SSGTM Frequently Asked Questions (FAQ)

In this article, we’ll answer Frequently Asked Questions and go into some more technical details of Server-Side Google Tag Manager (“SSGTM”).

How much will SSGTM improve my campaign results?

Most likely, you will see some improvement, though it can be difficult to quantify, and the benefit to implementing it will only improve over time as we experience more data loss via additional privacy tools, browsers, and laws.

Right away, our ad platforms will have much more visibility on clicks and conversions that are already occurring. (It’s been reported that we should expect around 10-20% more data visibility, and in some cases, we’ve seen up to 50%). This doesn’t mean you’ll see more actual conversions on your end right away, but it does mean our campaigns will be able to retarget users and optimize themselves with the additional data. For this reasons, we expect we will see more conversions and better results than we were getting before in due time.

Why are we talking about SSGTM?

Traditionally, data collection has relied on third-party cookies. These small bits of code placed on websites by other companies tracked users across the web, building detailed profiles of their browsing habits. This information was then used for ad targeting and campaign measurement.

However, the internet is shifting from an experience-first model to a privacy-first model, and regulatory bodies are writing increasingly stringent privacy regulations. Users are increasingly opting out of cookie tracking, and browsers are blocking third-party cookies by default.

While SSGTM doesn’t “solve” problems related to losing data from third-party cookies, it neutralizes a substantial amount of data loss and helps provide you more visibility on what users are doing on your website.

The current future of digital marketing looks to be server-side, and as a digital marketing agency, we highly recommend taking this action and implementing SSGTM.

Does SSGTM replace traditional GTM?

No, SSGTM doesn’t replace traditional GTM—it’s more like an upgrade. We’ll keep your traditional GTM (browser-side) container there to collect data, and SSGTM (server-side) will do all the processing and transmitting.

What is a Content Security Policy, and What Does It Mean If I Have One?

A Content Security Policy (CSP) is a security measure which basically operates as a whitelist for your website. It specifies which content sources (e.g., scripts, images, styles) are allowed to load. It’s common that financial institution websites implement strict CSPs to ensure their website only interacts with trusted sources.

If you have CSP enabled: You must add the server endpoint (the new subdomain you create) as a trusted source in your CSP. Otherwise, the browser will block those requests.

Are we collecting/using PII?

• All PII data collected by cookies and used for marketing purposes is and will remain encrypted, and RAIN does not recommend collection of any data that may contain PII unless obtained in a legal manner (with user consent). 

• Unencrypted, non-anonymized PII data is not and will not be stored on any server we manage (client- or RAIN-owned).

• Any PII data legally collected will be encrypted/anonymized before being delivered to Google Analytics or other third parties such as Google Ads or Meta.

Do you have to use a cloud-based server?

Can you use a physical, in-house server instead? The factors at play here are scalability, reliability, cost, and technical expertise. Using your own physical server is "DIYing" an extremely complicated project, when you may as well hire an expert to do it for you for less time, money, and headache.

1. Cloud-based servers are generally cheaper, especially up-front

2. Cloud-based servers can intelligently scale up and down depending on traffic, so you're not paying for or maintaining what you don't need

3. Cloud-based server maintenance requirements are much lower (same with required technical expertise).

4. Cloud-based servers are generally much more reliable, with much lower risk of downtime.

5. Cloud server providers invest heavily in security and comply with international standards.

Also, it must be mentioned: if they do for some reason opt to use a physical server, they should NOT install third-party tags on the same server as their core processor.

Do you have to purchase/own your server? Can RAIN do this for you?

While RAIN is capable of setting almost everything up for you (except your DNS records), we cannot maintain ownership of your server. The owner of your server is the primary owner and controller of all your website data, and that should be you.

By sending your data to a server you own and control:

• You have the ability to implement custom security measures and possess ultimate control over data processing and storage policies, avoiding any third party access to it (even with highly-trusted partners like RAIN).

• You can take complete control over your compliance with future changes to laws and regulations.

What makes server-side tagging more “secure” than a regular GTM setup?

1. Enhanced Data Control:

Server-side tagging allows data to be processed on your server before being sent to third parties. This enables you to filter, anonymize, and control the data more effectively, reducing the risk of sensitive information exposure. It provides better tools to manage data privacy and security policies.

2. Reduced Exposure to Third-Party Scripts:

By executing tags and tracking scripts on the server, server-side tagging minimizes the website’s exposure to third-party scripts. This significantly reduces the risk of malicious code execution or misuse that could occur if scripts were run directly in the user’s browser. It enhances the overall security posture by limiting external vulnerabilities.

