What is Tracking Pixel?
Also known as: Web pixel, 1x1 pixel, Web beacon
What is a tracking pixel?
A tracking pixel is a 1x1 transparent image or short JavaScript snippet embedded in a webpage, email, or mobile app that silently fires a network request to a remote server when it loads. The request carries data about the user: page URL, referrer, browser, IP address, and any custom event parameters the marketer attached.
The original tracking pixels were literal images. A <img src="https://tracker.com/p.gif?id=123"> tag loaded a 1x1 GIF and the server logged the request. Modern tracking pixels are mostly JavaScript tags that fire richer event data, but the term stuck. See the broader pixel entry for the underlying concept.
How tracking pixels work (image vs JavaScript pixels)
Tracking pixels work by embedding a remote resource that the browser must fetch, then logging that fetch request on the server side. Per the IAB Tech Lab, the two technical patterns are image pixels and JavaScript pixels. Image pixels work everywhere including emails. JavaScript pixels work only in browsers but capture more data.
Image pixels (web beacons)
The classic format. An <img> tag points at a 1x1 transparent file on a tracking domain. Query string parameters carry the payload. Example.
<img src="https://t.example.com/p.gif?u=user123&e=open" width="1" height="1" />Image pixels fire in any HTML context. Emails. Forum posts. Old browsers. They cannot read cookies, run logic, or capture custom events beyond what fits in the URL.
JavaScript pixels
The modern format. A <script> tag loads a tracking library that reads cookies, captures referrer data, listens for click events, and sends rich payloads via fetch or navigator.sendBeacon. Meta Pixel, Google Tag, and TikTok Pixel are all JavaScript pixels.
JavaScript pixels run only where JavaScript runs. Most webmail clients strip them, which is why email trackers still use image pixels.
Common tracking pixels
Every major ad and analytics platform ships its own tracking pixel. Per eMarketer 2024 ad tech reports, Meta and Google pixels appear on more than 70 percent of ecommerce sites globally. The taxonomy below covers the platforms most performance teams install.
| Platform | Pixel name | Script source | Primary use |
|---|---|---|---|
| Meta | Meta Pixel | connect.facebook.net/.../fbevents.js | Facebook, Instagram ads |
| Google Tag (gtag.js) | googletagmanager.com/gtag/js | Google Ads, GA4 | |
| Insight Tag | snap.licdn.com/li.lms-analytics/insight.min.js | LinkedIn Ads B2B | |
| X (Twitter) | X Pixel | static.ads-twitter.com/uwt.js | X Ads |
| TikTok | TikTok Pixel | analytics.tiktok.com/i18n/pixel/events.js | TikTok Ads |
| Reddit Pixel | www.redditstatic.com/ads/pixel.js | Reddit Ads | |
| Pinterest Tag | s.pinimg.com/ct/core.js | Pinterest Ads |
Most setups stack three or four of these on a single site. A tag manager like GTM keeps the load order sane and avoids double-firing. See Meta Pixel for a deeper look at the most common one.
Where tracking pixels live (web, email, mobile in-app SDKs)
Tracking pixels live wherever a server can serve an image or run a script. Per Litmus 2024 email research, 95 percent of marketing emails contain at least one tracking pixel for open detection. The three primary surfaces.
Web pages
The default home for tracking pixels. Installed in the <head> or via a tag manager. Fires on page load, scroll, click, or custom event. Reads first-party and third-party cookies where the browser allows.
Email tracking pixels are almost always image pixels. A 1x1 GIF served from the sender's tracking domain. When the recipient's mail client loads the image, the server logs an open. Apple Mail Privacy Protection breaks this by pre-fetching all images, which is why open rates jumped 30 to 60 percent on Apple devices after 2021 and stopped reflecting real opens.
Mobile in-app SDKs
Native iOS and Android apps cannot fire web pixels directly. Instead they bundle SDKs from Meta, AppsFlyer, Adjust, and Branch that send the same event payloads via authenticated API calls. The mechanic differs. The data shape matches the web pixel one-to-one, which keeps cross-channel attribution coherent.
Tracking pixel vs cookie (the relationship)
Tracking pixels and cookies are partners, not substitutes. The pixel fires the event. The cookie identifies the user. Without a cookie or another identifier, the pixel records anonymous traffic with no way to stitch sessions together.
The standard sequence.
- User visits site for the first time. Pixel fires. Server sets a cookie with a unique ID.
- User returns three days later. Pixel fires again. Server reads the cookie. Recognizes the user.
- User completes a purchase. Pixel fires
Purchaseevent. Server attributes it to the original ad click stored against that cookie ID.
