cookie or query parameters for further tracking.
Mitigation Techniques
Browsers
Modern browsers have implemented several features to combat bounce tracking and strip tracking parameters. For example, Safari's Intelligent Tracking Prevention (ITP)↗ limits first-party cookies from trackers to a 24-hour lifespan and automatically blocks tracking scripts and cross-site cookies. Similarly, Firefox's Enhanced Tracking Protection (ETP)↗ detects bounce tracking patterns, prevents redirects, and removes known tracking parameters like affiliate_id and utm_source. On top of that, Brave Browser's De-AMP↗ feature bypasses intermediary servers, such as those used by Google AMP, and navigates directly to the original content, further limiting tracking capabilities.
Extensions
Privacy tools like uBlock Origin↗ and Privacy Badger↗ block tracking servers and scripts. These tools analyze URL query strings and redirection behaviors to prevent tracking.