What is Cookie Syncing and How Does It Work?

If you work in online advertising, then you’ve probably heard of cookie syncing. But what is it? How does it work? And why do AdTech and data companies use it? 

In this post, we’ll answer those very questions and many more! 

You can start by watching our short video to get an overview of cookie syncing and how it works, and then read the rest of the post below to learn more. 

The Humble Web Cookie 

Without cookies, Internet customers wouldn’t be able to add products to e-commerce shopping carts, they’d have to enter their login details each time they accessed a website or application, and they’d have to change the default language of multilingual websites with every visit. 

Cookies remember user preferences and information in order to deliver a better and more efficient experience. But these little bits of data are also the lifeblood of online advertisers. 

Advertisers use cookies to collect anonymous information about a website’s visitors. They then use this information to create profiles containing specific details about a user and to display relevant ads. 

With mountains of user data generated by increasing Internet access and the expansion of the online display-advertising ecosystem, targeting the right audience is becoming increasingly challenging. 

In order to combat this issue, a new process has been introduced – cookie syncing. 

What Are Cookies? 

Cookies are small text files that collect certain pieces of information about online users. Each time a user visits a new website, cookies are created by the Internet browser and saved onto the user’s computer. When that user returns to the website, the cookies will help it to remember certain things, such as what content the user viewed and which pages they accessed. 

Cookies are used to remember certain pieces of information and perform particular functions: 

• Website setup: Some cookies are used to remember personal preferences that users have set previously, e.g., which language to display content, which currency, etc. 
• Sign-in: When a user signs into a website, a unique session ID is stored in the cookie so that the website “knows” who (which user) is logged in. Also, sign-in could be automatic depending on the website’s security settings and the user’s browser settings. 
• eCommerce: eCommerce stores use cookies to remember which products users looked at, added to their shopping carts, and purchased. 
• Analytics: Cookies store an anonymous identifier for the user and collect data about the user’s interaction with the website under one profile and session. 
• Advertising: Cookies are used to identify which advertisements the user has viewed and interacted with (e.g., click on). 
• Behavioral profiling: Cookies are also used to create anonymous profiles that track the user’s behavior across websites that have implemented a third-party tracking code. The data collected from this code is used for advertising. Based on the data collected, advertisers choose the most suitable ads to display to the user (the ads with the highest probability of being of interest). 

While various cookies can perform various functions, there are also a couple of different types of cookies, and each will perform different functions. 

Different Types of Cookies 

For different tasks, there are different types of cookies. Let’s investigate them. 

First-party Cookies 

First-party cookies are created by the websites we visit directly. For example, if you visit techcrunch.com, the cookie will be created in the techcrunch.com domain, not in a third-party domain (e.g. appnexus.com). 

These types of cookies help deliver a good user experience, as they remember specific pieces of information about the user and their behavior (e.g. login details, products added to shopping carts, the preferred language, etc.). With first-party cookies, it is up to the website to decide what information to collect and store. 

Third-party Cookies 

Third-party cookies, also referred to as tracking cookies, are collected not by the website, but by advertisers. 

When a user visits a website, there can be a number of different third-party trackers collecting information, which can include data passed on from the publisher/website, such as the user’s interests, location, and age. 

Third-party trackers can also track a user’s behavior, such as the content they view on that website and the things they click on (e.g., products and ads). The trackers create third-party cookies and use them to display adverts to the user when they visit different websites. 

For example, if a user visits bestbuy.com and clicks on a product (e.g. a Samsung TV), third-party trackers will collect and analyze the information about that user and their activity on bestbuy.com. Then, if that user leaves bestbuy.com and accesses a different website, such as techcrunch.com, the user could be shown an advert for that exact same product, or something similar (e.g. another TV or another electrical product). 

The way it works is that both bestbuy.com and techcrunch.com load a piece of code from an ad server (e.g., marketingplatform.google.com/). When the user navigates to either website, the piece of code loaded from ad.doubleclick.net is from a domain different from the URL in the user’s browser, so the cookies set in ad.doubleclick.net are considered third-party cookies. 

From Cookies to User IDs 

While the number of functions a cookie can perform is vast, a cookie can only contain so much text, as they are restricted in size. In order to address this issue, some cookies now only contain a unique ID. 

By storing a cookie with a unique ID on the user’s computer, advertisers and other companies can then store the rest of the information about the user on their own systems. This not only frees up the cookie’s space, but also allows advertisers to collect and analyze more information about the user. 

The Problem AdTech Companies and Advertisers Face With Cookies 

The big limitation of cookies is that they can only be read on the domain that created them. This means that AdTech companies can’t read cookies created by other AdTech platforms or by the website itself, essentially limiting their effectiveness for advertising purposes on other websites. 