Strip the cookie and the chain breaks. Per the IAB Tech Lab, this is exactly what Safari ITP, Firefox ETP, and the long arc of third-party cookie deprecation are doing to browser-based tracking. The fix is server-side tracking that uses first-party identifiers like hashed email or external_id.
Privacy considerations (consent, ATT, GDPR)
Tracking pixels are the most regulated piece of ad tech in 2026. Per the Electronic Frontier Foundation, pixels collect identifiers that qualify as personal data under GDPR, CCPA, and most modern privacy laws. Three regimes shape what marketers can do.
GDPR and the ePrivacy Directive (EU, UK)
Non-essential tracking pixels need explicit, granular, opt-in consent before they fire. Pre-checked boxes do not count. The pixel must wait until the user accepts the cookie banner. EU regulators issued more than 1,000 enforcement actions tied to pixel consent between 2022 and 2025.
Apple App Tracking Transparency (ATT)
iOS apps must show a system prompt before accessing the IDFA identifier used for cross-app pixel attribution. Per Meta's own 2022 disclosures, ATT cost the company an estimated $10 billion in 2022 ad revenue. Mobile pixel match rates dropped 30 to 50 percent overnight on Apple devices.
CCPA and US state laws
California, Virginia, Colorado, Connecticut, and Texas now require an opt-out path for "sale" or "sharing" of personal data, which most regulators interpret to include third-party tracking pixels. The Global Privacy Control browser signal must be honored as a valid opt-out.
The practical pattern. Run a consent management platform. Block non-essential pixels until consent. Pair browser pixels with server-side events keyed by hashed first-party data so the account stays viable when cookies disappear.
Real-world example with numbers
A B2B SaaS company runs a Q1 LinkedIn campaign for a $400 monthly product. They install the LinkedIn Insight Tag, the Meta Pixel, and Google Tag on their pricing and signup pages. The campaign drives 12,400 ad clicks at $7.20 average CPC, total spend $89,280.
Browser-only tracking results.
| Pixel | Recorded leads | Recorded trials | Reported CPL |
|---|---|---|---|
| LinkedIn Insight Tag | 184 | 71 | $485 |
| Meta Pixel (cross-channel) | 41 | 18 | n/a |
| Google Tag (assisted) | 96 | 39 | n/a |
| HubSpot CRM (truth) | 312 | 124 | $286 |
The browser pixels under-report leads by 41 percent. Apple Mail Privacy Protection broke email confirmation tracking. Safari ITP truncated 7-day cookies. Roughly 18 percent of clicks went to ad-blocking users.
The team adds server-side LinkedIn Conversions API and Meta Conversions API. They send hashed email and external_id from HubSpot whenever a lead converts. Shared event_id deduplicates the browser-server pair.
Forty-five days later, LinkedIn reports 298 leads and 119 trials. The gap to HubSpot truth narrows to 4 percent. Reported CPL drops to $300, much closer to actual unit economics. The campaigns did not change. The pixel-plus-server stack recovered $50,000 worth of attributable spend that browser-only tracking lost.
Related terms
Frequently asked questions
What is a tracking pixel in plain English?
A tracking pixel is a tiny invisible image or script placed on a webpage or inside an email. When the page loads, the pixel makes a silent request to a server. That request tells the server who visited, when, and from where. Marketers use tracking pixels to count opens, clicks, conversions, and retargeting eligibility.
Is a tracking pixel the same as a cookie?
No. A tracking pixel is the trigger that fires the request. A cookie is the small file stored in the browser that identifies the user. The pixel reads or writes the cookie when it fires. Tracking pixels need cookies (or a similar identifier like a hashed email) to recognize repeat visitors and attribute conversions.
Are tracking pixels legal under GDPR?
Tracking pixels that collect personal data require informed consent under GDPR and the ePrivacy Directive. Per the European Data Protection Board, consent must be explicit, granular, and revocable. Most EU sites block non-essential pixels until the user accepts a cookie banner. Email tracking pixels face stricter scrutiny since 2024 enforcement actions.
Can users block tracking pixels?
Yes. Browser extensions like uBlock Origin and Privacy Badger block known pixel domains. Apple Mail Privacy Protection pre-loads email images on Apple's proxy servers, breaking open tracking on Apple devices. Safari ITP and Firefox ETP restrict third-party pixel cookies. Per the EFF, 30 to 50 percent of pixel events get blocked or distorted in 2026.
What is the difference between a tracking pixel and server-side tracking?
A tracking pixel runs in the user's browser. Server-side tracking runs on your backend. The pixel fires from the page. The server fires from your application after a database write. Modern setups run both, deduplicated by event ID, to recover conversions lost to ad blockers and Safari ITP. See server-to-server tracking for the pattern.