Strategy & Tracking
Server-side tracking and durable measurement after the cookie
Browser restrictions now strip and shorten the data your ad platforms learn from, and a remodel lead can take weeks to convert. Server-side tagging moves collection to your own endpoint, where it survives ad blockers, outlasts Safari's cookie cap, and feeds bidding a cleaner signal.
Most tracking still runs where it is least safe: inside the homeowner's browser. There, ad blockers strip tags before they fire, and Safari's Intelligent Tracking Prevention caps client-set first-party cookies to a 7-day lifetime (Simo Ahava / Apple WebKit, 2023). For a remodeler, that is a problem: a homeowner who clicks your ad, gathers bids for three weeks, then books the kitchen often looks like a brand-new visitor by the time they convert. Roughly 30 percent of internet users run an ad blocker, many of which also block analytics (Backlinko / Statista, 2024). Server-side tagging answers this by moving data collection out of the browser and onto a server container you control, so the data is captured before browsers can degrade it. This article goes deep on what server-side tagging is, why it matters now, what it costs, and when you actually need it.
Client-side vs. server-side, in plain terms
Client-side tagging is the default. Every analytics and ad pixel loads as JavaScript in the visitor's browser, and each one talks directly to its vendor: Google, Meta, and whoever else. The browser does the collecting, the cookie-setting, and the sending. That is fast to deploy and free, but it puts your measurement at the mercy of whatever the browser, an extension, or a privacy setting decides to allow.
Server-side tagging splits that in two. The browser sends one stream of event data to a server container, a copy of Google Tag Manager running on infrastructure you control, usually under a subdomain like sgtm.yoursite.com. That container then decides what to forward to Google, Meta, and others, server-to-server. Google's own documentation frames the upside plainly: the browser dispatches fewer HTTP requests, website data and cookies stay within your domain, and you can screen or strip data before it leaves (Google Tag Manager Help, 2024).
The mental shift is ownership. Client-side, the platforms collect from your visitors. Server-side, you collect, then forward on your terms.
Why this matters now, not later
The browser has quietly become a hostile environment for measurement. Safari and Firefox block third-party cookies by default, and Safari's Intelligent Tracking Prevention caps client-set first-party cookies at a 7-day lifetime (Simo Ahava / Apple WebKit, 2023). For a custom-home builder with a months-long consideration cycle, that means a homeowner who clicks an ad, researches for weeks, then requests a bid often looks like a brand-new, unattributed user.
Ad blockers compound it. Around 30 percent of internet users run one, and many also block analytics and ad scripts outright (Backlinko / Statista, 2024). On desktop, adoption runs higher still. Every blocked tag is a conversion your bidding never sees, and Smart Bidding can only optimize toward conversions it can observe.
Server-side tagging does not repeal these rules, but it changes where you stand against them. Collection happens on your server, past most browser extensions, and a properly configured first-party endpoint can set cookies that outlast the 7-day client cap. The signal survives long enough to be useful.
What erodes client-side data today:
- Safari ITP capping client-set first-party cookies to 7 days
- Safari and Firefox blocking third-party cookies by default
- Ad blockers stripping analytics and pixel scripts before they fire
- Consent rejections removing a large share of trackable sessions
- Heavy third-party JavaScript slowing pages and dropping events
What server-side tagging actually fixes
The first fix is more complete conversion data. By collecting events on your server and forwarding them vendor-side, you recover conversions that blockers and cookie limits would have dropped in the browser. This is the same logic behind Meta's Conversions API and Google's enhanced conversions, which is why server-side is the natural home for both.
The second is first-party cookie longevity. When the server sets the cookie under your own domain and the right network conditions, it can persist far longer than the 7-day window Safari forces on client-set cookies, restoring attribution for slow-converting leads. The third is data control: you can hash, redact, or block fields before anything leaves your server, which matters for compliance and for keeping sensitive data out of vendor hands (Google Tag Manager Help, 2024).
