How Fairlytics Counts Unique Visitors Without Cookies

One of the most common questions we get: "How can you count unique visitors without cookies?" It's a fair question. Here's the technical answer.

The problem with cookies

Traditional analytics tools assign each visitor a unique cookie ID (like _ga=GA1.2.123456789.1234567890). This cookie persists for months, allowing the tool to recognize returning visitors across sessions.

The problem: this is personal data under GDPR. It uniquely identifies a browser (and by extension, a person). That's why Google Analytics requires consent.

Our approach: session-scoped counting

Fairlytics uses a different method. When our script loads, it generates a random session ID and stores it in the browser's sessionStorage:

var id = crypto.randomUUID();
sessionStorage.setItem('et_sid', JSON.stringify({id: id, t: Date.now()}));

Key properties of sessionStorage:

• Tab-scoped: each browser tab has its own sessionStorage
• Automatically cleared: when the tab or browser is closed, it's gone
• Not sent to servers automatically: unlike cookies, it's not included in HTTP headers
• Not accessible cross-site: no tracking across domains

How we count "unique visitors"

Our "unique visitors" metric counts distinct session IDs within a time period. This means:

• A visitor who opens your site, browses 5 pages, and leaves = 1 unique visitor
• The same person returning the next day = a new unique visitor (because sessionStorage was cleared)
• Two tabs open simultaneously = 2 unique visitors (separate sessionStorage)

This is less precise than cookie-based tracking for repeat visitor counting, but it's accurate for daily/weekly unique visitor trends — which is what most website owners actually need.

Why this is privacy-friendly

The session ID is:

• Random: it reveals nothing about the visitor
• Ephemeral: it's gone when the tab closes
• First-party only: it stays in the browser, never shared with third parties
• Not a persistent identifier: it can't be used to track someone over time

Because the session ID doesn't persist and can't identify an individual, it doesn't qualify as personal data under GDPR.

What about accuracy?

In practice, session-based unique visitor counting is surprisingly close to cookie-based counting for most use cases:

• Daily uniques: very accurate (most people don't close and reopen their browser multiple times per day)
• Weekly uniques: slightly overcounts repeat visitors, but trends are reliable
• Monthly uniques: overcounts more, but relative changes are still meaningful

For most websites, the difference is 10-20% compared to cookie-based counting — a small price for complete privacy compliance and no consent banners.

The bottom line

You don't need to track individuals to understand your traffic. Session-scoped, ephemeral identifiers give you the insights you need while respecting your visitors' privacy.

That's the Fairlytics approach: useful analytics, zero personal data.