How do tracking pixels work?

When a browser loads a page that contains a tracking pixel, it makes an HTTP request to the pixel's server. The request automatically carries the user's IP address, browser and device information, the URL of the referring page, and any cookies the server has previously set. The server logs everything, which is how the operator counts page views, email opens, ad impressions, and conversions.

Are tracking pixels the same as cookies?

No. Cookies are small text files stored in the browser. Tracking pixels are image requests made to a remote server. They often work together though: a pixel request can set or read cookies, which is how event data (this user just opened this email) gets joined to a persistent identifier.

Explained

Cookies & Tracking Updated Apr 12, 2026

What Is a Tracking Pixel?

Q: What is a tracking pixel?

A tracking pixel (sometimes called a web beacon or pixel tag) is a tiny, typically invisible image, usually 1x1 pixel, embedded in a web page or email. When the page or email loads, the browser fetches the image from a remote server, and the request hands over the user's IP address, browser type, timestamp, and the URL of the page.

A tracking pixel is a tiny, typically invisible image (usually 1x1 pixel) embedded in a web page or email. When the page or email loads, the browser fetches the image from a remote server. The request hands over the user's IP address, browser type, timestamp, and page URL along the way. For whoever owns the pixel, that is enough to record page views, email opens, and other user behaviour without putting anything visible on the screen.

How tracking pixels work

A tracking pixel is an HTML image tag or a JavaScript snippet that loads a resource from an external server. The image itself is invisible to the user, either because it is literally 1x1 pixel in size or because it is hidden with CSS.

When the browser fetches that image, the HTTP request automatically carries a handful of useful data points along with it:

The user's IP address (good enough for rough geolocation)
The User-Agent string, which gives away the browser, OS, and device
The referrer URL, i.e. the page the pixel was loaded on
Any cookies the pixel's domain has already set
A timestamp for when the request was made

The server logs all of this and can set new cookies in the response, which creates a persistent link between visits.

Common types of tracking pixels

Conversion pixels sit on thank-you and confirmation pages and report whether an ad ended in a purchase or signup. Retargeting pixels record which pages you visit so ad networks can serve you related ads later. Email open pixels go inside marketing emails and ping the server when (and if) the recipient opens the message. Social media pixels, like the ones from Meta and LinkedIn, link your on-site behaviour to targeting on those platforms.

Tracking pixels vs. cookies

Cookies and tracking pixels are different mechanisms, but they often work together. A cookie is a small text file stored in your browser. A tracking pixel is a server request triggered by loading an image.

A pixel request can read cookies and set new ones, either through the HTTP Set-Cookie response header or through companion JavaScript (the full technical breakdown is in How Do Tracking Pixels Set Cookies?). The combination is what makes tracking work: the pixel fires when something specific happens, like a page view or an email open, and the cookie keeps the user identified across sessions.

Privacy implications

Tracking pixels are invisible and fire automatically, so users typically have no idea they are being tracked. Under regulations like GDPR, any pixel that processes personal data or sets a cookie needs informed consent. The same rules apply to third-party cookies.

The hard part for site operators is visibility. Pixels get added by tag managers, marketing platforms, or third-party scripts without the site owner ever explicitly approving them. Tagmaps watches every network request your pages make and traces each pixel back to the script that loaded it.