Cookieless analytics tools like Matomo and Plausible work brilliantly for one problem and fail completely at another. They can tell you how many people visited your site today. They cannot tell you which ad campaign drove last week’s $500 purchase. These are fundamentally different problems, but the “cookieless” marketing conflates them into one misleading solution.
Matomo cookieless tracking uses a config_id valid for only 24 hours maximum, reset daily (Matomo Documentation, 2025). The 30-minute default lookback period means a visitor who leaves and returns 2 hours later is counted as a new person. For a blog measuring traffic? Perfect. For an ecommerce store tracking ROAS? Disaster.
The Analytics Problem (Solved)
Cookieless analytics answers questions like:
- How many people visited my site today?
- Which pages are most popular?
- What traffic sources drive the most sessions?
- What’s my bounce rate?
These are aggregate metrics. You don’t need to identify individual users—you need to count events and group them into visits. Matomo’s config_id does this elegantly by hashing browser attributes into a temporary identifier that can group pageviews into sessions without storing anything personally identifiable.
This is exactly what privacy-focused analytics was designed for. France’s data protection authority confirmed Matomo is exempt from tracking consent when configured for cookieless analytics. You can measure traffic without consent banners because you’re not tracking individuals—you’re counting events.
For content sites, blogs, and informational websites, cookieless analytics delivers everything you need. Page popularity, traffic trends, referral sources—all measurable without cookies and without consent requirements.
You may be interested in: Browser Fingerprinting in 2026: Why IP/Device/Screen Hashing Is Not the Cookie Alternative You Think
The Conversion Tracking Problem (Not Solved)
Conversion tracking answers different questions:
- Which Facebook campaign drove this $500 purchase?
- What’s my ROAS on Google Ads?
- Did that email newsletter generate revenue?
- Which touchpoints contributed to this customer’s journey?
These require connecting a specific ad click to a specific purchase—often days or weeks apart. The visitor clicks your Facebook ad on Monday, browses, leaves, returns Thursday via Google search, and buys Friday morning. Which campaign gets credit?
Cookieless analytics cannot answer this. Matomo’s config_id resets daily. That Monday Facebook click and Friday purchase belong to different “visitors” in cookieless mode. The conversion attribution? “Direct entry”—completely wrong.
Matomo’s documentation explicitly states: “When cookies are disabled, the following metrics will be inaccurate: Unique visitors, New visitors, Returning visitors. Ecommerce and Goal tracking attribution is also affected” (Matomo Documentation, 2024). The example they give: a visitor uses a newsletter link, visits 5 pages, leaves, returns 2 hours later via direct entry, and buys. With cookies, Matomo credits the newsletter. With cookieless tracking, the conversion is not attributed to the original campaign.
This isn’t a bug—it’s the design. Cookieless analytics prevents identity persistence precisely because persistent identification is what privacy advocates object to. But without identity persistence, multi-session conversion tracking is impossible.
Why Store Owners Get Confused
The marketing around cookieless tools rarely distinguishes between these use cases. “Track without cookies!” sounds like a complete solution. It isn’t.
Here’s what happens when a WooCommerce store owner switches to cookieless analytics thinking it solves their tracking problems:
- Traffic metrics look fine. Pageviews, sessions, popular products—all measurable.
- Conversion data makes no sense. Most purchases show “direct” as the source.
- Ad platform data diverges. Facebook says 100 conversions, analytics shows 20.
- ROAS becomes guesswork. Can’t tell which campaigns actually drive revenue.
The store owner might blame data discrepancies on ad blockers or consent rejection. The real problem is architectural: cookieless analytics cannot do what they need it to do.
Other platforms lose up to 40% of conversion data due to cookie consent banners, cookie deprecation, and ad blockers (RedTrack, 2025). Adding cookieless analytics to the mix doesn’t recover this data—it just provides different aggregate metrics while conversion attribution remains broken.
