A web beacon is a tiny, usually invisible image or code snippet embedded in a web page or email. When it loads, it pings a server, recording that you accessed the content along with your IP address, timestamp, and device details. It also goes by tracking pixel and clear GIF.
Below: what it is, how it differs from a cookie, where it shows up, and how to limit it.
What Is a Web Beacon?
A web beacon is a tracking technique, not a stored file, as Wikipedia's definition confirms. It is a tiny invisible resource, usually a 1x1 pixel image, referenced inside a web page or an email. When your browser or email client loads that resource, it sends a request to a server. That request tells the server you viewed the content and hands over your IP address, the time, and details about your device and browser.
The web beacon is the umbrella term for this technique. Its most common modern name is the tracking pixel, which we break down in full separately. Several other names describe the same core idea, and the next section covers each one.
In short: a web beacon does not sit on your device. It fires the moment you load something that contains it.
What Else Is a Web Beacon Called? (Clear GIF, Pixel Tag, Web Bug)
A web beacon goes by at least five common names. Each name is tied to a different community or era of the term. All of them describe the same technique: an embedded resource that pings a server on load.
- Clear GIF (transparent GIF): The original form, a 1x1 pixel image with no visible color, so it never shows up on the page.
- Pixel tag: The name marketing platforms use most often; the sibling page on pixel tags covers this specific usage in depth.
- Web bug: An older term from the security research community, emphasizing the covert, bug-like nature of the tracker.
- Spy pixel: A framing common in email-privacy writing, emphasizing the silent surveillance angle.
- Tracking pixel: The most widely used modern synonym across marketing and analytics contexts.
These terms are used interchangeably in practice. If a source calls something a clear GIF, a pixel tag, or a tracking pixel, it is almost always describing the same web beacon mechanism.
How Does a Web Beacon Work?
A web beacon works through a background HTTP request triggered the moment its host content loads. The sequence is short and happens without any visible cue to the person viewing the content.
To fire a web beacon:
- HTML in a page or email references a remote image or resource.
- The browser or email client automatically fetches that resource from its server.
- The fetch transmits the visitor's IP address, timestamp, device type, and browser details.
- If a cookie already exists for that visitor, the beacon links the new visit to the same profile.
A separate, legitimate mechanism shares the "beacon" name: the Beacon API, invoked in code as navigator.sendBeacon(). MDN describes it as sending "an asynchronous and non-blocking request to a web server" that "does not expect a response". This is a modern, disclosed method developers use for analytics and performance logging. It differs from the covert 1x1-image beacon this article defines, even though many sources blur the two together.
Where Web Beacons Are Used
Web beacons show up in three common contexts: email, website analytics, and advertising. Each use case relies on the same background-request mechanism described above.
Email Open Tracking
Email is the web beacon's original heartland. A sender embeds a beacon in an HTML email. When you open the message, the beacon loads and reports back that you opened it. It also reports roughly when, and from what device or location based on your IP.
Two mail-provider changes have blunted this in recent years. Apple's Mail Privacy Protection preloads images through a proxy, masking the real open time and IP. Gmail's own image-caching proxy does something similar. Neither change eliminates email beacons, but both make the open-tracking data less reliable than it used to be.
Website Analytics
On websites, beacons count visitors, track page views, and log navigation paths, a practice often called page tagging. Analytics platforms pair a beacon with a script tag so the beacon fires alongside other tracking calls on each page a visitor loads.
Advertising and Retargeting
Advertisers place beacons to confirm ad views and conversions. Working alongside cookies, a beacon helps build a profile of a visitor's browsing habits across multiple sites, which advertisers then use to serve targeted ads.
How Is a Web Beacon Different from a Cookie?
A cookie is a small text file stored on your device that a site can read back later. A web beacon stores nothing: it is an embedded resource, and the act of loading it is the entire tracking event. You cannot simply decline a beacon the way you can reject a cookie banner. The beacon fires as soon as the surrounding content loads.
| Aspect | Cookie | Web beacon |
|---|---|---|
| What it is | A small text file | An embedded image or code resource |
| Stored on device? | Yes | No |
| Can you decline or delete it? | Yes, through browser settings or a consent banner | Not directly; it is embedded in the content itself |
| Main job | Remembers state across visits (login, preferences, session ID) | Confirms content was loaded and reports visit data |
Understanding what a cookie is first makes the distinction clearer. A cookie is something your browser holds onto. A beacon is something that happens the instant it loads a page or message.
Web Beacons and Tracking Pixels: Same Thing?
In everyday use, a web beacon and a tracking pixel refer to the same technique. "Web beacon" is the broader umbrella term, covering both web pages and emails. "Tracking pixel" is the name marketers use most often, especially for the email and ad-retargeting use cases. Clear GIF describes the same thing again, from its original visual form. For the full breakdown of tracking-pixel mechanics and marketing use, see the dedicated FAQ entry below.
