Does Read the Docs Set Cookies? RTD Traffic Analytics

Readthedocs’ Traffic Analytics derives impression counts from RTD server-side logs, so the built-in “impressions” numbers don’t rely on client-side cookies; Google Analytics, if enabled, is the client-side tracker that will set cookies. That said, Read the Docs’ privacy policy states the site uses “common internet technologies, such as cookies and web server logs,” so RTD can set cookies for site features (login, preferences, etc.) independent of Traffic Analytics. If you need truly cookie-free visitors you should remove any Google Analytics ID, audit page scripts, and verify with browser DevTools or HTTP header checks.

Contents

• How readthedocs Traffic Analytics collects impressions
• Does Read the Docs (RTD) set client-side cookies or trackers?
• Does server-side logging guarantee no cookies are placed?
• Disabling Traffic Analytics — privacy trade-offs and practical steps
• How to verify (technical checks) and quick checklist
• Sources
• Conclusion

How readthedocs Traffic Analytics collects impressions

Read the Docs’ own documentation makes the architecture clear: Traffic Analytics is an aggregation of visit data collected on the server side. The Traffic Analytics pages say RTD “aggregates statistics about visits to your documentation” and reports page views and 404s from server logs rather than relying on a client-side script for basic impression counting (Traffic Analytics docs, Analytics guide, Analytics reference).

Put simply: the core impression counts you see in RTD’s Traffic Analytics come from the server logs that RTD already receives when browsers request pages or images. That matches the older blog post wording you quoted: RTD records image impressions from server logs and separately uses Google Analytics for click tracking (RTD 2019 blog). Server-side counting is why Traffic Analytics will still report many pageviews even when users block client-side analytics scripts.

Caveat: RTD’s server-side analytics may be configured to honor Do Not Track or to exclude certain requests, so counts can understate raw traffic for privacy-respecting users, as the RTD team noted in their blog post about Do Not Track and blocked GA requests.

Does Read the Docs (RTD) set client-side cookies or trackers?

Short answer: yes — RTD can set cookies, but which cookies depend on your project configuration.

• The Read the Docs privacy policy explicitly states the platform “uses common internet technologies, such as cookies and web server logs” (privacy policy — RTD docs; about.readthedocs privacy policy). That language means RTD may set cookies for site functionality (authentication, session management, preferences), independent of analytics add-ons.
• Google Analytics (or a Google Analytics ID you add to a project) is the primary client-side analytics script that will place GA cookies in visitors’ browsers. RTD’s analytics docs explain you can optionally add a Google Analytics account or disable Google Analytics on a per-project basis (Analytics guide).
• Other client-side trackers could appear if you or a theme/plugin add third‑party scripts (e.g., embedded widgets, tag managers). Those are separate from the server-side Traffic Analytics feature.

So Google Analytics is the most common client-side source of analytics cookies on RTD-hosted docs, but RTD itself still may set non-analytics cookies for ordinary website behavior.

Does server-side logging guarantee no cookies are placed on users’ machines by the hosted site?

No — server-side logging does not guarantee that no cookies are set.

Why not? Cookies can be created in two main ways:

• By server response headers (Set-Cookie): the server can tell the browser to store a cookie when a page is requested. Server-side logging and a Set-Cookie header are independent actions.
• By client-side JavaScript: scripts embedded in the page (Google Analytics, tag managers, widgets) can write cookies.

RTD’s Traffic Analytics using server logs means impression counting itself doesn’t require client-side cookies. But RTD can still set cookies for other reasons (sessions, login, preferences), and any optional client-side analytics or embeds will set cookies if enabled. The RTD privacy policy confirms cookies are used; it does not promise zero-cookie behavior when analytics are turned off (privacy policy).

Bottom line: server-side impressions lower dependence on client-side trackers for counting, but they don’t eliminate all paths by which cookies may be placed.

Disabling Traffic Analytics — privacy trade-offs and practical steps

If your goal is to avoid any cookies being set for visitors, here’s what matters and what to do.

