Skip to content

Sporing · · 2 min read

Server-side tracking in 2026 — it's not a clever name for the same thing

Ad blockers, Safari ITP and iOS privacy quietly eat 20-40% of your attribution. Here's how to build server-side tracking that survives the next three years.

By Mediseo

If you're still running your campaigns on client-side tracking alone, you're probably losing 20–40% of the conversions you actually get.

You don't see it because there's no notification. The numbers are just lower than they should be. Meta Ads says 80 conversions. Google says 70. Your CRM says 142. You guess which one is right.

What has changed

  • Safari ITP blocks third-party cookies by default. That's about 20% of Norwegian users.
  • iOS "Limit Ad Tracking" means conversions can't be tied back to the click on an iPhone. Another 30–40% of your mobile traffic.
  • Chrome has been phasing out third-party cookies through 2024–2025.
  • Ad blockers stop tags from Meta Pixel, GA4 and the rest before they get a chance to fire.

Add it all up: client-side tracking sees about 60–80% of what actually happens. The rest is guessed by the platforms.

What server-side tracking actually means

Instead of the browser talking directly to Google and Meta, it sends a small signal to your own server (for example, track.mediseo.no). That server processes the data and forwards it to Google Analytics, Meta, everything — as first-party traffic.

What changes:

Client-sideServer-side
Who sees the pingThird partyYour own domain
Ad blocker stops itOften yesRarely
You own the dataNoYes
Privacy controlLimitedFull

What it costs

  • Setup: 8,000–20,000 kr one-time, depending on how many systems need connecting.
  • Running it: 200–1,500 kr/month for hosting (we usually use Stape or Google Tag Manager Server-Side).

Compare that to what you lose in ad efficiency. If you spend 30,000 kr/month on Meta today and lose 20% of your attribution, you're theoretically throwing away 6,000 kr/month. Server-side tracking pays for itself in under two months.

Privacy isn't a bonus argument

Server-side tracking doesn't automatically make everything GDPR-compliant. You still have to collect consent before you send personally identifying data. But it makes it much easier to:

  • Anonymize IPs before they reach Google
  • Strip usernames or emails from URL parameters
  • Convert identifiers into hashed values that can't be reversed

The Norwegian Data Protection Authority is far happier when your server is the middleman than when the browser talks directly to third parties.

Where to start

  1. Map your current tracking. How much attribution are you losing on Safari and iOS today? Numbers, not guesses.
  2. Pick your tooling. GTM Server-Side if you have a capable developer resource. Stape if you want a managed solution.
  3. Set up first-party cookies on a subdomain. A DNS job, takes 30 min.
  4. Run it in parallel with your current tracking for 2–3 weeks. Compare the numbers before you switch over.

It's technical work, but it isn't esoteric. It's the difference between decisions based on solid numbers — or on a picture that gets more and more wrong every month.

Want a review of your current tracking? We do it in the first hour of onboarding for every ad client. Talk to us.

What we can do for you and your business.

Tell us briefly what you need help with — a new website, more visibility on Google, or just a once-over. We get back within a working day, usually with something concrete.