The Attribution Reporting API
The Attribution Reporting API (ARA) is a Privacy Sandbox API that connects ad clicks or views to later conversions without third-party cookies or cross-site identifiers. It produces two kinds of output — limited, noised event-level reports and aggregatable summary reports processed through an aggregation service. This page explains both and their trade-offs.
Two report types
An attribution source (a click or view) is registered, and later a trigger (a conversion) is registered on another site. The browser matches them locally and emits reports. Event-level reports tie a source to coarse conversion data with added noise and timing delays, suited to optimisation. Aggregatable reports carry richer, encrypted data that only becomes readable as noised aggregates after passing through an aggregation service.
Neither path exposes a cross-site identifier; the join happens in the browser, and outputs are constrained to limit what can be inferred about any individual.
Trade-offs for measurement
Because reports are noised, delayed, and capped, ARA trades per-user precision for privacy. Aggregated summaries can give campaign-level conversion totals, but you cannot reconstruct an individual user's path. Measurement designs must budget for noise — especially in small segments where it can swamp the signal.
- Event-level: coarse, noised, optimisation-oriented
- Aggregatable: richer summaries via an aggregation service
- No cross-site identifier; the match is on-device
How it appears in analytics and logs
Conversions arriving via ARA are intentionally noisy and delayed; small segments may be dominated by noise, so low-volume conversion counts from ARA should be read with caution.
Diagnostic use case
Plan conversion measurement around noised, delayed, privacy-preserving reports rather than a per-user join between an ad click and a purchase.
What WebmasterID can help detect
WebmasterID focuses on first-party on-site conversions and engagement, which it can measure directly without needing cross-site attribution APIs.
Common mistakes
- Reading low-volume ARA conversion counts as precise.
- Expecting an individual user journey from aggregated reports.
- Ignoring report delays when reconciling conversions.
Privacy and accuracy notes
ARA adds noise and limits report fidelity specifically to prevent cross-site re-identification. This page is educational and describes documented behaviour.
Related pages
- Chrome Privacy Sandbox and analytics
The Privacy Sandbox is a set of Chrome web-platform APIs intended to support advertising and measurement use cases without cross-site tracking of individuals. It includes interest-based targeting, conversion measurement, and anti-abuse APIs that return aggregated or noised results rather than per-user identifiers. This page maps the pieces and what they mean for analytics.
- The Topics API for interest signals
The Topics API is a Privacy Sandbox proposal that lets a browser share a handful of coarse interest topics, inferred on-device from recent browsing, with sites and their ad partners — without revealing the underlying browsing history. This page explains the mechanism, its deliberate limits, and why it is not a replacement for per-user analytics.
- Differential privacy
Differential privacy is a mathematical framework that bounds how much any single person's data can affect a published result, by injecting carefully calibrated random noise. It lets you release useful aggregate statistics while provably limiting what can be learned about any individual. This page explains the core idea and where it appears in analytics.
- Attribution analytics
First-party on-site conversion attribution.
Sources and verification notes
- Chrome for Developers — Attribution Reporting APIOfficial ARA documentation.
- W3C — Attribution Reporting API explainerSpecification draft (WICG).
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.