The fourth is page speed. Moving tags off the browser means fewer scripts and fewer requests for the visitor to load. In Stape's own test, moving all tags from a web container to a server container lifted a site's mobile Google PageSpeed score from 56 to 95 (Stape, 2024). The caveat is real: the gain only shows up when you actually move tags off the browser, not when you run both side by side.
The trade-offs you take on
Server-side tagging is not free and it is not simple. You are now running and maintaining infrastructure. A single Google Cloud Run instance to host the server container costs roughly $45 per month, and production setups are typically advised to run at least two instances for reliability, pushing real-world hosting into the low hundreds per month before traffic spikes (Stape, 2024). Managed hosts like Stape offer cheaper entry points, but the cost is never zero.
Setup is the bigger barrier. You need a subdomain, DNS configuration, a deployed container, and every tag rebuilt to route through it correctly. A misconfigured container does not fail loudly; it silently drops or duplicates events, which is worse than leaving client-side alone. The IP and CNAME rules that govern whether Safari grants your cookies their full lifetime are subtle, and getting them wrong quietly reverts you to the 7-day cap (seresa.io / Simo Ahava, 2023).
This is ongoing work, not a one-time install. Vendor endpoints change, consent rules change, and the container needs monitoring to confirm it is still passing clean, deduplicated data.
Client-side, the platforms collect from your visitors. Server-side, you collect first, then forward on your terms.
How it works with enhanced conversions, CAPI, and consent mode
Server-side tagging is the platform; these features ride on top of it. Enhanced conversions sends hashed first-party data, an email or phone, back to Google to match conversions the browser missed. The Conversions API does the equivalent for Meta, sending events server-to-server alongside the Pixel. Both work better from a server container, because the server is exactly where you want hashing and forwarding to happen, away from blockers.
Consent Mode v2 is the layer that keeps this legal in the EEA, and Google has required it since March 2024 for advertisers measuring or serving EEA users who want to keep personalized ads and remarketing (Google Ads Help, 2024). It passes consent signals so that, when a visitor declines, the platforms model rather than observe the conversion. Server-side does not bypass consent; it respects the same signals, then forwards only what the visitor allowed.
Treat them as a stack, not alternatives. The server container collects and controls; enhanced conversions and CAPI improve match quality; Consent Mode governs what is permitted to flow.
How the pieces fit together:
- Server container: collects events and forwards them vendor-side, on your terms
- Enhanced conversions: hashed first-party data improves Google match rates
- Conversions API: server-to-server events give Meta a fuller signal
- Consent Mode v2: required for EEA measurement, governs what is sent
- Deduplication: event IDs stop browser and server counting the same conversion twice
When you actually need it, and when you do not
Server-side tagging earns its cost when the stakes are high enough to justify the infrastructure. If you spend meaningfully on Google and Meta, sell a high-value, slow-converting job like a $45k kitchen or a custom build where the 7-day cookie cap is genuinely costing you attribution, or see a large share of Safari and mobile traffic, the recovered signal usually pays for the setup. Accounts leaning hard on value-based bidding feel the difference most, because cleaner data is what lets the algorithm bid for the leads that turn into signed jobs.
It is overkill for many small accounts. If your ad spend is modest, your sales cycle is short, and your client-side tracking is already firing once per conversion and verified in Tag Assistant, a clean client-side setup with enhanced conversions and Consent Mode will get you most of the way. The right move there is to fix the basics first; server-side is the upgrade you grow into, not the place you start.
The honest test is simple. If you cannot yet trust that your current conversions fire once and import correctly, server-side will not save you. Get the foundation clean, then decide whether the durability is worth the spend.
How WellBuilt sets up server-side tracking
WellBuilt treats server-side as a managed-service upgrade, not a default. We start by auditing your existing client-side tags, because deploying a server container on top of a broken foundation only hides the problem. If the basics are not clean, we fix those first and may recommend you stay client-side until the spend justifies more.
When server-side is the right call, we provision the subdomain and container, configure the DNS and cookie rules so your first-party cookies earn their full lifetime where browsers allow, and route enhanced conversions and the Conversions API through it. We wire Consent Mode v2 to your consent banner, set event IDs so browser and server never double-count, and verify the whole flow before it carries live data.
