You spend thousands of DKK on Google Ads and Facebook Ads every month. You track conversions, optimise campaigns and report ROAS. But there is a problem: the numbers you are looking at are wrong. Not entirely wrong — but wrong enough to cost you money.
Safari ITP limits cookies to 7 days. Firefox ETP blocks third-party cookies entirely. 30-35% of your visitors use ad blockers that filter out tracking scripts. And the users who click "Reject" in your cookie banner? You lose them completely.
The result is that you lose 15-30% of your conversion data. Your campaigns optimise on incomplete signals. Google's Smart Bidding and Meta's algorithms get a skewed picture of what works — and spend your budget accordingly.
This guide walks through the four technologies that close the gaps: server-side tracking, Consent Mode v2, Facebook CAPI and Enhanced Conversions. You get a concrete action plan, pricing and a maturity model that shows exactly where you should start.
1. What is server-side tracking?
Traditional tracking — client-side tracking — works by having your visitor's browser send data directly to Google, Meta and other platforms via JavaScript tags and pixels. Each script runs in the user's browser, sets cookies and sends hits to third-party servers.
Server-side tracking turns that model on its head. Instead of the browser's JavaScript sending data directly to Google and Meta, the browser sends data to your own server first. Your server receives the hit, enriches it with extra data (e.g. order value from your CMS), filters out personal data if necessary, and forwards it to the relevant platforms.
The flow looks like this: Browser → Your Server → Google/Meta/GA4.
The key difference: With client-side tracking you depend on the user's browser — and everything that can go wrong there (ad blockers, ITP, consent rejection). With server-side tracking you control the data pipeline. You own it. You decide what gets forwarded, and when.
The four primary benefits
- Bypass ad blockers: The server runs on your own domain (e.g. track.yourdomain.com), which ad blockers typically do not block — unlike googletagmanager.com and facebook.com/tr
- Extended cookie lifespan: Server-set first-party cookies last up to 2 years, compared to Safari ITP's 7-day limit on JavaScript-set cookies
- Data control and GDPR compliance: You can filter out PII (personally identifiable information) before data leaves your server — this is more GDPR-friendly than sending everything directly to a third party
- Data enrichment: You can add backend data (profit, product category, customer type) to tracking hits before they are sent to Google and Meta — enabling POAS optimisation
2. Why you lose data in 2026
The tracking landscape in 2026 is fragmented. Not because one thing has broken, but because three independent forces are pushing from different directions — and together they create an enormous gap in your data.
Safari ITP: 7-day cookies
Apple's Intelligent Tracking Prevention (ITP) limits JavaScript-set cookies to 7 days. Cookies set via link decoration (clicks from ads with tracking parameters) are limited to just 1 day. This means a Safari user who clicks your Google ad on Monday but only converts on Wednesday will never be connected to the original click. Your attribution breaks down.
Safari has approximately 25% mobile market share in Denmark. That is not a niche — that is one in four visitors.
Firefox ETP: Full blocking mode
Firefox Enhanced Tracking Protection blocks third-party cookies by default. All known tracking domains are on Firefox's blocklist. With approximately 5-8% browser market share in Denmark it is smaller than Safari, but it is still a data gap.
Ad blockers: 30-35% of Danish traffic
Ad blockers like uBlock Origin, AdBlock Plus and Brave Browser filter out JavaScript tags entirely. It is not just about blocking ads — they also block tracking scripts. Google Analytics, Meta Pixel, Google Ads conversion tracking: all filtered out. According to PageFair and Statista, 30-35% of Danish internet users use an ad blocker.
Chrome kept cookies — but Privacy Sandbox is still rolling out
Google announced in July 2024 that Chrome would NOT phase out third-party cookies after all. That was a relief for many advertisers. But Privacy Sandbox APIs — Topics, Attribution Reporting, Protected Audience — are still rolling out and gradually changing how tracking works in Chrome. It is not business as usual — it is a slow transition toward a more privacy-focused model.
Total data loss: Combining Safari ITP (25% mobile traffic), Firefox ETP (5-8%), ad blockers (30-35%) and cookie rejection via consent banners (varies, typically 20-40%), you easily lose 30-40% of your conversion data. This is not a worst-case scenario — it is the reality for most websites.
3. Google Consent Mode v2 — the EU requirement you cannot ignore
Consent Mode v2 is Google's response to EU legislation on cookies and consent. It is the mechanism that connects your Cookie Management Platform (CMP) — Cookiebot, CookieYes, Usercentrics or similar — with Google Tags, so they behave correctly depending on the user's choices.
Since March 2024, Google has required Consent Mode v2 for all advertisers targeting EU users. Without it, you lose access to remarketing lists, conversion data and audience segmentation in Google Ads.
