Opt-outs and anonymous tracking on web
The Snowplow web tracker allows you to track events anonymously. It enables anonymizing various user and session identifiers to support user privacy in case consent for tracking the identifiers is not given. This means that no user identifiers are sent to the Snowplow event collector. By default, anonymous tracking is not enabled.
Anonymous tracking can be configured on initialization, but can be reset later. You may wish to toggle this functionality on or off during a page visit, for example when a user accepts a cookie banner you may not want to disable anonymous tracking, or when a user logs in to your site.
For information about tracking user consent interactions and GDPR basis for processing, check out this page. Read more about anonymous tracking in the overview page.
On web, the following user and session identifiers can be anonymized:
- Client-side user identifiers:
- Client-side session identifiers:
domain_sessionidanddomain_sessionidx, set automatically by the tracker from the cookiespreviousSessionIdin the session entity, set automatically by the tracker
- Server-side user identifiers:
network_useridanduser_ipaddress, set by the Collector
Configuring anonymous tracking
There are several levels to the anonymization depending on which of the three categories are affected. Set this using the initialization configuration object.
1. Full client-side anonymization
anonymousTracking: true,
stateStorageStrategy: 'cookieAndLocalStorage'
This mode will no longer track any user identifiers or session information. The tracker won't add the session entity to events, even if session tracking is enabled.
| Identifier | Location in event | Included in event? |
|---|---|---|
user_id | Atomic | ❌ |
domain_userid | Atomic | ❌ |
domain_sessionid | Atomic | ❌ |
domain_sessionidx | Atomic | ❌ |
userId | Session entity | ❌ no session entity |
sessionId | Session entity | ❌ no session entity |
previousSessionId | Session entity | ❌ no session entity |
tabId | Browser entity | ❌ |
network_userid | Atomic | ✅ |
user_ipaddress | Atomic | ✅ |
Similar in behavior to setting stateStorageStrategy: 'none', as it will store no values in cookies or localStorage, however by using anonymousTracking you can toggle this behavior on and off (useful for allowing events to be sent without user identifiers until cookie banners have been accepted).
Setting stateStorageStrategy to cookieAndLocalStorage or localStorage also allows for event buffering to continue working whilst not sending user information when anonymousTracking is enabled.
Anonymous tracking can be toggled on and off.
2. Client-side anonymization with session
anonymousTracking: { withSessionTracking: true },
stateStorageStrategy: 'cookieAndLocalStorage'
This mode will continue to track session information but will track no user identifiers.
| Identifier | Location in event | Included in event? |
|---|---|---|
user_id | Atomic | ❌ |
domain_userid | Atomic | ❌ |
domain_sessionid | Atomic | ✅ |
domain_sessionidx | Atomic | ✅ |
userId | Session entity | ❌ set to null UUID |
sessionId | Session entity | ✅ |
previousSessionId | Session entity | ❌ |
tabId | Browser entity | ❌ |
network_userid | Atomic | ✅ |
user_ipaddress | Atomic | ✅ |
To achieve this, the tracker will use Cookies or local storage. For session tracking, stateStorageStrategy must be either cookieAndLocalStorage (default), localStorage or cookie. If this feature is enabled and the storage strategy is not appropriate, then full anonymous tracking will occur.
The Snowplow JavaScript Tracker performs sessionization client side. This allows anonymous session tracking to be done using client side storage without sending any user identifier fields to the collector.
3. Full anonymization/cookieless
anonymousTracking: { withServerAnonymisation: true },
stateStorageStrategy: 'none',
eventMethod: 'post'
This mode will no longer track any user identifiers or session information, and will additionally prevent the Snowplow Collector from generating a network_userid cookie and capturing the users IP address. The same behavior described for above for Client side Anonymous tracking also applies.
| Identifier | Location in event | Included in event? |
|---|---|---|
user_id | Atomic | ❌ |
domain_userid | Atomic | ❌ |
domain_sessionid | Atomic | ❌ |
domain_sessionidx | Atomic | ❌ |
userId | Session entity | ❌ no session entity |
sessionId | Session entity | ❌ no session entity |
previousSessionId | Session entity | ❌ no session entity |
tabId | Browser entity | ❌ |
network_userid | Atomic | ❌ |
user_ipaddress | Atomic | ❌ |
Setting stateStorageStrategy to cookieAndLocalStorage or localStorage also allows for event buffering to continue working whilst not sending user information when anonymousTracking is enabled. However for an experience that doesn't use any browser storage (cookieless), set stateStorageStrategy to none. This can be later toggled on, once a user accepts a cookie policy.