What disabling Traffic Analytics does

• Turning off RTD’s Traffic Analytics (server-side aggregation) reduces the page-view and visit statistics RTD stores/returns for your project. That lowers the amount of analytics data RTD retains about visitor behavior.
• However, disabling Traffic Analytics alone does not automatically remove cookies RTD may set for non-analytics reasons (authentication, UI preferences) or cookies set by any client-side scripts you or your theme include.

What to disable to avoid client-side cookies

• Remove any Google Analytics ID from your project settings or switch off Google Analytics for the project. RTD’s docs explicitly allow you to disable Google Analytics per project (Analytics guide).
• Remove or avoid adding third‑party embeds or custom JavaScript that would write cookies (e.g., tag managers, widgets, external search boxes).
• Consider using a documentation theme that doesn’t inject third‑party scripts.

Practical privacy trade-offs

• Privacy benefits of disabling analytics/GA: less personal data collected about visitors, smaller analytics footprint in RTD’s storage, and fewer regulatory obligations around consent/data processing for analytics cookies.
• Downsides: you’ll lose usage signals that help prioritize documentation fixes (which pages get traffic, where 404s occur). Server-side analytics are often easier to retain in a privacy-preserving way than client-side third‑party analytics; disabling everything is a trade-off between privacy and insight.

If you need a strict no-cookie guarantee for all visitors, hosting choices matter. On readthedocs.io you have limited control over platform-level cookies. To have full control you may need to self-host the generated site or host static HTML on infrastructure where you can ensure no Set-Cookie headers and no third‑party scripts are served.

Note: RTD does not appear to provide a built-in cookie-consent banner you can enable across all projects; community threads indicate you may need to add a banner yourself or manage consent externally if required for GDPR compliance (Stack Overflow discussion).

How to verify (technical checks) and quick checklist

Quick tests you can run right now.

1. Check response headers for Set-Cookie (server-set cookies)

• From a shell:

curl -s -D - -o /dev/null https://<yourproject>.readthedocs.io | grep -i '^Set-Cookie'

If the command prints nothing, there were no Set-Cookie headers on that response. Repeat for a few pages (homepage, a content page, and a page behind login if relevant).

2. Inspect cookies in the browser (client-side)

• Open the site in Chrome or Firefox.
• Open DevTools → Application (Storage) → Cookies. See what cookies are listed for the domain.
• In the Network tab, reload the page and look for requests to:
• www.google-analytics.com, www.googletagmanager.com, or tags like gtag.js / analytics.js
• Any other third-party domains that might set cookies.

3. Search page source for analytics scripts

• Use:

curl -s https://<yourproject>.readthedocs.io | grep -E "google-analytics|gtag|googletagmanager|analytics.js|ga("

If matches appear, the page is loading client-side analytics code.

4. Repeat tests with extensions and DNT disabled/enabled

• Some counts can change if you or your testers have adblockers or DNT enabled; test in a clean profile.

Quick checklist for achieving minimal/no cookies

• [ ] Remove Google Analytics ID from project settings (if present).
• [ ] Disable any custom JS, tag manager, or third-party embeds.
• [ ] Run the curl and DevTools checks above for multiple pages.
• [ ] If you still see Set-Cookie values from the server, consider contacting RTD support or hosting elsewhere if you need absolute control.
• [ ] Consider a custom domain and self-host if platform-level cookies are unacceptable.

Sources

1. Privacy Policy — Read the Docs user documentation
2. Privacy Policy - Read the Docs (about.readthedocs.com)
3. How to use traffic analytics — Read the Docs user documentation
4. Analytics for search and traffic — Read the Docs user documentation
5. Traffic analytics — Read the Docs platform documentation
6. Read the Docs 2019 Stats — Read the Docs Blog
7. How are cookie queries handled on Read the Docs? — Stack Overflow

Conclusion

Readthedocs’ Traffic Analytics counts impressions from server logs (so those metrics don’t require client-side cookies), but RTD’s privacy policy confirms the platform may still set cookies for site features and optional client-side analytics (Google Analytics) will set cookies if enabled. Disabling Google Analytics and auditing/removing any third‑party scripts will remove most client-side cookies; disabling Traffic Analytics alone reduces RTD’s server-side analytics but doesn’t by itself guarantee a cookie-free visitor experience.