Tracking Pixels: What They Are and How to Block Them

Every time you open a marketing email, you may be sending a detailed report back to the sender — your IP address, the exact time you opened it, what device and email app you used, and your approximate location. You did not click anything or fill in a form. Simply opening the email was enough.

This invisible surveillance is powered by tracking pixels, and they are far more widespread than most people realize. Check your own privacy exposure with our Privacy Score tool before reading on.

What Is a Tracking Pixel?

A tracking pixel (also called a web beacon, pixel tag, or spy pixel) is a tiny image — often exactly 1×1 pixel in size — embedded invisibly in an email or web page. The image file is not stored on your device; it loads from a remote server each time the email is opened or the page is visited.

When your email client loads that image, the remote server logs the request. That log entry captures:

• Your IP address (which reveals your approximate location)
• The exact date and time the email was opened
• Your email client (Gmail, Outlook, Apple Mail, etc.)
• Your operating system and device type
• In some cases, your screen resolution and language settings

The sender set all this up by inserting a 1×1 pixel image with a unique URL into the email. That unique URL identifies your specific copy of the message — even before you have taken any deliberate action.

How Tracking Pixels Work in Email

Here is the process from the sender's perspective:

1. The marketer generates a unique tracking URL for each recipient: https://track.example.com/open?id=abc123&user=456
2. They embed it as an invisible image:
3. The email is sent to you
4. When you open it, your email client automatically fetches all images — including this invisible one
5. The request hits the tracking server, which logs everything about your connection
6. The sender's dashboard shows: "Opened at 9:14 AM, New York area, iPhone, iOS 17, Apple Mail"

The entire process takes milliseconds and requires no interaction from you beyond opening the email.

How Tracking Pixels Work on Web Pages

Email is the most discussed use, but tracking pixels are embedded in web pages just as widely. Every major advertising network provides a tracking pixel that website owners add to their pages:

• Meta Pixel (formerly Facebook Pixel) — tracks page views, product views, purchases, and links them back to Facebook profiles
• Google Ads conversion tag — records when you visit a site after clicking a Google ad
• TikTok Pixel, Pinterest Tag, LinkedIn Insight Tag — same concept, different platforms

When you visit a page with Facebook's pixel, Facebook is notified even if you are not logged in. Combined with browser fingerprinting, they can often identify you across sessions and devices.

You can see how uniquely identifiable your own browser is with our Browser Fingerprint tool. The combination of your fingerprint and tracking pixels gives advertisers a surprisingly complete behavioral profile.

What Data Tracking Pixels Collect

Who Uses Tracking Pixels?

Email marketing platforms: Mailchimp, Klaviyo, HubSpot, Constant Contact, Brevo, and virtually every other email service provider embed tracking pixels by default. Most disclose this in their privacy policies, but few senders highlight it explicitly.

Advertising networks: Meta, Google, TikTok, Twitter/X, LinkedIn, and Pinterest each offer their own pixel for advertisers. These track behavior on external websites and connect it back to ad platform profiles.

Newsletter publishers: Even individual Substack writers and independent newsletter operators track open rates via their email service provider's built-in pixel.

Data brokers: Third-party data companies embed pixels across partner websites to build behavioral profiles that are aggregated and sold to advertisers.

Malicious actors: Scammers use tracking pixels to confirm which email addresses are actively monitored, refine their phishing target lists, and harvest location data for social engineering attacks.

How to Detect Tracking Pixels

Tracking pixels are designed to be invisible, but several tools can expose them:

In email:

• Apple Mail (iOS/macOS): Tap or click the lock icon next to a sender's name to see how many trackers were blocked
• Hey email: Explicitly labels and counts tracking pixels removed from each message
• Gmail: View the original HTML (three-dot menu > Show original) and search for 1×1 image tags pointing to third-party domains
• Browser extensions: Ugly Email, Trocker, and PixelBlock flag tracked emails directly in your Gmail inbox

On web pages:

• uBlock Origin: Click the extension icon on any page to see how many requests were blocked and from which domains
• Privacy Badger: Displays a count of trackers detected on the current page
• Browser Developer Tools: Open the Network tab, filter by Images, and look for tiny images loading from third-party domains

How to Block Tracking Pixels

Method 1: Configure Your Email Client

Apple Mail (macOS / iOS): Settings > Privacy > Mail Privacy Protection — enable "Protect Mail Activity." Apple's privacy proxy loads all remote images through its own servers, hiding your real IP address and preventing precise open tracking.

