Skip to content
Mediaorigo

Back to Journal

Cookieless measurement: the four techniques that actually work — not five, not ten, exactly four

Published: · mediaorigo

Four techniques, four distinct capabilities, zero overlap — why no 'one-stop cookieless solution' actually exists.

The 'cookieless future' slogan has been circulating since 2020, and every adtech conference offers a dozen 'solutions'. Most are marketing wrappers around a thin technique, or a relabelling of an existing system. In our stack four techniques have survived in real production — they pass the measurement-fidelity test and the scale test. Here they are.

1. First-party CDP — the one that is not in question

A first-party customer data platform is the single source of truth for events on your own domain. Logins, article reads, newsletter signups, purchase intent — everything you record in your own systems without external tracking.

Our MX-CDP manages 4.8M active profiles across 14 signal sources. 62% of profiles are bound by a deterministic ID (hashed email + login); 38% are probabilistic (session signals). Misclassification rate on the probabilistic segment against a control group: 7-9%.

What it gives you: accurate audience segments for your own product. What it does not: cross-domain conversion attribution.

2. Contextual signals — back, and better than ever

Contextual targeting is not new; what is new is that 2026 AI models are more accurate than 2010 keyword systems were. We classify a page across 12 dimensions (see the brand-safety article), and advertisers build segments on those dimensions.

Concrete example: an energy-drink brand targeted the 'sport / fitness' contextual segment with a 0.72 confidence threshold. 1.4M impressions per week, CPM 420 HUF, post-impression CTR 0.31% — higher than last year's user-segment retargeting (0.24%). The reason: context is more relevant in the reading moment than last week's browsing history.

What it gives you: cookieless targeting on any page. What it does not: individual-level attribution.

3. Server-side Conversion API — yours, not Facebook's

The 'Conversion API' term is known from Meta marketing, but the concept is broader: instead of the browser, your backend sends events to ad systems. We do not use Meta-specific CAPI by default — we run a proprietary S2S endpoint to every DSP and ad-network partner.

The setup is not easy. The purchase event is sent by the ERP system, hashed email, server-to-server. Timing matters: a 30-second buffer to catch the full order lifecycle (refunds, cancellations). Deduplication: by idempotency key.

The measured result: browser-side pixels lose 11-17% of conversions to cookie blocking. Server-side error margin: 0.3%. On a 4M HUF performance campaign that is 440-680 thousand HUF in attributed conversions previously seen as 'lost'.

What it gives you: accurate, durable conversion measurement. What it does not: first-impression attribution (unless the click ID is carried in the URL).

4. Deterministic ID graph — connected, not exposed

A deterministic ID graph links first-party IDs across publishers and advertisers without the actual email or phone number leaving the system. Two SHA-256 hashes with salt (privacy-preserving record linkage).

We work with a UID2-style consortium ID across four Hungarian publisher partners. Coverage: 71% of our total Hungarian web audience has at least one shared ID point. Frequency capping and cross-publisher reach measurement are built on this.

Critical: this is not universal tracking. The user has given GDPR-compliant consent on the publisher side and the hashing is one-way. The ID graph only computes frequency and incrementality; it does not transfer profiles.

What it gives you: cross-publisher reach and frequency. What it does not: granular demographic targeting (that comes from the CDP).

The four do not replace each other

Important: these are not alternatives, they are complementary layers. An average campaign uses all four. The CDP is the audience base; context is the real-time targeting layer; the Conversion API is the measurement backbone; the ID graph is the frequency and attribution tree.

The 'one-stop cookieless solution' slogan is a poor abstraction. The reality is that four techniques run in parallel, each filling a specific gap left by the disappearance of the third-party cookie.

What we do not count as real

Two often-cited 'solutions' were deliberately omitted. Google Privacy Sandbox Topics API delivers too low a signal-to-noise ratio to be useful for targeting — categories are too broad and the refresh cycle too slow. Fingerprinting technically exists, but we do not consider it legitimate measurement on legal or ethical grounds; the GDPR risk is disproportionate to the added accuracy.

Takeaway

Cookieless measurement is not a product, it is four distinct techniques each replacing a specific capability. First-party CDP, contextual signals, server-side Conversion API, deterministic ID graph. Anyone offering a fifth is probably selling a relabelled version of one of the four.