The four consent parameters
- analytics_storage: Controls whether Google Analytics cookies may be set (GA4 data)
- ad_storage: Controls whether advertising cookies may be set (conversion tracking, remarketing)
- ad_user_data (new in v2): Controls whether user data may be sent to Google for advertising purposes
- ad_personalization (new in v2): Controls whether personalised ads may be shown to the user
Basic mode vs. Advanced mode
Basic mode blocks all Google tags until the user gives consent. Simple and 100% compliant — but you lose all data from users who reject cookies. For many websites the rejection rate is 20-40%.
Advanced mode sends cookieless pings to Google even when the user rejects. No cookies are set, no personal data is sent — but Google receives anonymous signals (page view, conversion occurred) and uses machine learning to model the missing conversions. This gives you significantly better data without compromising user privacy.
71% of websites are missing a correct Consent Mode v2 implementation. This means losing remarketing lists, incomplete conversion data and 20-30% data loss for EU traffic. And it is not just a data problem — it is a compliance problem. Google can restrict your account if you do not meet the requirements.
CMP integration
The most commonly used CMP solutions — Cookiebot and CookieYes — both have native integration with Consent Mode v2. The setup typically happens via Google Tag Manager: you add the CMP tag, configure the default consent settings (denied for EU users), and the CMP provider handles the rest. It is one of the fastest and most impactful tracking improvements you can make.
4. GTM Server Container — the backbone of your tracking
Google Tag Manager Server Container (sGTM) is a standalone server running in Google Cloud (or a managed service) that acts as an intermediary between the user's browser and the tracking platforms. It is the technological backbone of a server-side tracking setup.
How it works
Instead of your browser sending hits directly to googleanalytics.com and facebook.com/tr, it sends all hits to your own domain — e.g. track.yourdomain.com. Your sGTM server receives the hits, processes them and forwards them to the relevant platforms. To the browser and ad blockers, it looks like a normal first-party request to your own domain.
Managed service providers
You can set up sGTM directly in Google Cloud Platform, but most businesses use a managed service that handles hosting, scaling and maintenance:
- Stape: From €20/month — the most popular managed sGTM solution. Easy setup, good documentation, European hosting available
- Taggrs: From €25/month — Dutch provider focused on GDPR compliance and EU hosting. User-friendly dashboard
- Addingwell: From €50/month — premium solution with advanced features like automatic CDN and multi-region support
The three major benefits of sGTM
sGTM runs on your own subdomain. Ad blockers block google-analytics.com and facebook.com, but they do not block track.yourdomain.com. This recovers 15-25% of the traffic you would otherwise lose to ad blockers.
Server-set first-party cookies bypass Safari ITP's 7-day limit. Your attribution extends across the entire customer lifecycle — not just the last week. This is crucial for longer purchase journeys.
You can add backend data to tracking hits via the data layer: profit margin, product category, customer type, lifetime value. This is the foundation for POAS tracking and profit-based optimisation.
You can filter out IP addresses, user agents and other PII before data is sent to Google and Meta. Your server is the data processor — you decide exactly what gets forwarded. This is stronger compliance than any client-side setup.
5. Facebook CAPI — server-side Meta tracking
Facebook Conversions API (CAPI) is Meta's response to the same challenges: browser-based tracking loses data. CAPI sends conversion events server-to-server — from your backend directly to Meta's servers, completely bypassing the user's browser.
Why is this critical? Over 30% of Facebook traffic comes from iOS devices with Apple's App Tracking Transparency (ATT) enabled — users who have opted out of tracking. Meta Pixel alone does not capture these conversions. CAPI does.
Event Match Quality (EMQ)
Meta's Event Match Quality score (1-10) shows how well your server events are matched to Facebook users. The more data points you send — hashed email, phone number, city, postal code — the higher the EMQ and the better Meta can optimise your campaigns. Target: EMQ 7+.
Deduplication is crucial
When you run CAPI and Pixel in parallel (as you should), you potentially send the same conversion twice — once from the browser, once from the server. Deduplication ensures Meta only counts it once. This happens via a unique event_id that is identical in the browser hit and the server hit. Without correct deduplication you over-report conversions and get skewed campaign data.
Implementation methods
- Via sGTM (recommended): If you already have an sGTM server container, you can add a Facebook CAPI tag that forwards events to Meta. This is the most flexible solution with full control over data enrichment and deduplication
- Shopify native: Shopify has a built-in CAPI integration that can be set up directly in Shopify Admin under Settings > Customer events. Easy setup, but limited options for data enrichment and customisation
- Direct API: You can send events directly from your backend to Meta's Conversions API. Most flexible, but requires developer resources and maintenance
6. Google Enhanced Conversions
Enhanced Conversions is Google's method for recovering conversions lost due to cookies and browser limitations. The principle is simple: when a user converts, first-party data — email, phone number, address — is hashed with SHA-256 and sent to Google. Google matches the hashed data against its base of logged-in users and attributes the conversion correctly.
