Privacy-first analytics: How Cabin measures unique visitors without cookies

The challenge of privacy-first web analytics

When Google announced the eventual phasing out of third-party cookies, many website owners started searching for alternatives. Cabin had already taken a different path - we built our analytics platform without using cookies, fingerprinting, or unique identifiers from the very beginning.

This raised an important technical challenge: How do you accurately count unique visitors without using any tracking technologies that compromise user privacy?

Why traditional analytics platforms fall short

Most analytics services, including Google Analytics, rely on cookies to track visitors. They store a unique identifier (UID) in a cookie on your computer, allowing them to recognize you when you return. Even many "privacy-focused" alternatives simply move this tracking server-side:

1. They generate a fingerprint based on your User Agent, IP, location, and other data points
2. This fingerprint is stored in a database and checked on each visit
3. Some services wash this data periodically to improve privacy

However, research at Cabin revealed a significant privacy concern: linking multiple data points together, even with anonymized UIDs, could potentially reveal someone's identity. Connecting just a few elements like city, time, and visited pages could lead to identifying a specific individual.

Cabin's cookieless innovation: the Last-Modified method

We developed a completely different approach that requires no cookies, no database of visitor identifiers, and even works in the oldest browsers. Here's how our clever solution works:

The technical breakdown

1. When a browser first visits a Cabin-enabled website, our server responds with:

   • Cache-Control: no-cache header (telling the browser to store the request but revalidate it)
   • last-modified: [Current Date] 00:00:00 GMT (set to the beginning of the current day)

2. For each subsequent visit from the same browser on the same day:

   • The server receives the last-modified date
   • Increments it by one second
   • Returns the updated timestamp to the browser

3. The server calculates the difference in seconds since midnight to determine unique visits

This elegant solution encodes the visit count within the date itself, stored in the browser's cache, without using any cookies or fingerprinting techniques.

Accurate bounce rate tracking

This system can also measure bounce rates - a critical metric for understanding user engagement:

• First visit: Counts as unique visit AND potential bounce
• Second visit: Counts as a visit but removes the bounce count
• Subsequent visits: Only counts as additional visits

First visit:
visits +1 | uniques +1 | bounces +1

Second visit: 
visits +1 | uniques 0 | bounces -1

Subsequent visits:
visits +1 | uniques 0 | bounces 0

Why choose Cabin as a Google Analytics alternative

Cabin's innovative approach offers several advantages over traditional analytics platforms:

• Truly cookieless analytics: No cookies, no UIDs, no fingerprinting
• Privacy law compliant: No consent banners needed
• Lightweight implementation: Minimal impact on site performance
• Carbon-conscious: Track and reduce your website's carbon footprint
• Simple dashboard: Just the metrics that matter

A personal note

At Cabin, we believe you don't need to sacrifice user privacy for valuable insights. We started this project because we wanted analytics that respected users while still providing the data website owners need. The technical solution described here emerged from countless hours of experimentation to find a way to count visitors without compromising privacy.

If you're curious about how our unique visitor tracking works in your own environment, you can try Cabin and see for yourself how privacy-first analytics can work for your site.