Traffic Intelligence

Why your analytics is lying to you. And how we fix it.

Google Analytics

~60%

of your real traffic

Glorics

94%

of your real traffic

40% of your visitors are invisible to traditional analytics.

The Problem

Your Analytics Is Lying to You

You're steering your business with a broken rearview mirror.

Try it right now. Open your GA4. Look at yesterday's unique visitor count. Let's say 1,000. Fine.

Now accept this reality: there were probably 1,500. Maybe 1,600.

The missing 500 or 600? Safari erased them. Brave blocked them. uBlock Origin killed your pixels before they loaded. The GDPR banner scared off the rest. And the guy who came back three times from three different browsers? GA4 counted him as three people.

You're steering your business with a broken rearview mirror. You're making ad spend decisions on data that's missing a third. And nobody tells you, because nobody sees what's missing.

This is the fundamental paradox of analytics in 2026: measurement tools have gone blind at the precise moment when data has never been more valuable.

The Solution

Quad-Tracking: Four Sensors, One Truth

A single sensor is always flawed. Four converging sensors give an exact position.

We're not going to sell you a "revolutionary analytics solution." We're going to explain physics.

A single sensor is always flawed. A cookie can be blocked. An IP changes. A browser fingerprint degrades with updates. If you depend on a single tracking method, you'll always lose visitors.

The Quad-Tracking principle is borrowed from military navigation. A submarine doesn't locate itself with a single sonar. It cross-references four independent sources — each imperfect, but whose convergence gives an exact position. It's triangulation, except we have four angles instead of three.

Four layers. Four identification methods. When three out of four converge, the visitor is identified with a confidence score sufficient for commercial action.

94% accuracy. Not in a lab. On real traffic, with ad blockers, VPNs, and private browsing.

Marketing Pixels

GA4, Meta, LinkedIn server-side

Blocked by client-side ad blockers

Persistent Cookie

.glorics_id — server-side first-party cookie

Doesn't cross devices

Device Fingerprint

Canvas + WebGL + AudioContext

Degrades with browser updates

Server Trace

IP, HTTP headers, JA3 (TLS Fingerprint)

IP varies with VPN/mobile

Combined Coverage

94%

vs 60% industry standard

Layer 1

Marketing Pixels: GA4, Meta, LinkedIn — Server-Side

The same data, the same attribution. Except this time, it's complete.

Tracking pixels are the historical foundation of digital marketing. GA4 traces journeys. The Meta Pixel attributes Facebook and Instagram conversions. The LinkedIn Insight Tag measures B2B campaigns.

The problem is well known: ad blockers kill them. Plain and simple. The script doesn't load, the event isn't sent, the conversion isn't attributed. On some tech audiences, the blocking rate exceeds 50%. Your marketing director thinks the LinkedIn campaign produced nothing. In reality, it converted — but the pixel wasn't there to see it.

Glorics integrates these pixels server-side. The conversion event is no longer sent from the visitor's browser (where it can be blocked). It's sent from the Glorics server directly to the GA4, Meta, and LinkedIn APIs. The browser is out of the loop. The ad blocker can't block anything — there's nothing to block on the client side.

It's the same data, the same attribution, the same dashboard. Except this time, it's complete.

But even server-side, pixels don't solve everything. They excel at cross-platform attribution — knowing the prospect came from LinkedIn then converted after a Meta ad. They're bad at persistent identification. A visitor who returns two weeks later without clicking an ad — the pixel doesn't recognize them. Hence layer 2.

Layer 2

Persistent Cookie: `.glorics_id`

A first-party cookie. Set server-side, not browser-side.

A first-party cookie. Set server-side, not browser-side. The distinction is crucial.

When Safari limits cookies to 7 days via ITP (Intelligent Tracking Prevention), it's talking about cookies set by client-side JavaScript. A cookie set by the HTTP server in the Set-Cookie header escapes this restriction. It persists.

.glorics_id is that identifier. A unique UUID, assigned at first contact, that survives the browser's automatic purges. The visitor who discovers your site on a Tuesday and comes back to check the pricing page on a Friday three weeks later? Same person. Same journey. GA4 would have seen two strangers.

The identifier also works cross-domain. Your main site, your blog subdomain, your event landing page on a separate domain — .glorics_id maintains continuity. No more data fragmentation across your web properties.

The limitation is physical, not software: a cookie lives in a browser. If the prospect switches from laptop to phone, the cookie doesn't cross over. That's a wall only hardware can get around.

Layer 3

Device Fingerprint: The Hardware Signature

The layer ad blockers can't touch.

This is the layer ad blockers can't touch. Because it doesn't depend on local storage, third-party scripts, or cookies. It depends on the device's GPU, audio processor, and rendering engine.

Canvas

The browser draws an invisible element on an HTML5 canvas. The way the GPU interprets rendering instructions varies from device to device. Two MacBook Pros of the same model don't render the same canvas identically. The produced image is hashed. That hash is a fingerprint.

WebGL

Same logic, in 3D. The browser executes a basic WebGL scene. The extensions supported by the graphics driver, rendering capabilities, texture limits — all of it forms a unique technical profile. A visual fingerprint in three dimensions.

AudioContext

The browser processes a synthetic audio signal via the AudioContext API. The audio processor's characteristics influence the output in a measurable and reproducible way. The audio signature is independent of the two visual signatures — it's a third axis of confirmation.

Three hardware fingerprints combined. The result? A visitor who activated their VPN, blocked all cookies, opened a private browsing window, and installed three ad blockers — that visitor still has the same GPU. Still has the same audio processor. Their device betrays their identity by what it is, not by what it stores.