Then we keep watch. We monitor the container, confirm conversions still import cleanly, and adjust as vendor endpoints and privacy rules change. We do not promise a fixed recovery number, because the gain depends on your traffic mix and how much the browser was already costing you. What we commit to is a measurement layer you own, built and maintained so your bidding sees a fuller, more durable signal.
Client-side vs. server-side tagging
- Tags fire in the browser, where blockers can strip them
- Client-set first-party cookies capped at 7 days by Safari ITP
- Lost to roughly 30 percent of users on ad blockers
- No cost and quick to deploy, but accuracy erodes as rules tighten
- Collection moves to your own server endpoint, past most blockers
- Can set first-party cookies that outlast the 7-day client cap
- You screen and hash data before forwarding it to vendors
- Roughly $45/mo per Cloud Run instance plus setup and monitoring
Key takeaways
- Move collection to a server container you own, so ad blockers and browser limits stop silently shrinking your conversion data.
- Run enhanced conversions and the Conversions API through the server container, where hashing and forwarding belong, away from blockers.
- Configure DNS and cookie rules carefully so first-party cookies outlast Safari's 7-day client cap instead of quietly reverting to it.
- Budget for real infrastructure: roughly $45 per month per Cloud Run instance plus ongoing monitoring, not a one-time install.
- Fix client-side tracking first; reach for server-side only when spend, sales-cycle length, or Safari traffic make the durability worth it.
SourcesSimo Ahava, Server-side Tagging in Google Tag Manager, 2023 · Apple WebKit / Simo Ahava, Safari ITP 7-day cookie cap on client-set cookies, 2023 · Google Tag Manager Help, Client-side tagging vs. server-side tagging, 2024 · Google for Developers, Server-side tagging overview, 2024 · Stape, How much does server GTM cost (Google Cloud Run pricing), 2024 · Stape, Improving website page speed with server-side GTM, 2024 · Backlinko / Statista, Ad Blocker Usage Statistics, 2024 · Google Ads Help, About Consent Mode v2 (March 2024 requirement), 2024 · seresa.io / Simo Ahava, sGTM and Safari ITP IP-matching rule, 2023
Questions, answered straight.
What is the difference between client-side and server-side tagging?
Client-side tags run as JavaScript in the visitor's browser and send data straight to each vendor, where ad blockers and cookie limits can strip or shorten it. Server-side tagging sends one event stream to a server container you control, which then forwards data to Google, Meta, and others server-to-server. Google notes this means fewer browser requests, cookies that stay on your domain, and the ability to screen data before it leaves (Google Tag Manager Help, 2024).
Does server-side tagging fix Safari's 7-day cookie limit?
It can, but only when configured correctly. Safari's ITP caps client-set first-party cookies at 7 days (Simo Ahava / Apple WebKit, 2023). A server container that sets the cookie under your own domain, with the right DNS and IP conditions, can extend that lifetime so slow-converting leads stay attributed. Get the network rules wrong and Safari quietly reverts you to the 7-day cap, which is why setup detail matters.
How much does a server-side GTM setup cost?
More than client-side, which is free. A single Google Cloud Run instance to host the container runs roughly $45 per month, and production setups usually run at least two instances for reliability, so real hosting often sits in the low hundreds monthly before traffic spikes (Stape, 2024). Managed hosts offer cheaper entry tiers. Add the one-time setup and ongoing monitoring, and you can see why it suits higher-spend accounts more than small ones.
Do I need server-side tagging if my ad spend is small?
Usually not yet. If your spend is modest, your sales cycle is short, and your client-side tracking already fires once per conversion with enhanced conversions and Consent Mode in place, you will capture most of the available signal without the extra cost and complexity. Fix and verify the client-side basics first. Server-side is the upgrade you grow into once spend, slow sales cycles, or heavy Safari traffic make the durability pay off.
Strategy & Tracking
Want this run for you, not just read about?
Clean tracking and honest attribution, so you know which dollars actually produce revenue.