3. Protection from Data Tampering:

Data is collected and processed on the server, making it less vulnerable to manipulation by users or malicious actors. This ensures that the data remains accurate and trustworthy, as it is not exposed to potential tampering in the client’s browser. It enhances data integrity and reliability, providing more secure data collection.

How does server-side tagging work?

Imagine you're running an ad campaign, and a user clicks on a Google display ad and visits your website landing page. Traditionally, a third-party cookie has allowed the ad platform (in this case Google Ads) to likely know who that user is, and what their internet browsing behavior was prior to them clicking your ad.

Then, that same cookie would communicate to Google Ads what the user did on your website and whether they “converted” or not. If they didn’t convert, Google Ads would know to serve them additional ads since they demonstrated a level of interest in your product or service. If they did convert, Google Ads could report and attribute a conversion, and automatically optimize the ad campaign to target more users like that one, optimizing itself to get the best results possible.

With cookie blockers and modern privacy-focused browsers, almost all of the data this cookie collected might be lost. SSGTM helps mitigate this data loss despite the existence of cookie-blocking technology by collecting and processing this data on a server you own and control—not on the user’s cookie-blocking browser.

Ultimately, SSGTM will give you a more complete picture of user behavior on your website,* which allows your ad campaigns to optimize more effectively and get you better results.

To clarify: with or without SSGTM, we will still see our website’s conversion events, but with SSGTM, we’ll be better able to communicate that data back to ad platforms, which will in turn be better able to learn and optimize campaigns, improving campaign results.

Conversion Tracking

SSGTM can significantly enhance conversion tracking by (A) reducing data loss due to browser-based restrictions like cookie blockers or stringent privacy settings and (B) increasing data quality and consistency.

Attribution

There are several ways SSGTM helps improve attribution:

A) Detailed Data Transmission: SSGTM allows for more detailed and structured data to be sent to ad platforms, including richer context about the conversion event (e.g., the user's interactions on the site before the conversion).

B) Improved Attribution Modeling: Ad platforms can use the richer, more reliable data we send them to better understand how different campaign elements contribute to conversions. For instance, they can more accurately attribute an account opening to the specific ad or search keyword that played a critical role in the conversion process.

C) Reduced Data Loss: Traditional client-side tracking often suffers from data loss due to cross-domain tracking issues or users navigating away before the tracking scripts execute. SSGTM mitigates these issues by handling the data server-side, ensuring that the conversion data is captured and attributed correctly even if the user does not complete actions in a typical sequence.

Cross-Platform Retargeting

Cross-Platform Retargeting relies on third-party cookies to follow users across the web, not just on the advertiser's site but also on other sites they visit.

With or without server-side tagging, the ability to create retargeting audiences from user data and serve those users with additional ads across the internet has already been drastically reduced because the process relies upon third-party cookies. If those are blocked on a user’s browser, there’s nothing we can do about it. When a user arrives at our site, we can collect data on them via our own cookies (first-party), with additional help from SSGTM, but once they navigate elsewhere on the internet, we can’t follow them with cookies or with ads. The only way we can continue to serve them ads is if they’re browsing websites within our ad platforms' own ecosystems and partner websites, where they can identify them as logged-in users.

How does a tracking pixel work?

Let’s use the Meta Pixel, formerly known as the Facebook Pixel, to dive into this technology on a deeper level. A pixel is a piece of code that you place on your website to collect data. This data helps you track conversions from Meta ads, optimize ad campaigns, build targeted audiences, and re-target ads to users who have engaged with your website.

In a world where third-party cookies are allowed (not blocked), the Meta pixel can (could) track user activities across different websites using Meta's cookies. This allows it to collect a wide range of data about user behaviors, such as pages visited, items added to shopping carts, and purchases. This data is then used to create detailed user profiles, which help in targeting ads more precisely and measuring ad performance effectively across different sites.

When third-party cookies are blocked, the Meta pixel's capability is limited to tracking interactions only on the domain where it's installed (your website). It relies on first-party cookies, which only track data from the website that sets them. This results in significantly reduced effectiveness for retargeting and attribution tracking.

SSGTM helps by enabling more reliable and secure data capture and transmission to Meta's systems. It mitigates some effects of third-party cookie blockers by processing the data on your server instead of on the browser, ensuring that even if cookies are blocked or data is lost at the browser level, the essential data still reaches Meta for ad optimization and conversion tracking.

What about the Meta Conversions API?

The primary role of the Meta Conversions API is to send conversion data directly from your website’s server to Meta's servers. This approach bypasses the browser entirely, avoiding common issues like cookie blocking, ad blockers, or privacy settings that interfere with data collection, although improving privacy technologies still mean we can’t avoid these problems entirely.

It focuses specifically on capturing and transmitting conversion events accurately.

