Cookieless measurement: the four techniques that actually work — not five, not ten, exactly four
Published: · mediaorigo
Four techniques, four distinct capabilities, zero overlap — why no 'one-stop cookieless solution' actually exists.
The 'cookieless future' slogan has been circulating since 2020, and every adtech conference offers a dozen 'solutions'. Most are marketing wrappers around a thin technique, or a relabelling of an existing system. In our stack four techniques have survived in real production — they pass the measurement-fidelity test and the scale test. Here they are.
1. First-party CDP — the one that is not in question
A first-party customer data platform is the single source of truth for events on your own domain. Logins, article reads, newsletter signups, purchase intent — everything you record in your own systems without external tracking.
Our MX-CDP manages 4.8M active profiles across 14 signal sources. 62% of profiles are bound by a deterministic ID (hashed email + login); 38% are probabilistic (session signals). Misclassification rate on the probabilistic segment against a control group: 7-9%.
What it gives you: accurate audience segments for your own product. What it does not: cross-domain conversion attribution.
2. Contextual signals — back, and better than ever
Contextual targeting is not new; what is new is that 2026 AI models are more accurate than 2010 keyword systems were. We classify a page across 12 dimensions (see the brand-safety article), and advertisers build segments on those dimensions.
Concrete example: an energy-drink brand targeted the 'sport / fitness' contextual segment with a 0.72 confidence threshold. 1.4M impressions per week, CPM 420 HUF, post-impression CTR 0.31% — higher than last year's user-segment retargeting (0.24%). The reason: context is more relevant in the reading moment than last week's browsing history.
What it gives you: cookieless targeting on any page. What it does not: individual-level attribution.
3. Server-side Conversion API — yours, not Facebook's
The 'Conversion API' term is known from Meta marketing, but the concept is broader: instead of the browser, your backend sends events to ad systems. We do not use Meta-specific CAPI by default — we run a proprietary S2S endpoint to every DSP and ad-network partner.
The setup is not easy. The purchase event is sent by the ERP system, hashed email, server-to-server. Timing matters: a 30-second buffer to catch the full order lifecycle (refunds, cancellations). Deduplication: by idempotency key.
The measured result: browser-side pixels lose 11-17% of conversions to cookie blocking. Server-side error margin: 0.3%. On a 4M HUF performance campaign that is 440-680 thousand HUF in attributed conversions previously seen as 'lost'.
What it gives you: accurate, durable conversion measurement. What it does not: first-impression attribution (unless the click ID is carried in the URL).
4. Deterministic ID graph — connected, not exposed
A deterministic ID graph links first-party IDs across publishers and advertisers without the actual email or phone number leaving the system. Two SHA-256 hashes with salt (privacy-preserving record linkage).
We work with a UID2-style consortium ID across four Hungarian publisher partners. Coverage: 71% of our total Hungarian web audience has at least one shared ID point. Frequency capping and cross-publisher reach measurement are built on this.
Critical: this is not universal tracking. The user has given GDPR-compliant consent on the publisher side and the hashing is one-way. The ID graph only computes frequency and incrementality; it does not transfer profiles.
What it gives you: cross-publisher reach and frequency. What it does not: granular demographic targeting (that comes from the CDP).
The four do not replace each other
Important: these are not alternatives, they are complementary layers. An average campaign uses all four. The CDP is the audience base; context is the real-time targeting layer; the Conversion API is the measurement backbone; the ID graph is the frequency and attribution tree.
The 'one-stop cookieless solution' slogan is a poor abstraction. The reality is that four techniques run in parallel, each filling a specific gap left by the disappearance of the third-party cookie.
What we do not count as real
Two often-cited 'solutions' were deliberately omitted. Google Privacy Sandbox Topics API delivers too low a signal-to-noise ratio to be useful for targeting — categories are too broad and the refresh cycle too slow. Fingerprinting technically exists, but we do not consider it legitimate measurement on legal or ethical grounds; the GDPR risk is disproportionate to the added accuracy.
Takeaway
Cookieless measurement is not a product, it is four distinct techniques each replacing a specific capability. First-party CDP, contextual signals, server-side Conversion API, deterministic ID graph. Anyone offering a fifth is probably selling a relabelled version of one of the four.