The result? 5-15% more reported conversions — conversions that actually happened, but which traditional cookie-based tracking could not capture.
Why it works
Most Google users are logged in to Chrome, Gmail or YouTube. When Google receives a hashed email from your conversion page and matches it to a logged-in user who clicked your ad three weeks ago, it can attribute the conversion — even without cookies. This is powerful because it uses deterministic matching (exact match) rather than probabilistic modelling (guesswork).
Setup via GTM
Enhanced Conversions is typically set up in Google Tag Manager. You add a variable that captures the email address from your conversion form or checkout flow, configure the Google Ads tag to include it, and Google handles the hashing automatically. It requires no changes to your backend and takes 1-2 days to implement.
Enhanced Conversions + Smart Bidding = better results. Google's Smart Bidding algorithms (Target ROAS, Maximize Conversions) use conversion data as input. The more complete your data, the better the algorithms can optimise. 5-15% more conversions in the data set can mean significantly better bid optimisation and a lower CPA.
7. The Tracking Maturity Model: Where are you?
Not every business needs enterprise-level tracking from day one. Here is a five-level maturity model that shows where you likely are now — and what your next step should be.
GA4 + Meta Pixel (client-side only). You have basic tracking, but lose 30-40% of your data to ad blockers, ITP and cookie rejection. Your campaigns optimise on an incomplete picture. Most small and medium businesses are here.
+ Consent Mode v2 Basic. You comply with EU legislation and Google's requirements. Users who reject cookies still provide anonymous signals via Advanced mode. You recover 10-15% of data via Google's modelling. The minimum requirement for advertising in 2026.
+ Enhanced Conversions + Facebook CAPI. You recover 15-25% of conversions via server-side events and first-party data matching. Your Smart Bidding strategies optimise on more complete data. Significantly better campaign performance.
+ sGTM Server Container. You own your data pipeline. Ad blocker resistance, 2-year first-party cookies, full data enrichment with backend data. You can implement POAS tracking and profit-based optimisation. The optimal setup for webshops with DKK 50,000+ per month in ad spend.
+ Data Warehouse + ML attribution. You have full control over all data in BigQuery or similar. Machine learning models for attribution that go beyond the platforms' own models. Real-time dashboards and predictive analytics. For businesses with DKK 200,000+ per month in ad spend.
Most businesses should be at a minimum of level 2 (Compliant) in 2026. Webshops and businesses with significant ad spend should aim for level 3-4 — that is where the ROI is greatest.
8. What does server-side tracking cost?
Let us talk numbers. Here are the realistic costs for each component in 2026:
| Component | One-time setup | Monthly ongoing |
|---|---|---|
| Consent Mode v2 (CMP) | DKK 2,000–5,000 | DKK 0–500 (CMP licence) |
| Enhanced Conversions | DKK 1,500–3,000 | DKK 0 |
| Facebook CAPI via sGTM | DKK 3,000–8,000 | See sGTM |
| sGTM Server Container | DKK 5,000–15,000 | DKK 150–800 (hosting) |
| Complete package | DKK 8,000–25,000 | DKK 150–1,300 |
Prices depend primarily on your existing GTM setup, your platform (Shopify vs. custom) and the number of tracking platforms you integrate. A simple Shopify store with Google Ads and Facebook will be at the lower end. A custom WooCommerce store with Google, Meta, TikTok and affiliate tracking will be at the higher end.
ROI example: A webshop with DKK 50,000/month in ad spend that recovers 15% of conversions via server-side tracking = DKK 7,500 more visible conversion value per month. With a setup investment of DKK 15,000 and DKK 500/month in ongoing costs, it pays for itself within 1-3 months. For most businesses, server-side tracking is the investment with the fastest payback period in the entire marketing stack.
At Gezar we set up server-side tracking as part of our POAS Tracking service. We cover the complete setup: sGTM server container, Consent Mode v2, Facebook CAPI, Enhanced Conversions and profit data integration — all included.
Frequently asked questions about server-side tracking
Are you losing conversion data?
Most businesses lose 15-30% of their conversion data to ad blockers, Safari ITP and cookie rejection. We set up server-side tracking, Consent Mode v2 and Enhanced Conversions — so your campaigns optimise on complete data.
See our POAS Tracking serviceRead also