Are Web Beacons a Privacy Concern? (Consent and the Law)
Yes, web beacons raise real privacy concerns. They collect data silently and are hard to see or decline. A web beacon counts as a non-essential tracking technology under EU law.
The ePrivacy Directive and the GDPR's consent standard require the site to secure cookie consent before the beacon fires. UK regulator guidance is explicit that consent covers cookies "and similar technologies," a phrase that expressly includes beacons and pixels. GDPR sets the bar directly: consent "must be freely given, specific, informed and unambiguous," per the GDPR's consent requirements.
A web beacon is not malware by itself. It can be misused for phishing reconnaissance, since a beacon can confirm that a specific email address is active and being read. In the United States, laws like the CCPA and CPRA take an opt-out approach instead, letting visitors refuse tracking after the fact.
Either way, the visitor needs a clear way to grant or refuse that permission, which most sites present through a cookie banner.
How to Limit or Block Web Beacons
You cannot block web beacons completely, because they are embedded in the content you load. You can limit them significantly depending on whether you read the email, browse the web, or run the site the beacon appears on.
As an Email Reader
Turn off automatic image loading in Gmail, Apple Mail, or Outlook. Most email beacons only fire once the image loads, so this single setting stops the majority of them. Apple's Mail Privacy Protection now does something similar by default. It preloads images through a proxy, so the sender never sees your real open time or IP address.
As a Website Visitor
Install a tracker-blocking extension such as Ghostery, Privacy Badger, or uBlock Origin. Privacy-focused browsers, including Firefox with Enhanced Tracking Protection and Brave, block many known tracking beacons automatically. A VPN masks your IP address, making the data a beacon collects far less useful for identifying you specifically.
As a Website Owner
Most guides stop at the reader's side, but site owners carry a duty too. Your site may load third-party beacons or pixels from an ad network, an analytics tool, or an embedded widget. You need to detect them and block the non-essential ones until each visitor consents. Detecting and controlling these trackers is part of overall cookie compliance, not a one-time setup step.
How Consently Detects and Blocks Web Beacons on Your Site
Consently scans your site to find the cookies, trackers, scripts, and beacons running on it, then blocks the non-essential ones until each visitor consents.
I've seen how easy it is for a third-party beacon to slip onto a page unnoticed. It hides inside an embedded widget or ad script nobody remembers adding. Consently's automatic full-site scan crawls your site on install. It detects the cookies, trackers, scripts, and iframes present, so a hidden beacon surfaces in the scan results instead of firing unseen. Weekly scheduled scans catch anything new that gets added later.
Once a beacon or tracker shows up in that scan, Consently's auto-blocking, script blocking, and iframe blocking take over. They hold non-essential trackers, including third-party pixels delivered through scripts or embeds, until the visitor gives consent.
Consently sends Google Consent Mode v2 and IAB TCF v2.3 signals at the same time. Analytics and ad platforms keep working correctly for visitors who do consent. Every consent decision is logged, giving you an audit trail if you ever need to show that tracking waited for permission.
Try Consently free to scan your own site and see which trackers are running on it before you decide what to allow.
FAQs
What is a web beacon in simple terms?
A web beacon is a tiny invisible image or code snippet in a page or email that tells a server you opened or viewed it. It works by triggering a background request the moment the content loads.
What is another name for a web beacon?
A web beacon is also called a clear GIF, a transparent GIF, a pixel tag, a web bug, a spy pixel, or a tracking pixel. All of these terms describe the same technique.
Is a web beacon the same as a tracking pixel?
Effectively, yes. Tracking pixel is the name marketers use most often, while web beacon is the broader umbrella term that covers both website and email tracking.
How do I know if an email has a web beacon?
You usually cannot see a web beacon directly, since it is invisible by design. Disabling automatic image loading in your email client stops most beacons from firing. Some privacy-focused email apps or browser extensions flag or block them outright.
Do web beacons need consent under GDPR?
Yes. A web beacon counts as a non-essential tracking technology. EU ePrivacy and GDPR rules require the site to secure prior consent before it loads, the same standard that applies to non-essential cookies.
Are web beacons dangerous?
A web beacon is not malware on its own. It collects data silently and can be misused for phishing reconnaissance, since it can confirm that a specific email address is active. Privacy tools and consent controls exist specifically to limit that risk.
Can you block web beacons completely?
Not entirely, because a web beacon is embedded directly in the content you load. You can limit them substantially with image-blocking settings and tracker-blocking extensions. On your own site, a consent platform that blocks non-essential trackers before a visitor consents adds another layer.

