What is Cookie Piggybacking and Is it a Compliance Risk?

October 20, 2021 - Ensighten

Cookie piggybacking, also referred to as cookie syncing and piggybacking tags is a term used to describe a common web development practice that is exposing many companies to avoidable risks and compliance issues.

In many cases cookie piggybacking is a normal and useful practice that allows companies to share user information with each other without having to constantly target the same users. In this way, multiple piggybacking tags can be deployed to collect various types of user information about website visitors without each one having to be clicked or activated individually.

Unfortunately, when used irresponsibly, cookie piggybacking can cause privacy issues and expose website owners to compliance issues with regulations like the European Union’s General Data Protection Regulation (GDPR 2016/679), Brazil’s General Personal Data Protection Law (LGDP 13709/2018),
and California’s California Consumer Privacy Act (CCPA).

In this article, learn more about the topic of cookie piggybacking, why this issue is important, and what your website needs to do to mitigate compliance and privacy risks posed by the practice.

Introduction to Targeting and Advertising Cookies

Targeting and advertising cookies are specifically designed to collect information about your website visitors to display relevant advertisements to them based on their interests and previous internet activity. Cookies help digital marketing teams understand user behaviors and gain insight into which types of campaigns are likely to lead to positive conversion rates with certain demographics and user bases.

In most cases, the cookies deployed today are described as third-party persistent cookies. This means that they will essentially follow users as they navigate across the internet so that targeted advertisements can be delivered to the types of people most likely to benefit from them. An example of this could be a targeting cookie that is triggered when a user visits a website that does not display a specific advertisement until that user has reached a specific social media platform.

Cookies help advertisers gain valuable insights about website visitors that, in turn, let them offer more targeted and specific advertisements. However, there is a dark side to cookies that many website owners may not be fully aware of.

The Security, Performance, and Compliance Issues Caused by Cookie Piggybacking

One of the major problems with cookie piggybacking is that this practice creates the opportunity for third-party advertisers to gain access to your website’s data and cause a cascade effect that leads to your site’s performance to suffer.

This is not caused by malware or hacking, but it is a consequence that can happen when an advertiser deploys a targeting cookie and the process repeats, again and again, creating a daisy chain effect that continues to bog down your site more as more and more advertisers take advantage of your data.

The more cookie piggybacking that occurs on your site, the more likely it is that you will experience the following negative and avoidable outcomes:

Data Leakage. Plain and simple: the more cookie piggybacking that is going on at your site, the greater chance there is for your sensitive data to fall into the wrong hands. In this way, cookie piggybacking does open the door to more serious security issues such as a data leak that places your sensitive information in unauthorized third-party hands.

Slowed Load Times. Each time a daisy-chained cookie is triggered, it causes more information to be sent to servers that could be on the other side of the world. This will dramatically slow down the speed at which your site loads. Users will not stick around if your pages do not open as expected and for many ecommerce brands, you don’t get a second chance to make a great first impression.

Data Loss. As your site slows, there is a greater opportunity for a process such as completing a sale to go wrong. This means that your customer might think the sale is complete while on your side of things, you have lost the data needed for fulfillment. The result is lost opportunities and revenues.

Compliance Issues. Since the passage of the GDPR, LGDP, and CCPA, website owners around the world have been tasked with new standards for data collection and privacy. Improperly collecting data such as tags and cookies is a violation of these laws and could expose your website to significant legal expenses.

Your Website Privacy and Compliance Partner

Compliance with regulations like the GDPR and CCPA isn't just a privacy issue--it's a business issue. Noncompliance can result in fines of up to 4% of annual turnover, and worse, a loss of consumer trust. Truly compliant solutions should work autonomously, with no dependencies on other systems, to enforce the privacy choices of users and keep cookies, both first and third party, from firing without consent. 

Ensighten’s CMP+ takes control of a website, app, or digital asset and fundamentally changes how the page is rendered based on the user's preferences.

If a user has opted out of having their data used for the purposes of analytics, Ensighten does not attempt to integrate to the analytics platform that would otherwise receive data. It does not drop a cookie signaling that the user would prefer not to be tracked.

Instead, Ensighten disables and renders useless any traffic to the analytics company at all, making it impossible for mistakes to happen or for a company to leak information to a third party due to integrations not performing as expected. 

With Ensighten Consent Management Plus (CMP+), you can set up geo-targeted consent banners and give your customers a clear-cut choice on how their data is used, or whether it is collected. And you can enforce those preferences.

Request a demo to see how Ensighten can help your organization meet its compliance goals






Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Online skimming blog

Learn why third-party components on your website could be leaving you vulnerable to online skimming attacks

Read Now

Web skimming webinar

Learn more about how online skimming attacks happen and how you can protect against them

Watch Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against online skimming

Book Now