You may be asking: what’s the difference between a Conversions API and SSGTM? The simple answer is SSGTM is broader in scope. It involves collecting, processing, and sending all types of data from the server side, not just conversion events. This includes all interactions that can be tracked on your site, such as page views, clicks, and form submissions.

While both SSGTM and the Meta Conversions API can function independently, they are more powerful when used together. SSGTM provides a comprehensive data collection framework, while the Conversions API ensures precise transmission of valuable conversion data to Meta, enhancing overall ad campaign effectiveness. Think of it like two systems who’ve been trained to speak the same language.

Meta is not the only platform using Pixel technology, but we gave this example in order to be as specific as possible. Other platforms such as LinkedIn, SnapChat, TikTok and others use pixels and Conversions APIs as well.

How do ad blockers work?

Ad blockers typically identify and block scripts and tags that run in the user's browser. This includes common tracking pixels and JavaScript-based tags.

1. Reduced Client-Side Scripts: by shifting the execution of tags from the client side (browser) to the server side, SSGTM reduces the number of scripts running in the browser. This minimizes the elements that ad blockers can detect and block, as the tracking and data collection occur on the server.

2. Enhanced Data Collection Reliability: With SSGTM, data is sent directly from the server to the tracking and analytics platforms, bypassing the user's browser. This ensures more reliable data collection because the data transmission path is not exposed to client-side blocking.

How do VPNs work?

A Virtual Private Network (VPN) is a tool that enhances user privacy by encrypting internet traffic and masking the user's real IP address. In the context of digital advertising and server-side tagging, VPNs can hinder data collection efforts by obscuring critical user information such as location and device details. This limitation persists even when employing server-side tagging solutions like SSGTM or SSGTM, as the server can only process the data it receives, which may already be anonymized by the VPN.

Usage Statistics: VPN usage in the United States has been increasing due to rising concerns about online privacy and security. Studies suggest that approximately 15-20% of U.S. internet users have used a VPN at least once. The percentage of users who consistently use VPNs for their online activities is lower, estimated at around 5-10%.

Reasons for VPN Use:

Privacy and Security: Users employ VPNs to encrypt their internet traffic, protecting personal data from potential eavesdropping.

Access to Restricted Content: Some users use VPNs to access geo-restricted websites or services, although this is less relevant for banking services.

Work and Remote Access: With the rise of remote work, employees might use VPNs to securely access corporate networks.

Impact on Data Collection and Targeting

Anonymized User Data:

Masked IP Addresses: VPNs conceal users' real IP addresses, making it appear as if they are browsing from a different location.

Geolocation Challenges: This can lead to inaccuracies in determining the user's geographic location, affecting location-based services and marketing.

Difficulty in Tracking User Behavior:

Encrypted Traffic: VPNs encrypt data between the user and the VPN server, which can obscure certain user behaviors from analytics tools.

Server-Side Limitations: Even with Server-Side Google Tag Manager (SSGTM), the data received may be anonymized or less detailed due to VPN encryption.

Effect on Personalization and Targeting:

Less Effective Personalization: Personalized content or offers based on location or IP-based identification may not reach VPN users accurately.

Advertising Challenges: Targeted advertising campaigns that rely on user location or behavior may see reduced effectiveness.

How Much Should You Expect VPN Usage to Affect Your Data?

Moderate Overall Impact:

Estimated Affected Traffic: If we consider that around 5-10% of users consistently use VPNs, this same portion of your website traffic might be impacted, probably at most.

Customer Demographics: The actual impact may vary depending on your customer base. If your customers are more tech-savvy or privacy-conscious, VPN usage could be higher.

Does anything change in the way RAIN sets up conversion tags once we implement SSGTM?

We will still use the same tracking tags (eg GA4, Google Remarketing, Meta Pixel…) and will still tag your website landing pages' buttons the same way we always have, but these tags will either be installed in the server-side GTM container instead of your browser-side one, or they’ll route data through your server-side GTM container rather than sending it straight to third parties.

A hybrid approach is recommended, at least initially. This means we will leave all remarketing and conversion tags (eg Meta Pixel, LinkedIn Insight Tag, etc) installed in your existing browser-side GTM container, but will also add them to a new server-side container. This allows us to capture the most possible data, and only after verifying that everything is in working order can we configure another method which will allow us to remove said tags from the browser container.

Further Education

• For a comprehensive understanding of cookies and the deprecation of third-party cookies, CookieInformation.com provides a good explanation here.

• For a comprehensive understanding of GTM server tracking and its potential benefits for your website, Google provides a detailed description of this approach.

• As of November 2024, the USA still has no federal law regarding internet privacy, but we’re seeing more and more states adopt their own privacy legislation. See this link for the Up-to-date State Privacy Laws (IAPP). Our team at RAIN will also stay informed and advise you as things develop.