Server-Side Tracking - An Overview

Server Side Tracking is the new standard. A significant advantage is the control provided over the data flow, especially user data. In this article, we discuss Server Side Tracking using Google Tag Manager as an example and review its benefits and which user data is sent.

But first, the important question:

What is Server Side Tracking?

In short: Server Side Tracking is a data collection method where the tracking information is processed not in the browser but directly through the server of the website operator and forwarded to analysis or marketing tools afterward.

The traditional tracking method is Client Side Tracking (CTS), where a code snippet is embedded in the page, for example, via the Google Tag Manager. This sends event data directly to third-party services like Google Analytics 4, Meta Ads, etc.

However, control over the sent user data (IP address, demographic data, etc.) is limited to the adjustments offered by the tool.

Additionally, a third-party cookie is usually set, resulting in loss of data amount and quality.

Figure 1: Comparison of Client-side and Server-side tagging

With Server Side Tracking (SST), all data is first sent to a private server, where, for example, the Server Side Google Tag Manager is running. This ensures that there is no undesired data transfer occurring on the website with the users. This transfer happens only in the Google Tag Manager Server Side. However, this can then be adapted to a data protection-compliant standard by clear insight into the data and further configuration options like transformers.

Server Side Tracking vs. Client Side Tracking

The traditional Client Side Tracking (CST) is still widespread but increasingly reaching its limits. In CST, tracking scripts are executed directly in the user’s browser, sending data like page views, clicks, or conversions to third-party tools. However, this approach is very susceptible to modern tracking protection measures such as ad blockers, VPNs, intelligent tracking prevention (ITP) in iOS/Safari, and various data protection regulations.

In contrast, Server Side Tracking (SST) uses a different approach: Tracking data is no longer sent directly from the browser to external tools but first to the server. This acts as a proxy or central data hub through which all tracking requests run. The server request is treated similarly to an API request and is thus less vulnerable to blocking. Additionally, all data processing takes place within one's infrastructure, significantly reducing the risk when dealing with data protection authorities.

Another difference lies in the use of cookies: While Client Side Tracking relies on third-party cookies – which are increasingly blocked by browsers – Server Side Tracking prefers first-party cookies, considered more trustworthy and stable.

Why is Server Side Tracking now standard?

While Client Side Tracking is increasingly losing its effectiveness due to growing restrictions, Server Side Tracking offers a future-proof, high-performance, and privacy-friendly alternative – with significantly higher data quality and control for companies.

Overview of the benefits of Server Side Tracking:

• More data control: Unlike the specifications of external tracking tags, companies with SST retain full control over the collected data.

• Higher data quality: SST can often bypass ad blockers and tracking protection measures, typically leading to at least 12% more data.

• Performance advantages: Instead of addressing many individual tracking tools directly from the browser, only one server is contacted – conserving resources and improving website load time.

• Data protection compliance: By processing exclusively within their server structure, companies can better respond to legal requirements.

Server Side Tracking and Data Protection Regulations

Server Side Tracking offers not only technical advantages but also a significantly better basis concerning data protection laws. The main legal regulations in the European area are the GDPR, the TTDSG, and the EU-USA Data Privacy Framework. 

An overview:

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) mandates that personal data – which can be traced back to a real person, such as name, email address, or IP address – may only be collected and processed with the explicit consent of the users (e.g., through a cookie banner).

It has been applicable in all EU member states since May 25, 2018, forming the central legal framework for handling personal data in the European area. The GDPR requires companies to inform transparently which data is collected for what purpose and how long it will be stored. Additionally, users must be able to object to processing or revoke consent at any time. For tracking, this means: No data may be collected or shared with third parties without clear and voluntary consent – even if the technology allows it. Violations of the GDPR can result in hefty fines. Server Side Tracking offers the advantage that data collection, storage, and sharing can be centrally controlled and better documented – facilitating GDPR-compliant implementation.

Telecommunications-Telemedia Data Protection Act (TTDSG)

The TTDSG (Telecommunications-Telemedia Data Protection Act) supplements the GDPR specifically for online services and stipulates that no arbitrary user data, especially through cookies or similar technologies, may be stored or read without prior consent. The law came into force on December 1, 2021, merging central data protection requirements from the GDPR and the German Telemedia Act (TMG) as well as the Telecommunications Act (TKG). 

For online tracking, this means: Even setting a cookie that is not purely technically necessary requires active, informed consent from users, for example, through a consent banner. Tracking methods attempting to create user profiles without consent – even through technologies like fingerprinting – are prohibited under the TTDSG. This tightens the requirements for data-driven online marketing measures and underscores the necessity to make tracking privacy-compliant and transparent – something that is much better controlled with Server Side Tracking.

EU-USA Data Privacy Framework

Particularly relevant for international companies is the new EU-USA Data Privacy Framework, which facilitates transatlantic data transfer and has been in effect since summer 2023. Previously, it was problematic to send personal data to US services because US authorities had extensive access to it by law. The new agreement creates more legal certainty when US services like Google or Meta are used – but only if the services are certified under the new framework.

These are just a few of the laws affecting tracking. Therefore, an understanding of user data is important.

Conclusion: Why does Server Side Tracking offer more data protection compliance?

Server Side Tracking allows the entire data processing to initially run through one's server infrastructure. This means: Tracking occurs not directly with the users but only after explicit consent and under full control of data processing on one's server. This allows the requirements of data protection laws to be better implemented, such as targeted anonymization, pseudonymization, or restriction of data sharing with third parties.

Overall, Server Side Tracking enables a more data protection-compliant handling of user data, allowing companies to maintain oversight and control – which is essential under the current regulatory framework.

What user data is sent with Server Side Tracking?

The good news: Only the absolute minimum.

What does this mean? Using Google Tag Manager as an example: When an event on the page, like a click, is triggered, an HTTP request is sent to the Server Side Google Tag Manager. Naturally, HTTP header information is sent along.
This includes, among others:

• Time

• IP address

• Page URL

• Approximate location (by IP address)

• Operating system

• Browser

• Resolution

• Device

Additionally, there are other parameters specifically related to configuration. Detailed information can be found in the documentation at [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers].

There are also parameters automatically captured by Google Tag for campaign optimization, which include:

• utm_source

• utm_medium

• utm_campaign

• utm_content

• utm_term

• and the Click ID

It should also be ensured which data is user-defined sent with the Google Tag Manager configuration.

In the Server Side Google Tag Manager, users can configure precisely through the use of transformers, which specific data should be forwarded in what form and which should be withheld.

However, for a data-secure implementation, the conclusion should be:
“Track only as much data as needed.”

The challenge is to limit tracking to what is necessary without incurring disadvantages.

We set up correct Server Side Tracking for you

The Internetwarriors are a team of experts in various fields of online marketing. One of our main focuses is web analytics and Server-Side Tracking (SST). With extensive expertise and a profound understanding of the latest trends and technologies in digital analytics, we offer tailored solutions to optimize our clients' online presence.

We are thus a valuable partner for you when you want to set up professional tracking that provides all the data you need for strategic decisions and monitoring your online marketing activities.

Contact us now without obligation!