There are all kinds of ways for companies to pass information around the web from one site to another. One of the simplest options is known as link decoration. Used by publishers, advertisers, affiliate marketers and major platforms, link decoration has been a common practice online for years but has recently attracted renewed attention for how it can be used to track people online and side-step Apple’s anti-tracking efforts.

Sounds fun. WTF is it?
Link decoration is one of those rare terms that means exactly what it sounds like. It’s a method of adding extra information to the URL in a link that a person clicks on. This extra information doesn’t change the link’s destination but provides a way to pass information to the destination site. This extra information appears after a “?” that has been added to a URL. Collectively, the information included after the “?” is called a query string, and that query string can consist of multiple individual pieces of information that are called query parameters.

How does link decoration work?
There are two main ways to decorate a link. The basic way is to statically attach the extra information to the URL when a link is created. Publishers typically do this in their email newsletters for links that point back to their sites. Instead of including a simple link like “http://www.example.com/article,” they will decorate the link to look like “http://www.example.com/article?referrer_source=emailNewsletter” in order to know when someone visited that page by clicking on a link in their newsletter.

The other, more complex way to decorate a link is to run some Javascript code that is triggered when a person clicks on a link and dynamically adds information to a link. Companies will do this when they want to pass information specific to the individual click that led someone to the destination site. For example, an advertiser might do this to track a display ad campaign that is running across multiple publishers’ sites and links to the advertiser’s site. Instead of manually customizing the link for each publisher carrying its ad, the advertiser can have the code add “?publisher=[name of publisher]” to the URL at the time when a person clicks on the ad. This way the advertiser can determine which publisher was responsible for sending the site visitor.

How is a site able to collect the information added to a link?
Sites run Javascript code that grabs the text of the URL, pulls out the query string and then analyzes the various query parameters, which are separated by the “&” symbol. Each query parameter is formatted the same way. There’s the label chosen for the information, an equal sign and then the information itself: “label=information.” Thanks to the uniform formatting, it’s easy for sites to process this structured data and use it however they’d like, such as by recording the referral source or storing the information in a cookie that serves as a unique file that the site can keep on each visitor.

Is link decoration only used to know the referral source for site visits?
Nope. Any information — technically, any combination of letters and numbers that represent information — can be attached to a link. For example, if you fill out a form online, link decoration can be used to pass the information you filled out to whatever page receives the completed form. You can see this when performing a Google search for, say, “digiday.” The URL of the search results page will include the query parameter “q=digiday,” which is added after the initial search query is submitted (the “q” is Google’s chosen label for “query”).

Is link decoration a new practice?
Not at all. While the exact origin of link decoration is unclear, link decoration has been used for years to pass information from site to site as well as from page to page on the same site.

So why are we talking about it now?
Because companies including Facebook and Google have been using link decoration to side-step the anti-tracking feature that Apple has added to its Safari browser and Apple is not okay with it anymore.

How are companies using link decoration for cross-site tracking?
Here’s a WTF article that breaks it down in depth.

Here’s the CliffsNotes version: Apple doesn’t like third-party companies like Facebook and Google track people on websites they don’t own, so it added an anti-tracking feature to its Safari browser. Facebook and Google found a workaround to Apple’s anti-tracking tool. They would use link decoration to attach information, which they could use to identify a user, to links they can control and pass that information to the destination site, which would cooperate by dropping a first-party cookie to store that identifying information for Facebook or Google to access through code stored on the site. To limit Facebook’s and Google’s ability to track people around the web through first-party cookies dropped via link decoration, it has decided to delete those cookies if it believes they were dropped via this method.

And here’s a video explanation if you’re the visual type.

Oh, so link decoration isn’t bad?
Nope, it’s just another basic web feature that advertising companies have appropriated to track people around the web. Just like the cookie.

  • LinkedIn Icon