One of the most frequent questions I get when designing custom tracking architectures (like OmniTrack) is: "Can we just read the Meta (_fbp) or Google (_ga) cookies on the user's phone, read them again on their laptop, and match the user across devices?"
It’s the Holy Grail of performance marketing: tracking the user who clicks an ad on their mobile phone while commuting, but completes the purchase on their desktop at home.
The short answer is: No, you can't do it that way.
The long answer requires understanding how modern browsers handle identity, what "Walled Gardens" actually are, and how we use Server-Side Tracking (SST) to solve this puzzle.
The fundamental misunderstanding stems from what first-party cookies actually are.
When a user visits your website on their iPhone, the Meta Pixel (or Google Analytics script) generates a First-Party Cookie.
_fbp=fb.1.16812345.IPHONE_XYZ._fbp=fb.1.16812399.MACBOOK_ABC.These IDs are device and browser-specific. Your website's javascript (and your backend database) simply sees two completely different, unrelated visitors. There is no mathematical or logical way to link IPHONE_XYZ to MACBOOK_ABC just by looking at the cookies.
So, if the cookies are different, how do Meta and Google report "Cross-Device Conversions" in their ad managers?
Because they have something you don't: A Walled Garden of logged-in users.
When that user clicked the ad on their iPhone, they were logged into the Instagram app. When they later converted on their Macbook, they were likely logged into facebook.com or had an active Google session on Chrome.
The ad platforms do the heavy lifting on their servers:
"Ah, the device with cookie
IPHONE_XYZclicked an ad. We know that device belongs to Dagkan because his Instagram is open. Later, the device with cookieMACBOOK_ABCtriggered a Purchase event. We know that device also belongs to Dagkan because his Facebook is open in another tab. Therefore, this is a Cross-Device Conversion."
Due to severe privacy regulations (GDPR, CCPA, iOS 14.5), these ad platforms will never give you the identity key. They will not tell your database that these two cookies belong to the same person.
If you cannot rely on platform cookies to bridge the gap, how do you build a robust system? You need Identity Resolution.
In your own data warehouse (like Supabase or BigQuery), you can only match cross-device users through deterministic first-party data: Logins, Emails, or Phone Numbers.
This is exactly why the Meta Conversions API (CAPI) and Google Enhanced Conversions were invented. Instead of trying to connect the devices yourself, you pass the puzzle pieces back to the algorithm.
Here is how a modern Server-Side integration handles a cross-device flow:
fbclid or gclid) in LocalStorage._fbp cookiefbclid (if they carried the URL over, or if you tied it to an account)Meta's servers receive the hashed email, search their multi-billion user database, find the match, and attribute the Desktop conversion to the original Mobile ad click.
Stop trying to reverse-engineer cross-device tracking using client-side cookies. The architecture of the modern web makes it impossible.
Instead, focus on capturing deep, chronological data (like an array of UTM touchpoints) on a per-device level, and rely on secure Server-to-Server connections (CAPI) sending strong User Data (Emails/Phones) to let the AI do the cross-device matching for you.