Server Anonymization requires the Snowplow Stream Collector v2.1.0+. Using a lower version will cause events to fail to send until Server Anonymization is disabled.
Toggling anonymous tracking
You may wish to toggle this functionality on or off during a page visit, for example when a user accepts a cookie banner you may not want to disable anonymous tracking, or when a user logs in to your site.
Enable anonymous tracking
Enabling Anonymous tracking will clear all current user, session and page data from events sent to the collector. Although not sent in requests to collector, existing user and session identifiers will not be removed from cookies or local storage. See below for information on how to clear user data.
If you wish to enable Anonymous Tracking, you can call:
- JavaScript (tag)
- Browser (npm)
snowplow('enableAnonymousTracking');
import { enableAnonymousTracking } from '@snowplow/browser-tracker';
enableAnonymousTracking();
which will enable client side anonymous tracking.
For full, cookieless anonymization, including anonymizing data within the Snowplow Collector (cookies and ip address), enable server anonymization too:
- JavaScript (tag)
- Browser (npm)
snowplow('enableAnonymousTracking', {
options: { withServerAnonymisation: true }
});
import { enableAnonymousTracking } from '@snowplow/browser-tracker';
enableAnonymousTracking({
options: { withServerAnonymisation: true }
});
Server Anonymization requires the Snowplow Stream Collector v2.1.0+. Using a lower version will cause events to fail to send until Server Anonymization is disabled.
If you want to enable anonymous tracking with session tracking, then you can use:
- JavaScript (tag)
- Browser (npm)
snowplow('enableAnonymousTracking', {
options: { withSessionTracking: true }
});
import { enableAnonymousTracking } from '@snowplow/browser-tracker';
enableAnonymousTracking({
options: { withSessionTracking: true }
});
From v3.1.0 it's also possible to change the stateStorageStrategy when enabling Anonymous Tracking, allowing you to switch off storage when turning anonymous tracking on:
- JavaScript (tag)
- Browser (npm)
snowplow('enableAnonymousTracking', { options: {}, stateStorageStrategy: 'none' }); // Available from v3.1.0
import { enableAnonymousTracking } from '@snowplow/browser-tracker';
enableAnonymousTracking({
options: {},
stateStorageStrategy: 'none'
});
Disable anonymous tracking
To do this you can call the following methods:
- JavaScript (tag)
- Browser (npm)
snowplow('disableAnonymousTracking');
or, if you wish to also adjust the stateStorageStrategy when enabling:
snowplow('disableAnonymousTracking', {
stateStorageStrategy: 'cookieAndLocalStorage'
});
import { disableAnonymousTracking } from '@snowplow/browser-tracker';
disableAnonymousTracking();
or, if you wish to also adjust the stateStorageStrategy when enabling:
import { disableAnonymousTracking } from '@snowplow/browser-tracker';
disableAnonymousTracking({
stateStorageStrategy: 'cookieAndLocalStorage'
});
If configuring the tracker with stateStorageStrategy: 'localStorage' and anonymous tracking using withSessionTracking: true, then if you change to a stateStorageStrategy which prefer cookies such as cookie or cookieAndLocalStorage then the session identifiers will reset. To maintain session identifiers, ensure you use the same stateStorageStrategy.
Clear user data
If you wish to clear all the cookies (except for the Collector sp cookie) and local storage values which contain user data when switching on anonymous tracking, or triggered by other actions on your site, you can call the following:
- JavaScript (tag)
- Browser (npm)
snowplow('clearUserData');
clearUserData();
From v3.1, this will also clear in memory session and user identifiers too. This ensures all possible identifiers are cleared and even if tracking is resumed you will see new session and user identifiers. If you'd like to preserve the in-memory session and user identifiers, for future events should you continue tracking after clearing the cookies, you can do so:
- JavaScript (tag)
- Browser (npm)
snowplow('clearUserData', { preserveSession: true, preserveUser: true });
clearUserData({ preserveSession: true, preserveUser: true });
Respecting Do Not Track
Most browsers have a Do Not Track option which allows users to express a preference not to be tracked. You can respect that preference by setting the respectDoNotTrack field of the initialization configuration object to true. This prevents cookies from being sent and events from being fired.
Opt-out cookie
Similar in function to Do Not Track, it's possible to set an opt-out cookie to prevent all events being tracked.