Web Tracking – Why is it done?

Web tracking is the ability of a website to keep tab on website visitor. [1] Well you search for a flight lets assume from Chicago to Pittsburgh (something I do very often!). You are done with your search you don’t buy a ticket and you go on to Facebook. While you are surfing through Facebook, you see an advertisement for flights from Chicago to Pittsburgh from the website you were viewing your tickets earlier. All this and much more is possible due to web tracking.


Some people argue that this is against personal privacy, some may argue this is unethical but companies on the other end advocate that they do web tracking to improve the online experience for users. We as users get better online experience and companies get better sales. WIN – WIN situation is what it sounds like. Let us look at few reasons as to why web tracking is done:[2]

  1. Web tracking for advertisements – Tracking individual web surfing patterns enables companies to provide better advertisements.
    1. Personalized Advertisements: In the above example, I much more likely to be interested in the Chicago to Pittsburgh flight ticket ad than an advertisement for some body deodorant. As a user, I get better experience and the airline website is more likely to increase its sales.
    2. Contextual Advertisements: In contextual advertisements, advertisements are displayed on a page depending on certain words. If the page does contain certain keywords then certain advertisements are displayed on the page.
    3. Behavioral advertisements: Advertisements displayed can also vary depending on the age, gender and geographic location of the user.
    4. Semantic advertisements: While contextual advertisements depend on certain keywords, semantic keywords understand the context in the page and then provide relevant advertisements. This is a very sophisticated form of advertising.
  2. Web Analytics – Web tracking can also be used to get a sense of the overall performance of a website. It can be used to track the number of visitors to a page over a period of time. Companies and web owners can track the source that is diverting traffic to their website. They can analyze from where their users landed and can also customize their website depending on the results. This can track the geographic dispersion of the visitors.
  3.  Clickstream Analytics[3] – Clickstream analytics is used to analyze which pages the visitors visit in what order and also result of successive mouse clicks that each visitor makes. There are 2 types of clickstream analysis – Traffic analysis and e-commerce analysis.
    1. Traffic analysis is performed at the server level where the path taken by the users through the site is examined. It also determined how many pages were served to a user, time taken to serve each page and also activities such as how many times user pressed back button, how many users refreshed a page and so on.
    2. E-commerce based analysis is used to determine the pages that a user lingers on, the items user puts into a cart and removes. It tracks all the way up to final purchase made by the user.


  1. http://whatismyipaddress.com/web-tracking
  2. http://resources.infosecinstitute.com/means-and-methods-of-web-tracking-its-effects-on-privacy-and-ways-to-avoid-getting-tracked/
  3. http://searchcrm.techtarget.com/definition/clickstream-analysis

COOKIES – How is web tracking done?

Cookies are small files stored in the users computer. Cookies are used for session management, authentication of visitors.

Basic Information:
Standard cookies cannot be more than 255 characters and not more than 4k in disk space. Cookies have 2 mandatory fields: name and value. Expiration time, requirements of secure connection, domain name and path for cookie are generally included in the cookie although they are not mandatory.

Zombie Cookies:Zombie cookies are a huge threat to security. They can create themselves via backup after being created. They can be stored online and as cookie on the machine. Standard cookies are confined to one particular website while Zombie cookies can track activities of multiple websites. They are also browser independent and can track the activities of multiple web browsers.

In terms of space, Zombie cookies can occupy 25 times more space as a standard cookie. Cookies are created using Adobe Local Shared Objects (LSOs). These cookies are managed by the flash plug-in.

Third party Cookies:

Suppose we visit a webpage and that webpage contains images/information from a third party website (some other website), then the cookies created for that third party website is called “third party cookies”. These cookies are sent to the third party sites during the next visit regardless of the context/ page as long as there is information being retrieved from 3 party.

Third parties can insert dummy undetectable images called “web bug” in web pages. So every time a user visits this page, third party cookie is sent back to the third party.

Other Cookies:

Persistent cookies (Tracking cookies): These are used to determine how a user reached a particular website. these cookies can be made permanent using the maxAge option. They are in charge of a lot of useful functionalities such as authentication, language, theme-preferences, in-site bookmarks and favorites.

Session cookies: These cookies expire at the end of each session and do not have any potential negative effects.

There are other cookies such as secure cookies, HttpOnly cookies.

Thank you reading this article on cookies. I am also learning about them along the way. Please feel free to let me know of any mistakes I may have made in the article. Feedback is most welcome!




  1. http://resources.infosecinstitute.com/means-and-methods-of-web-tracking-its-effects-on-privacy-and-ways-to-avoid-getting-tracked/

What happens when you type www.example.com – Intro to Web 101

We visit so many websites each day, there is a lot that happens under the hood just for us to reach the website and get a response.

So let’s say we get on to our browser and type ‘www.example.com’, this could be http://www.google.com, http://www.facebook.com or any of our favorite website. Computers as we know are identified through numbers of the form ‘’ (IPv4), which are called IP (Internet Protocol) addresses. So ‘www.example.com’ needs to be translated to an address of the form ‘’ i.e. the address of the web server hosting the website (or webpage). The Domain Name System (DNS), translates the address http://www.example.com to (Refer to my blog on DNS for more information about DNS)

Once the DNS translates the request and sends it back to the browser, the browser send a request to the server located at; The server sends the response back in HTML or some programming/ scripting/ markup language that can be interpreted on the screen as response which is then rendered to us as a result.

While, the whole process looks overwhelming, all of this happens in a time faster than a blink of an human eye 🙂