Protecting Privacy, Empowering Marketing: What Do You Need to Know About Server-Side Tracking

Navigating the complexities of digital data privacy can be like organizing a family dinner with diverse dietary needs. On one side, we have legal teams and developers who aim to limit data use to comply with GDPR. On the other, marketers rely on cookies (yes, the digital kind) to understand customer behaviors and craft effective campaigns. Server-side tracking offers a balanced solution that meets both needs.

Before Starting: Client-Side vs. Server-Side Tracking

Client-Side Tracking:

  • How It Works: Data is collected directly from the user’s browser and sent to the server using tags.
  • Benefits: Simple to implement and widely used for direct data transmission.
  • Drawbacks: Can slow down website performance and expose data to security risks such as endpoint hijacking and cross-site scripting.

Server-Side Tracking:

  • How It Works: Data is sent from a pixel or tag to your web server, which then relays the data to destination systems.
  • Benefits:
    • Full ownership and control over your data.
    • Enhanced client-side performance by reducing browser requests.
    • Improved data security by controlling data sent to third-party vendors.
    • Capability for complex data enrichment.
    • Real IP anonymization and fingerprinting protection.
    • Longer retention of 1st-party cookies.
    • Increased accuracy in data collection despite ad blockers.

Server-side tracking sends one data stream to a cloud-based repository, which then distributes the data to your vendors.

Benefits of Server-Side Tracking

  1. Full Data Control: You maintain full ownership and control over your data, with the flexibility to set it up in any cloud environment like Google Cloud or AWS.
  2. Improved Performance: By reducing the number of requests from the client-side to vendors, you can boost your site’s speed.
  3. Enhanced Security: Prevent the browser from communicating directly with third-party vendors, reducing the risk of endpoint hijacking, cross-site scripting, and data overexposure.
  4. Advanced Data Handling: Perform complex data enrichment, real IP anonymization, and fingerprinting protection.
  5. Extended Cookie Lifespan: Keep 1st-party cookies in the browser for longer periods, with server-managed settings.
  6. Accurate Data Collection: Ad blockers generally don’t block 1st-party requests, ensuring more precise data collection. Proxying GTM web containers can also minimize the impact of ad/content blockers.
  7. Seamless Data Integration: Send data to multiple endpoints (e.g., Facebook, Google Ads, Google Analytics 4) without needing developer input for each integration.

Setting Up Server-Side Tracking: Examples

1. Store Google IDs in Your Database

For offline conversion tracking, send a POST request to the server-side GTM container with data from your database formatted in a JSON body.

Google Analytics 4

Requirements:

  • Client ID (cid)
  • Session ID (sid)

Retrieve the Client ID:

let getClientId = () => {
    return document.cookie.match(/_ga=(.+?);/)?.[1].split('.').slice(-2).join(".");
};

Retrieve the Session ID:

let getSessionId = () => {
    return document.cookie.match(/_ga_FV1FRPC5G4+=([^;]+)/g)?.[0].split('.')[2];
};

Google Ads

Requirements:

  • gclid
  • gclid expiry date
  • wbraid
  • wbraid expiry date

Retrieve Google Ads IDs:

let getGoogleAdsIds = (value) => {
    let res = "";
    let cookieName;
    if (value.includes("gclid")) {
        cookieName = "_gcl_aw";
    } else if (value.includes("wbraid")) {
        cookieName = "_gcl_gb";
    }
    let cookie = document.cookie.match(new RegExp('(^| )' + cookieName + '=([^;]+)'));
    if (cookie) {
        if (value.includes("expiry_date")) {
            res = new Date(cookie[2].split('.')[1] * 1000 + 864E5 * 90).toISOString();
        } else {
            res = cookie[2].split('.')[2];
        }
    }
    return res;
}

Meta Ads

Retrieve Facebook Parameters:

let getFbp = () => {
    return document.cookie.match(/_fbp=(.+?);/)?.[1].split('.').slice(-2).join(".");
};

let getFbc = () => {
    return document.cookie.match(/_fbc=(.+?);/)?.[1].split('.').slice(-1).join(".");
};

Sending Data to SS-GTM

Build the Request:

const url = "https://sgtm.bi.domainname.com/mp/collect";
const method = "POST";
const headers = {
    "Content-Type": "application/json",
    "API secret key": "lnMDrEAPQmWQzspSTRrMPA"
};
const payload = {
   "client_id": client_id,
   "events": [{
      "name": "purchase",
      "params": {
         "transaction_id": internal_transaction_id,
         "currency": "EUR",
         "value": revenue,
         "tax": tax_cost,
         "session_id": session_id,
         "engagement_time_msec": "100",
         "gclid": gclid_value,
         "gclid_expiry_date": gclid_expiry_date_value,
         "wbraid": wbraid_value,
         "wbraid_expiry_date": wbraid_expiry_date_value,
         "fbp": fbp,
         "fbc": fbc,
         "customer_ip": customer_ip_address,
         "user_id": internal_user_id,
         "tracking_type": "server",
         "email": email_address,
         "organisation_id": organisation_id,
         "organisation_plan": organisation_plan,
         "checkout_type": checkout_type,
         "items": [{
            "item_name": item_name,
            "item_id": item_id,
            "item_category": item_category,
            "price": price,
            "quantity": quantity
         }]
      }
   }]
};

Conclusion

Understanding server-side tracking helps you confidently discuss GDPR-compliant data practices with your IT team. By setting up a server-side solution, you ensure data privacy, improve site performance, and enable precise marketing analytics. This knowledge empowers you to have informed conversations about data handling and compliance. Happy tracking!

P.S. If your business needs help setting this up, Crypto Mum can help. Contact me today!