There is a work in progress to standardize an interface that web developers can use to asynchronously transfer small HTTP data from the User Agent to a web server that call it simply beacons (in the context of web development) which can be used to send data to a web server prior to the loading of the document without delaying the load and affecting the perception of page load performance for the next navigation.Jatinder Mann; Alois Reitbauer. Beacon. WD. URL: http://www.w3.org/TR/beacon/
Some emails and web pages are not wholly self-contained. They may refer to content on another server, rather than including the content directly. When an email client or web browser prepares such an email or web page for display, it ordinarily sends a request to the server to send the additional content.
These requests typically include the IP address of the requesting computer, the time the content was requested, the type of web browser that made the request, and the existence of HTTP cookie previously set by that server. The server can store all of this information, and associate it with a unique tracking token attached to the content request.
As an example of the way web beacons can make user logging easier, consider a company that owns a network of sites. This company may have a network that requires all images to be stored on one host computer while the pages themselves are stored elsewhere. They could use web beacons in order to count and recognize users traveling around the different servers on the network. Rather than gathering statistics and managing cookies on all their servers separately, they can use web beacons to keep them all together.
Images and other content do not have to be invisible: any element can be used for tracking. Typically advertisements, banners and buttons are fetched from their site, not from the main site. This allows a third party site to gather information about visitors when they pull HTML content from the main site. Companies or organisations, buttons or images of which are included on many sites, can thus track (part of) the browsing habits of a significant share of web users. Earlier, this included mainly ad- or counter-serving companies, but nowadays buttons of social media sites are becoming common.
While web beacons are used in the same way in web pages or emails, they have different purposes:
As with any files transferred using the Hypertext Transfer Protocol, web beacons are requested by sending the server their URL, and possibly the URL of the page containing them. Both contain information that can be useful for the gatherer:
For example, an email sent to the address firstname.lastname@example.org can contain the embedded image of URL <nowiki></nowiki>. Whenever the user reads the email, the image at this URL is requested. The part of the URL after the question mark is ignored by the server for the purpose of determining which file to send, but the complete URL is stored in the server's log file. As a result, the file bug.gif is sent and shown in the email reader; at the same time, the server stores the fact that the particular email sent to email@example.com has been read. Using this system, a spammer or Email marketing can send similar emails to a large number of addresses to check which ones are valid and read by the users.
Web beacons are used by email marketers, spammers, and phishing to verify that email addresses are valid, that the content of emails has made it past the spam filters, and that the email is actually viewed by users. When the user reads the email, the email client requests the image, letting the sender know that the email address is valid and that the email was viewed. The email need not contain an advertisement or anything else related to the commercial activity of the sender. This makes detection of such emails harder for and users.
Tracking via web beacons can be prevented by using that do not download images whose URLs are embedded in HTML emails. Many graphical email clients can be configured to avoid accessing remote images. Examples include the Gmail, Yahoo!, and SpamCop/Horde webmail clients; Mozilla Thunderbird, Opera, Pegasus Mail, IncrediMail, Apple Mail, later versions of Microsoft Outlook, and KMail mail readers. Other HTML techniques (such as Iframe) can still be used to track email viewing.
Text-based mail readers (such as Pine or Mutt) and graphical with purely text-based HTML capabilities (such as Mulberry) do not interpret HTML or display images, so their users are not subject to tracking by email web beacons. Plain-text email messages cannot contain web beacons because their contents are interpreted as display characters instead of embedded HTML code, so opening messages does not initiate communication. Some email clients offer the option to disable all HTML in every message (thus rendering all messages as plain text), which prevents any web beacons from loading.
Many modern email readers and web-based email services will not load images when opening an HTML email from an unknown sender or that is suspected to be spam mail. The user must explicitly choose to load images. Web beacons can also be filtered out at the server level so that they never reach the end user. MailScanner is an example of gateway software that can disarm IFrames as well as web beacons. Disconnecting from the Internet before reading any downloaded messages and then deleting those messages suspected of containing web beacons before reconnecting may also eliminate the threat.
Disposition-Notification-To email headers may be seen as another form of web beacons. See RFC 4021.