New vs returning misclassification
New-vs-returning depends on recognising the same visitor across visits, which relies on a stored identifier. When that identifier is missing — cleared cookies, tracking prevention, a different device or browser, or declined consent — a returning visitor is recorded as new. The result over-states 'new' visitors and understates loyalty. This page explains the failure modes.
How recognition fails
A returning visitor is only 'returning' if the tool can match this visit to a prior one, usually via a stored client identifier. Anything that removes or changes that identifier breaks the match: the visitor clears cookies, uses a private window, switches device or browser, or has the cookie expired by tracking prevention. Each broken match adds a phantom new visitor.
With consent-gated analytics, a declined or not-yet-given consent can also mean no identifier is set at all.
- Cleared cookies or private browsing drop the identifier
- Tracking prevention expires it early
- Different device/browser cannot be linked
- Declined consent may set no identifier
Reading the metric honestly
Treat new-vs-returning as a directional signal, not a precise audience truth, and expect the new share to be biased upward — more so for privacy-protective audiences. For retention questions, lean on aggregate cohort patterns and shorter windows rather than long-horizon individual recognition that browsers increasingly prevent.
How it appears in analytics and logs
A very high new-visitor share, especially among privacy-protective browsers, often means returning visitors are not being recognised, not that retention collapsed.
Diagnostic use case
Read an inflated new-visitor share as a recognition limitation rather than evidence that loyalty or retention has fallen.
What WebmasterID can help detect
WebmasterID's first-party, privacy-first approach reports cohorts without depending on durable cross-site identity, so it states this limitation honestly rather than papering over it.
Common mistakes
- Reading a high new-visitor share as falling loyalty.
- Expecting cross-device journeys to link without sign-in.
- Ignoring consent state when interpreting the split.
Privacy and accuracy notes
Visitor recognition is exactly what privacy controls limit by design. The privacy-respecting answer is coarser, aggregate reporting, not stronger cross-visit identification.
Related pages
- ITP and browser tracking prevention
Intelligent Tracking Prevention (ITP) in Safari/WebKit, and equivalent protections in other browsers, limit how long cookies set by scripts survive and restrict cross-site tracking. The result: returning visitors look new, attribution windows shorten, and cohort retention is understated. This page explains the mechanisms and their effect on analytics.
- Consent, modelling, and data gaps
Where consent is required before analytics runs, declined or pending consent means no data is collected for those visitors — a real gap, not lost interest. Some tools fill the gap with modelled estimates rather than measured counts. This page explains how consent shapes collection, what modelling is, and how to read a dataset that mixes measured and modelled data. Educational, not legal advice.
- Pageviews: what the metric counts
A pageview is recorded when a page is loaded (or a virtual page is rendered in a single-page app). It is the oldest web-analytics metric and the easiest to misread: pageviews count loads, not people, and modern apps and prefetching can inflate or hide them. This page defines the metric and its caveats.
- Privacy-first analytics
Cohort reporting without durable cross-site identity.
Sources and verification notes
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.