๐Ÿฆ˜ Bounce Tracking Mitigations

Back

What is Bounce Tracking?

Bounce tracking is a technique where a tracker site acts as an intermediary redirect. Instead of linking directly to a destination, the link goes through a tracking domain that sets cookies before redirecting the user to the final destination.

Normal navigation:

User โ†’ site-a.com โ†’ site-b.com


Bounce tracking:

User โ†’ site-a.com โ†’ tracker.com (sets cookie!) โ†’ site-b.com

Modern browsers detect this pattern and can delete the tracker's storage (cookies, localStorage, etc.) to protect user privacy.

Link Types Comparison

โŒ Potentially Tracked Link

No referrer policy, no rel attributes. The destination site and any redirect intermediaries can see where you came from.

Unprotected Link

โš ๏ธ Partially Protected

Uses referrerpolicy="no-referrer" to hide the origin, but doesn't prevent opener access.

With Referrer Policy

โœ… Fully Protected Link

Uses both referrerpolicy="no-referrer" and rel="noopener noreferrer" for maximum privacy protection.

Fully Protected

Simulate Tracking Cookie

This section simulates what a bounce tracker would do โ€” set cookies and storage during a brief redirect. Use DevTools to observe the storage being created.

๐Ÿ”ง DevTools: Inspecting Bounce Tracking

  1. Open DevTools โ†’ Application panel
  2. Look for Background services โ†’ Bounce Tracking Mitigations
  3. This section shows domains identified as potential bounce trackers
  4. You can also check Cookies and Local Storage to see what trackers store
  5. Use the Network panel to observe redirect chains (3xx status codes)

Chrome flags to explore:

๐Ÿ“ Practice Exercise

  1. Click "Simulate Tracker Setting Data" and observe Cookies & Local Storage in the Application panel
  2. Click "Clear Simulated Data" โ€” what happens to the stored data?
  3. Click the different links and use the Network panel to observe referrer headers
  4. Check chrome://flags/#bounce-tracking-mitigations to see the feature status
  5. Open the Application panel โ†’ Cookies to examine what data each domain stores