Gmail: Settings (gear icon) > See all settings > General > Images > select "Ask before displaying external images." This prevents any images from loading automatically — you see a prompt for each email.

Outlook (desktop): File > Options > Trust Center > Trust Center Settings > Automatic Download > check "Don't download pictures automatically in HTML email messages."

Thunderbird: Account Settings > Composition & Addressing > uncheck "Allow remote content in messages."

Method 2: Browser Extensions for Web Tracking

For tracking pixels embedded in web pages:

• uBlock Origin (Chrome, Firefox, Edge, Brave): Enable the "EasyPrivacy" filter list in addition to the default lists. This blocks the vast majority of advertising and analytics pixels.
• Privacy Badger (EFF): Automatically learns to block trackers based on their cross-site tracking behavior.
• Brave Browser: Built-in "Aggressive" tracking protection blocks most pixels without any extension — simply enable it in Settings > Shields.
• Firefox: Enable Enhanced Tracking Protection set to "Strict" mode under Privacy & Security settings.

Method 3: DNS-Level Blocking

DNS blocking stops tracker requests before they reach your browser or email client by refusing to resolve known tracking domains entirely. This applies to all apps on your device simultaneously — not just the browser.

Self-hosted options:

• Pi-hole — runs on a Raspberry Pi or small server on your home network, blocks tracking domains for every connected device
• AdGuard Home — similar to Pi-hole with a more user-friendly web interface

Cloud DNS options:

• NextDNS — configure blocklists via a web dashboard and apply your settings to all devices using a simple DNS address change
• Cloudflare 1.1.1.1 with WARP — optional tracker blocking through Cloudflare's network

A VPN with built-in tracker blocking (NordVPN's Threat Protection, for example) handles this at the network level, protecting all applications simultaneously without separate configuration per app or browser.

Tracking Pixels vs Cookies: Key Differences

Both technologies track user behavior, but they work in fundamentally different ways:

The crucial difference: cookies can be cleared from your browser and blocked proactively. Tracking pixel records exist on the sender's server regardless of any action you take on your end. This makes them a more persistent tracking mechanism — the record of your open is permanent once logged.

Legal Landscape

The legality of tracking pixels varies by jurisdiction:

• European Union (GDPR): Email tracking pixels that collect personal data (including IP addresses) require informed prior consent. Many email marketers operate in a legal grey area here.
• California (CCPA / CPRA): Consumers have the right to opt out of the sale and sharing of personal data, which includes behavioral data collected by advertising pixels.
• United States (federal): No comprehensive federal regulation specifically targeting tracking pixels, though the FTC has taken action against deceptive tracking practices under broader consumer protection authority.

In practice, most tracking pixel use for marketing email operates without explicit consent. Regulatory enforcement has been increasing in Europe, but remains inconsistent globally.

Conclusion

Tracking pixels are a nearly universal feature of modern email and online advertising. They collect real data — your location, device, behavior — silently and without obvious disclosure. Blocking them requires only simple, one-time configuration changes in your email client or browser.

Enable your email client's privacy protection, install uBlock Origin with the EasyPrivacy list, and consider DNS-level blocking for comprehensive coverage across all apps. Then review your complete digital footprint with our Privacy Score and Browser Fingerprint tools to understand what else you might be leaking.

Related Articles

• Email Metadata Privacy: What Your Emails Reveal About You
• Browser Fingerprinting Explained: How Sites Track You Without Cookies
• Public WiFi Security Risks You Should Know (2026)