Optimizely Data Platform (ODP) tracks visitors using browser cookies. When a visitor lands on your website, ODP checks for an existing tracking cookie. If one does not exist, ODP associates a cookie with that visitor and registers their on-site behaviors (like page views) moving forward, resulting in identity resolution and event collection.
There are two types of cookies: first-party cookies and third-party cookies. To enable event collection and user resolution, ODP stores first-party cookies specific to the brand’s website.
- First-party cookies – Stored by the domain the customer visited.
- Third-party cookies – Set by another domain, such as an ad server or ad platform engaging in cross-site tracking or retargeting of website visitors with ads or an on-site service (like a chat or login feature).
- ztsrc – The last referrer; the location from which the customer accessed your site (for example, another website, Google, and so on).
- z_idsyncs – Tracks IDs for the site visitor.
- zaius_web_content – Tracks web content that the visitor sees.
- zaiusPushSubscribeDismissedUntil – Stores the timestamp of when the push notification will display to the user.
- zaiusPushSubscribePopped – Stores the timestamp of when the subscription pop-up last displayed to the user.
- z_customer_id – Stores the main ID used to identify the customer in ODP.
- submittedWebContents – Stores the data a visitor submits from a web form.
- vuid – Tracks the visitor UUID. If the customer ID is known, the VUID matches that ID.
- zaius_web_push – Web push tokens.
How ODP tracks and identifies customers
- ODP connects page views to an identified customer if they click a link in a tracked email (legacy) that directs to a page with the ODP JavaScipt tag installed.
- ODP tracks visitors, using first-party cookies, before they become a known customer.
- When a visitor fills out a web embed or modal, ODP associates their previous anonymous page views based on their tracking cookie. If a customer in ODP already has that email address, ODP identifies this visitor as the customer.
- ODP uses customer identifiers, such as a customer's email address and the VUID included in a customer's cookie, to determine which events are associated with the customer and if events from "different" visitors should be merged.
- If a visitor deletes their cookies, ODP considers them a new visitor and assigns them a new cookie. However, ODP automatically applies user resolution and merges submissions from the same email address, even if different cookies were associated with those submissions.
- If a customer uses a different browser or blocks cookies and does not provide identifiable information (such as email address or login information) in their subsequent visits, ODP counts them as multiple unique visitors.
- If multiple people share a single computer and browser, their submissions result in unique customer profiles if they use a unique customer identifier (such as an email address). The profile associated with the most recent submission inherits the shared browser cookie/VUID, and ODP incorporates all events into that profile until another high-confidence submission from one of the "secondary" users occurs.
Effect on email campaigns
- ODP can only send email campaigns to identified customers, such as behavioral campaigns like cart abandonment. ODP qualifies someone for a cart abandonment campaign if they add a product to their cart and do not complete a purchase. However, if ODP cannot associate the event with a known customer email address through an identifier like their browser cookie, it does not send an email. You might observe more cart abandonment events than cart abandonment email sends.
The privacy and security scrutiny that third-party cookies face does not impact ODP functionality as it exists today. For more information about compliance and consent, see this group of articles.
- Google Chrome’s SameSite update in February 2020 – Impacts access to third-party cookies through non-secure connections and requires the third-party cookie to properly identify that cross-site access is being requested.
- Google Chrome phases out third-party cookies in 2022 – Impacts the ability to set third-party cookies in Chrome. Google proposed to replace tracking cookies with to-be-determined solutions that do not provide 1:1-level tracking but still allow for targeting and block third-party cookies by default in Chrome. Google did not mention any impact on first-party cookies at this time.
- Apple’s Intelligent Tracking Prevention (ITP) for Safari – Safari continues to block third-party cookies by default. ITP attempts to identify first-party cookies that act as third-party trackers using redirects/bounce tracking, URL decoration, local storage, and other specific practices designed to enable ad targeting. Standard site browsing/serving operations do not commonly use these methods. ITP is unlikely to target a brand’s first-party cookies.