You may be interested in: The Cookie Redemption: First-Party Data Is the Ethical High Ground
What Conversion Tracking Actually Needs
Ecommerce conversion tracking needs to solve a specific problem: connecting marketing touchpoints to transactions. This requires:
Identity persistence: Some way to recognize that Monday’s ad clicker is Friday’s purchaser. Cookieless analytics prevents this by design.
Cross-session attribution: Credit needs to flow across multiple visits. The 30-minute lookback in cookieless mode makes multi-session journeys invisible.
Revenue connection: Not just “a conversion happened” but “this specific order worth $247 happened.”
There are legitimate ways to achieve this without cross-site tracking:
First-party data from transactions: When someone completes a purchase, you have their email, order details, and transaction data. This is first-party data you collected directly—not tracking across the web. You can send this conversion data to ad platforms via server-side APIs.
Server-side tracking: Facebook CAPI, Google Enhanced Conversions, and similar APIs accept conversion data sent from your server. The user’s browser isn’t involved. You’re reporting transactions that actually happened in your system.
Click IDs preserved server-side: When someone clicks an ad, platforms pass click identifiers (fbclid, gclid). Store these server-side with the user’s session or lead data. When they convert, send the conversion with the original click ID. No cookies needed—just database records.
Separating Analytics from Conversion Tracking
The solution isn’t choosing one tool—it’s recognizing these are separate problems requiring separate solutions.
For analytics (aggregate metrics): Cookieless tools work excellently. Use Matomo, Plausible, or similar for traffic insights, page popularity, and general usage patterns. You can run these without consent banners in many jurisdictions.
For conversion tracking (attribution): Use first-party data from actual transactions. When orders complete in WooCommerce, you have all the data you need—customer info, order value, products purchased. Send this to ad platforms via server-side APIs. This is your data from your transactions, not cross-site tracking.
Transmute Engine™ separates these concerns. Analytics can remain privacy-focused—aggregate metrics without personal identification. Conversion tracking uses your actual transaction data, sent server-side to the platforms that need attribution. Your order data belongs to you; using it for attribution is fundamentally different from tracking users across the web.
The First-Party Data Advantage
First-party data from your transactions solves what cookieless analytics cannot:
- Identity comes from the transaction. The customer provided their email when they bought. That’s not surveillance—it’s commerce.
- Attribution persists across sessions. You stored the click ID when they arrived; you match it when they convert. No cookies needed.
- Revenue is accurate. You’re reporting actual orders from your database, not inferred events from browser behavior.
- Privacy is preserved. You’re not tracking users across websites. You’re reporting your own sales data.
This is why server-side tracking via Conversions APIs has become the standard for ecommerce. It bypasses the limitations of both cookie-based tracking and cookieless analytics by using the data you actually have—your transactions.
Key Takeaways
- Cookieless analytics solves aggregate metrics—pageviews, sessions, traffic sources—without identifying individuals
- Conversion tracking requires identity persistence that cookieless analytics specifically prevents
- Matomo config_id resets every 24 hours with a 30-minute default lookback—fine for blogs, wrong for ecommerce
- Multi-session purchase journeys become invisible in cookieless mode—conversions attributed to “direct”
- First-party data from transactions provides attribution without cross-site tracking
No. Matomo cookieless mode uses a config_id that resets every 24 hours and has a 30-minute default lookback. If a visitor clicks an ad, leaves, and returns 2 hours later to purchase, the conversion is attributed to “direct entry” instead of the original campaign. Fine for blog analytics, problematic for ecommerce attribution.
Cookieless analytics measures aggregate metrics—pageviews, sessions, traffic sources—without identifying individuals. Conversion tracking needs to connect a specific ad click to a specific purchase, often days apart. The first works with privacy-preserving hashes; the second requires identity persistence that cookieless methods prevent.
Use first-party data from actual transactions. When someone completes a purchase, you have their order data, email, and transaction details—first-party data that doesn’t require cross-site tracking. Server-side solutions send this conversion data to ad platforms via APIs like Facebook CAPI, bypassing browser cookies entirely.
Stop conflating aggregate analytics with conversion tracking. They’re different problems. Learn how Transmute Engine handles both with the right solution for each.