Fingerprinting data is processed server-side. It never leaves Glorics infrastructure. It's not resold. It's not used for cross-site ad retargeting. First-party analytics, GDPR compliant — it's identification, not surveillance.

Layer 4

Server Trace: The Immutable Witness

This one, nobody can block.

This one, nobody can block. Because it requires zero cooperation from the browser.

Every HTTP request that reaches the Glorics server carries information the visitor cannot erase. Not because we steal it — because the HTTP protocol transmits it by design.

The IP address. Variable, yes. But not random. Combined with the three other signals, it serves as a geographic confirmator. The fingerprint says "it's the same device." The IP says "they're in the same city as last time." Confidence climbs.

HTTP headers. User-Agent, Accept-Language, Accept-Encoding, Sec-CH-UA (Chrome's Client Hints). These character strings form a technical browser profile — not unique on their own, but discriminating when cross-referenced with the hardware fingerprint.

JA3 (TLS Fingerprint). This is the least known and most robust signal. When the browser initiates an HTTPS connection, it negotiates encryption parameters — which cipher suites it supports, in what order it proposes them, which TLS extensions it activates. This negotiation produces a reproducible hash: the JA3. A real Chrome doesn't negotiate TLS like a real Firefox. And neither negotiates like a Python script pretending to be Chrome.

The Server Trace is the system's safety net. It deceives no one and is deceived by no one. It's raw network physics.

Fusion

The Stitching: When the Four Layers Vote

Four raw sensors are useless without fusion intelligence.

Four raw sensors are useless without fusion intelligence. Quad-Stitching is the algorithm that transforms four partial signals into an identification.

Take a real case.

Tuesday

LinkedIn campaign click

The pixel captures it. The .glorics_id is set. Canvas+WebGL+Audio are hashed. The server records IP, headers, and JA3. Four green layers. Maximum confidence. They read an article and leave.

L1 Pixel ✓ L2 Cookie ✓ L3 Fingerprint ✓ L4 Server ✓

Thursday

Return in private browsing

The pixel is silent. The cookie is blocked by private mode. But Canvas+WebGL+Audio return exactly the same hash. And the JA3 is identical, with an IP in the same subnet. Two layers are enough when the hardware signature matches. They check the pricing page.

L1 Pixel ✗ L2 Cookie ✗ L3 Fingerprint ✓ L4 Server ✓

Saturday

From their phone

New device = new fingerprint. New IP. No cookie. But they clicked the link from the same LinkedIn newsletter as Tuesday. The pixel links this mobile visit to the same LinkedIn account as the initial click. Third visit confirmed, third device, same prospect.

L1 Pixel ✓ L2 Cookie ✗ L3 Fingerprint ✗ L4 Server ✗

GA4 would have seen three anonymous visitors. Glorics sees a prospect who hesitates, returns, compares. And who's ready to buy.

Bots

The Bot Observatory: Sorting Parasites from Allies

Your server hosts more machines than people in 2026.

We talk a lot about human traffic. But your server hosts more machines than people in 2026.

GPTBot, PerplexityBot, ClaudeBot, Bingbot, Applebot, Bytespider, SemrushBot, AhrefsBot, DataForSeoBot — and hundreds more, some hiding behind fake User-Agents. The Glorics Bot Observatory identifies and classifies over 200 signatures in real time. It doesn't just count hits — it calculates the ROI of each bot.

The math is simple, but nobody does it.

GPTBot VIP

Consumes 10% of your bandwidth. ChatGPT sends you 5,000 visitors/month. Server cost is lower than the value of generated traffic.

Verdict: red carpet, priority access

Anonymous crawler Parasite

Consumes 15% of your bandwidth and generates exactly zero visits. Scrapes your content, digests it, regurgitates it without attribution.

Verdict: throttling, block if repeat offender

Fake Googlebot Blocked

Claims to be Googlebot but its JA3 doesn't match Google's infrastructure. A real Googlebot doesn't negotiate TLS from an OVH server in Roubaix.

Verdict: ghost, blocked immediately

The dashboard displays all of this in real time. Who's crawling, what, how often, from where, with what return. You stop feeding parasites blindly. You invest your bandwidth like you invest your ad budget — where it pays off.

Decisions

Data as a Decision Lever

Analytics isn't a report. It's a weapon.

Sales Director

LinkedIn leads convert — but not on the first click. The average prospect returns 2.7 times. GA4 attributes to "Direct." Quad-Tracking attributes to LinkedIn.

SEO Manager

GPTBot increased its crawl frequency by 40% this month. PerplexityBot cites your article in 18% of responses. Machines see you better — human traffic will follow.

CFO

35% of bandwidth is consumed by crawlers that generate nothing. Block them. Hosting bill reduced by a third, zero loss.

The agencies sending you a monthly PDF with jagged curves can't give you these answers. They don't have the data. And they never will as long as they depend on a tool that only sees a third of reality.

Conclusion

The Final Word

Cookies die. Fingerprints fade. IP addresses change. Traditional tools measure what's left — and less remains every day.

Quad-Tracking doesn't fight this trend. It circumvents it. Four independent layers, each imperfect alone, but whose convergence produces a reliable signal at 94%.

You no longer guess who visits your site. You know.

Glorics. Glory Through Physics.

Ready to See Your Real Traffic?

Stop making decisions on 60% of the data.
See everything. Own everything.

Talk to an Architect →