Server-side GTM: A new data collection paradigm with a familiar face

Though Google officially released their server-side tagging product (server-side GTM) back in 2020, the company’s typical lack of fanfare and uncertainty over the last year has meant that we at Lynchpin have seen few requests for its implementation. Increasingly though, as the privacy landscape continues to shift, the benefits and future-proofing it provides are becoming increasingly important for organisations to keep an eye on.

What is server-side GTM?

So what is so different about server-side GTM? Well, firstly a lightning refresher on what regular old GTM is.

Google Tag Manager is of course a Tag Management System, offered generally free of charge by Google. It provides a friendly portal and interface for a user to manage third party code on their website without having to involve a developer each time. Here are a few steps on how it works:

We set up a GTM account and are assigned a unique container script.
The developers put this unique script on every page of the site (yes, we do need them for this part).
We then set up all our Tags (tracking code to, for example, Google Analytics or Facebook) within the GTM portal.
Now, every time a site page is loaded, the container script checks what’s in the GTM account and downloads and deploys the code accordingly.
Whenever a tracking requirement changes or is added, we simply update the configuration within GTM, safe in the knowledge that the next time a user loads the site, the container script will download and deploy our latest setup.

The above is what we call a client-side GTM container. All our configured tags and tracking code are digested in the client (the user’s browser), before being sent directly to our third-party vendors.

A server-side GTM container introduces a server to the mix, hosted generally in the cloud but principally not on the user’s machine. This acts as a sort of proxy between your site and the various third party vendors you use. Crucially, Google makes it very easy to set up a GCP-hosted (Google Cloud Platform) server to work with server-side GTM, though nothing is stopping you from self-hosting or using a different cloud provider should that be your organisation’s preference.

You are likely starting to see some of the benefits of this second approach already, so let’s go through the main ones.

The advantages of server-side GTM

1. Increased site performance

As we mentioned above, when a classic client-side GTM container detects, say, a Google Analytics tag in its configuration, the requests that need to be sent to GA to track a user are built within the client. That puts all the stress of downloading GA’s library, executing its code to build a request, and sending that request to Google Analytics on the user’s browser. It would be one thing if it was just GA tags, but typically on a given action several third parties are being fed tracking information. So, multiply the above stress on the browser by Facebook, AWIN, etc. This is clearly not ideal, as the user is mainly interested in the site performing as quickly as possible.

website without server-side tag manager

(source)

This is where server-side tagging can make its biggest impact. By introducing the server, the user’s browser can download and process the bare minimum tracking information, send this to our server, where it can be leisurely digested before being sent on to our vendors. Meanwhile, our user can continue browsing the site, enjoying better performance.

website with server-side tag manager

(source)

Traditionally, there is a large amount of redundancy in client-side tagging. Take a typical event tracked on a site – a user clicking a button:

We want to capture a few bits of information – for example, the timestamp of the event, the page URL, the name of the button, the browser agents, the user ID, etc.
We want to capture all this information, but we also want to send it to several of our vendors – in this example let’s say Google Analytics, Facebook, and Google Ads.
Now, although the information sent to each vendor is 99% the same, they each expect the data they receive from us in a specific format.
So our poor user’s browser needs to download three separate JavaScript libraries, process virtually identical data three times, and finally send it off in three separate requests to each vendor.
With server-side tagging, we can send one data stream with all the information we need to our server. All of the processing, library management, and sending of requests to the vendors are done there, safely away from our user’s device resources.

2. True data control

In today’s privacy environment, there is rightly a lot of focus complying with regulations surrounding tracking users. Unfortunately, websites are complicated, and with the number of separate parties involved in their upkeep, ensuring appropriate governance is more important than ever.

With a server side approach, we can harness the provided flexibility and headroom to deploy governance at the source of data collection. Data can be cleaned and processed as we wish, long before it reaches third party vendors, and once again this is all done away from the client, having no impact on user experience.

3. Making our cookies more palatable

Increasingly, adblocker and browsers are blocking third-party cookies (cookies set by domains other than the site itself), causing havoc in the world of those who rely heavily on Facebook pixels and the like for their marketing efforts. However, when setting up server-side GTM, Google recommends and makes it simple to map your server to your own subdomain. This means that any cookie that is set from this server will be in a first-party context. Suddenly, a cookie that would be set by facebook.com is being set by, for example, ssgtm.lynchpin.com, making it exponentially less likely to be blocked.

The cherry on the cookie however, is our ability to even set cookies in our server’s HTTP responses to the client, given that we now control these. A cookie set this way, as opposed to a typical JavaScript-managed one, is not only much more secure, as a client-side script cannot access it and use it for unwanted third-party tracking, but it is also immune to the particularly aggressive privacy solutions that place limits even on first-party cookies. Apple’s Intelligent Tracking Prevention for example, at the time of writing, will wipe all JavaScript managed cookies after 7 days, even first-party ones. So, for example, any user on Safari or iOS will currently be treated as a new Google Analytics user every 7 days using traditional JavaScript cookies. Given the way the privacy landscape is evolving, this sort of tracking prevention will only become more widespread, so our ability to harness HTTP Only cookies and effectively resolve this issue will only become more valuable.

4. Content-Security Policies

Piggybacking on the above, most sites today employ an aggressive Content-Security Policy (CSP), which allows them to control the sources from which resources are loaded onto the site. This is a great tool to prevent any unwanted or malicious scripts from finding their way onto the site.

Unfortunately, with traditional GTM, we find ourselves having to continuously ask developers to whitelist more and more vendor domains, as additional tracking and pixels are added to the site. This is popular with nobody, as it requires development work and ultimately makes a CSP laxer. With our server-side GTM container, however, we are severely limiting the number of domains the client needs to communicate with.

So for example, lynchpin.com would go from needing to access analytics.google.com, googleads.com, facebook.com, etc., to only needing to access ssgtm.lynchpin.com, and our CSP can be kept much tighter.

Any negatives?

Sadly, not many good things in life are free. Most of us have gotten used to using GTM without dipping into the budget, and this is unfortunately not possible with server-side GTM. Hosting a server incurs costs, and there is no way of avoiding this completely. This will of course vary significantly depending on your site traffic and requirements.

Conclusion

We at Lynchpin are very excited by server-side GTM. It is clearly in line with the way the tracking and tagging industry is moving, and we believe that it provides a truly effective and future-proof solution.

Having a fully controllable dedicated analytics server opens up all sorts of intriguing possibilities. How about sending data directly to Redshift or BigQuery without having to extract it from Google or Adobe Analytics first? Or perhaps enriching data within the server before it reaches the vendor? Maybe even setting up a Tag monitoring system that lets us properly debug any issues within the container?

For more information about server-side GTM or to discuss any of your data and analytics challenges, please feel free to contact us. A member of our team will be happy to answer your questions and to discuss any of your requirements.

About the author

Lewis Walker

With a background in Mathematics and a degree in Interpreting & Translation, Lewis now enjoys a career in analytics as a Data Engineer at Lynchpin.

Lewis works with a range of tools but has a particular soft spot for Google's analytics stack – designing complex tracking briefs for clients and implementing them through Google Tag Manager. Working across many different clients, all with unique requirements, Lewis appreciates the variety of challenges he gets to solve.

Though raised in Italy, Lewis has called Edinburgh home for quite some time. When he isn’t working, Lewis loves nothing more than to unwind at home with his two mischievous cats.

All author posts