Google Tag Manager (GTM) has long been a key tool for digital marketing professionals, providing valuable insights into the user journey, conversion paths, and ad exposure that you can use to optimise your website. 

It provides a convenient way to manage all types of tracking code – from Google Analytics and Adwords to Facebook pixels and Hotjar events – without manually modifying your site’s source code.

But the rise of numerous regulatory regimes designed to protect user data, combined with the increasing use of ad blockers and browser privacy settings, means monitoring how people browse your websites so you can drive conversions has become more and more difficult.

Fortunately, Google has released a new feature for GTM that allows you to continue monitoring the use of your websites while protecting user privacy. With server-side tagging, all data is sent to your own cloud-hosted server, giving you control over what you do with that user data. As added benefits, server-side tagging can also increase your site’s performance and improve security.

In this article, we’ll look at how server-side tagging works, the benefits it offers, and the potential pitfalls you need to be aware of.

How does server-side tagging work?

To understand how server-side tagging works and the benefits it offers, it’s helpful to start by recapping how GTM has worked up until now.

Before Google introduced server-side tagging, most of the action took place in the user’s browser – i.e. on the client. If you wanted to use a service to measure conversions, analyse user behaviour, or earn advertising revenue, you needed to add a dedicated tag to the source code for each of your webpages. 

When a user visited a page on your site, their browser would execute each tag – a snippet of JavaScript – and send the relevant data directly to the third-party provider, such as Google Analytics, Facebook Ads, Crazy Egg or Leadfeeder. GTM made managing these tags easier by providing a central location to add tags without manually editing the source code.

With server-side tagging, your collection of tracking and advertising tags are moved out of the page source code and onto your web server. In their place is a single tag that sends all relevant data to your web server. Once on the server, that data can be filtered, augmented and anonymised before being forwarded to the relevant third-party providers. As we’ll see, this design offers numerous benefits around privacy, security, and performance.  

A key part of implementing server-side tagging is setting up a secure web server to receive and process the user data before sending it to the third-party providers. The recommended approach is to set up the server as a custom subdomain (e.g. 

This server hosts the server-side GTM container. Within that container, you can enable various tracking and advertising tags. You can then add some custom JavaScript to your page source code to collect data about each visit to your web page and send that data to the GTM container for processing.

Advantages of server-side tagging

Reduced page load times

In the early days, following the introduction of Google Analytics, adding a single JavaScript snippet didn’t add much overhead to page load times. However, as more user analytic services have sprung up and paid advertising has become an important revenue stream for many sites, we’ve seen a proliferation in marketing tags.

The problem is that each tag you include adds more JavaScript for the user’s browser to execute. The more JavaScript there is to run, the longer the page takes to load, and the worse the experience for the end-user.

When you switch from client-side tagging to server-side tagging, you’re removing tags from your pages’ source code and running them on your web server instead, and that can make an appreciable difference to page load times. Faster pages not only provide a better user experience but also improve how your pages are scored by search engines.

Optimising websites that make heavy use of JavaScript to deliver content is a whole topic in itself, and there’s plenty you can do to improve load times and ensure your pages are indexed by search engines. Cutting load times with server-side tagging will help with those efforts.

Respect for user privacy

From a data privacy point of view, client-side tagging poses a problem. Tracking codes typically collect multiple data points about each user’s visit, with some using cross-site tracking cookies to scrape additional information about the browsing habits and search history of a user. 

Furthermore, that data is sent straight from the browser to third party providers. Although using tracking data to improve your site design and optimise for conversions is legitimate, the type of data collected and who it is shared with has triggered concerns for user privacy.

To address this, multiple jurisdictions have introduced data protection legislation that aims to give users more control over how their data is used. Major browsers are following suit by adding privacy settings to prevent cross-site tracking.

For example, Safari Intelligent Tracking Prevention (ITP) limits the duration of third-party cookies, stopping ad providers from setting cookies that track return visits after more than 24 hours. Ad-blocking software is increasingly popular with privacy-conscious individuals, as well as those wanting to improve page load times and limit downloads to save their bandwidth.

Sever-side tagging allows you to gain insights into user behaviour while protecting your users’ data. Because the third-party service no longer has direct communication with your users’ browsers, you maintain control over what data is collected and shared. 

For example, by default, any marketing tags implemented server-side will not be able to collect a user’s IP address or browser details (as the details in the HTTP request will be those of your web server). Sending data via your web server also makes it much easier to clean and anonymize user data, in line with your organisation’s privacy policy, before any of it is forwarded to third parties.

Assuming you’ve set up your web server with a custom subdomain, any cookies you do set will be first-party rather than third-party, exempting them from the restrictions imposed by ITP. Similarly, ad blockers target tags from known ad providers, but removing those tags from your page’s source code means there is nothing to block.

Improved security

Maintaining an up-to-date content security policy (CSP) is essential for protecting visitors to your site from cross-site scripting attacks where a user’s browser is tricked into downloading and executing a malicious script. 

With client-side tagging, you have to relax your CSP so your users’ browsers can download and execute your third-party providers’ tags, widening the potential attack surface. Moving to server-side tagging means limiting your CSP to allow only scripts from your domain to run when a user visits your site.

Server-side tagging can also protect your site from measurement protocol spam, whereby hackers spam your tracking IDs with automated requests. Their aim is to pollute your data with fake visits and make your analytics worthless. By moving your tracking IDs to a GTM container on your web server, you can prevent this type of attack and maintain the integrity of your usage data.

Considerations for server-side tagging

While there are clear benefits to server-side tagging, it’s worth bearing in mind the following considerations before migrating your tags.


Whether you’re moving to server-side tagging or implementing tags for the first time, you’ll need to consult with your organisation’s legal team and update your website’s privacy policy and GDPR statements (if applicable). Ensuring these documents reflect the information you’re collecting and how it’s stored and used can help to build trust with users and is essential for protecting your organisation from legal challenges.


Setting up web servers with a custom domain, installing the GTM container, migrating existing tags, creating a tag to send data to your server and configuring the client to process that data. 

The work involved in setting up sever-side tagging is not insignificant and will require technical support. You can reasonably expect to involve your IT team in the infrastructure elements and need web development expertise to configure GTM for your organisation’s needs.


In addition to the technical skills involved in setting up server-side tagging, it’s important to estimate and budget for the running costs involved with server-side tagging. Given the value of the data you’re collecting and the insights you can derive from them, you should consider setting up multiple web servers to ensure redundancy. If one fails, you can continue to track usage. 

The more visitors you have to your site, the more data you will collect, in which case you may need to scale your infrastructure further, just as you do for the servers serving your site’s content.

While server-side tagging was in beta, the only option was to host the server on Google Cloud Platform. Now that server-side tagging has been released for general availability, you can host the server anywhere that supports Docker containers, including most public and private clouds, as well as on your own infrastructure.

Server-side tagging offers multiple benefits in terms of performance, user privacy and security. While there are considerations to bear in mind, in most cases the pros significantly outweigh the cons. With server-side tagging for Google Tag Manager now released for general availability, it’s a good time to start experimenting with server-side tagging.