In order to share user data, AdTech platforms perform a process known as cookie syncing. 

What Is Cookie Syncing? 

As mentioned previously, cookies are domain specific, which means those created by one third-party tracker cannot be read by another third-party tracker. 

For advertisers, this restricts the potential amount of information they can collect about a user. 

Therefore, in order to accurately target an audience, advertisers need to incorporate user data from various domains and sources, which happens as part of data-buying agreements and partnerships between different companies. 

Advertisers are able to achieve this by mapping user IDs from one system to another. An example of this would be mapping a user’s ID from a demand-side platform (DSP) to a data management platform (DMP). This process is known as cookie syncing. 

The cookie-syncing process is used by most advertising technology (AdTech) platforms, including ad networks, demand-side platforms (DSPs), data-management platforms (DMPs), ad exchanges, supply-side platforms (SSPs), and various other platforms and data providers. 

The results of the cookie-syncing process benefit those mentioned above, as they are able to exchange user data across different platforms and, therefore, better target audiences with online advertisements. 

How Does Cookie Syncing Work? 

Cookie syncing works when two different advertising systems (aka platforms) map each other’s unique IDs and subsequently share information that they have both gathered about the same user. 

But how do they collect information about users in the first place? Well, it all starts with the browser. 

Each time a user visits a website that contains ads (or third-party tracking tags), the browser sends an ad request to an advertising technology platform (e.g. a DSP). The DSP then creates a unique user ID, if one doesn’t exist already, and stores that ID in a cookie. 

It’s important to note here that it is a third-party cookie because the ad request is made to an AdTech platform’s domain, not the domain of the website the user is visiting. 

Within this ad request, the DSP also calls a pixel URL supplied by a different advertising technology platform (e.g. a DMP). The DSP includes its user ID, which it created for that user, as a parameter in the pixel URL call. 

The DMP’s server reads the user ID created by the DSP from the parameter in the URL, and reads the cookie in its own domain to see if it already has an ID for this particular user. If one doesn’t exist, then it creates a user ID of its own. 

Then, it stores the information about its own ID and the DSP’s ID in a cookie-matching table. The DMP can pass its own identifier back to the ad exchange so that the sync is bidirectional. It does this by doing a pixel redirect back to the ad exchange and passes its own ID as a parameter. 

In this situation, the cookie-matching table for both the DSP and DMP would look like this: 

So now, both the DSP and the DMP have each other’s IDs for that particular user. 

This ID-creation process happens for almost every ad, and the cookie-syncing process occurs across many different advertising technology platforms. 

Here’s a step-by-step overview of how it works: 

• A user visits a website that contains an ad. 
• The DSP receives the ad request. 
• The DSP sends back the request and creates a third-party cookie. 
• The ad exchange redirects (http redirect) the ad request to the pixel URL on the DMP’s side, passing the user ID in the URL parameter. The DMP reads its own cookie, or creates a new cookie, and then saves the user ID passed from the DSP along with its own user ID in the cookie-matching table. 
• If the sync is bidirectional, the DMP makes the redirect back to the DSP, passing its own ID in the URL parameter. The DSP receives this request, reads its own cookie, and stores the DMP ID along with its own ID in the cookie-matching table. 
• Now, both the DSP and DMP have each other’s’ user IDs in each other’s databases. 

How Is User Data Shared Between AdTech Platforms? 

The actual matching of cookies is only one part of the cookie-syncing process. The next phase involves sharing the user data. 

Once the cookie IDs have been synced between two AdTech platforms, they can now share or request data contained in the cookies by referencing each other’s user IDs. 

This process is typically done via server-to-server integration, with the data being transferred to large batch files. Although the actual cookie-matching part happens in real-time, sharing the data between platforms happens at a specified time, e.g., once a day. 

It’s important to note that cookie syncing is only performed in web browsers, whether that be desktop or mobile web browsers, across all types of online advertising, including display, native, and video ads. 

The reason for this is because unlike native mobile apps that use the device’s Advertising ID (IDFA & AAID) as a way to identify users, web browsers don’t emit a consistent user identifier and cookies from one domain (e.g. adnxs.com) can’t be accessed by a platform operating under a different domain (ad.doubleclick.net), so the only way to identify a user across different websites is by collecting and syncing their cookie ID. 

Final Thoughts 

Cookie syncing is an important part of the online advertising ecosystem due to its ability to transfer data from one platform to another. However, it faces a number of challenges, including the ever-growing rise of ad-blocking software and of course the EU’s General Data Protection Regulations (GDPR), which requires companies to obtain consent from EU/EEA citizens and residents before they can share data with one another. 

Let’s talk about how you can put cookie syncing to work for smarter, more connected ad campaigns.