Marketing tags sometimes referred to as tracking pixels, are an important part of the e-Commerce ecosystem. These seemingly unobtrusive code snippets allow for third party companies and agencies to track visitor behavior on your website. This technology has many benefits, some of which include campaign analytics, personalization, and retargeting. These third parties always tout the benefits of their tags but rarely cover the hidden costs and risks associated with them.

Death by a thousand paper cuts

According to Amazon, 100ms of latency costs them 1% of sales. While these numbers vary between retailers, the fact is that website speed directly affects sales. This is where marketing pixels can sometimes do more damage than good. While one tag doesn’t seem like much, they can quickly add up and significantly slow down your pages. The number of tags on your website can easily get out of control if you are not on top of each and every tag, and if those tags are piggybacking additional tags. Piggybacking is when a third party tag includes additional tags, which can then include additional tags, and so on. Piggybacking tags allow for ad networks to increase audience reach, but it can also dramatically increase the number of tags on your page. Taking a look at 10 of the top online retailers using the Ghostery Browser Extension, the average number of marketing pixels was 11. It was easy to find retailers with 40+ marketing tags on their homepage, while Amazon.com had 2. I encourage you to audit your own website using Ghostery and ask your team if all of the tags are necessary.

Do you trust them with everything?

When you include a JavaScript snippet for a marketing tag, you are essentially giving that company (and any piggybacked company) full control over your website. They have the ability to make changes to your web page, run code on your customers’ machines, and leak sensitive information. Their security breaches now become yours, and your customer data now becomes theirs. If your website is including 40+ marketing tags, you should ask yourself: Do I trust all these companies with my website and customer information? Does my team know what data is being shared through these tags? What safeguards are in place for when one of these companies gets hacked? The truth is, many retailers are not aware of all the tags that are including potentially harmful JavaScript on their web pages. These tags are usually added and forgotten about, sometimes left well after contracts have expired with the agency. For helpful tips on how to secure your website from these tags, refer to the OWASP 3^rd Party JavaScript Management Cheat Sheet.

Invest in a Tag Manager and a process

Answering the questions above is a good start, but putting tools and processes in place to clean up your marketing tags is the only way to safeguard yourself against these risks. Make sure your company has a process in place for approving the addition, and more importantly the removal of marketing tags. The tag should be clearly documented, including the data that is shared with the 3^rd party. You should then frequently audit your tags to make sure nothing has changed since the implementation, and that there is no piggybacking of unapproved tags. Tag Managers do not solve all of these problems, but they do allow for tags to quickly and easily be added and removed without a code deployment. If you are currently not able to disable a marketing tag within a few minutes, I encourage you to find a Tag Manager that would allow you to quickly react in case of a security breach.