I've reached the point of maximum confusion

At this point we’ve got everything set up to track page visits and purchase events using the dataLayer. We’re using Stape with a custom subdomain and a same-origin URL that proxies the requests (www.example.com/metrics/). Everything basically seems to be set up and working in our tests.

Now this is where it gets fun.

We’re looking at two possible approaches for tracking the purchase events/conversions:

  1. We can continue to just push them into the dataLayer in the user’s browser. This approach is easy and we’ve already got it set up. But we’re concerned that a malicious user could manipulate their browser to send fake conversion events (although why somebody would do that, I have no idea). And we’re moreso concerned that the conversion tracking might not be as good as approach #2 below, due to requiring consent mode and machine learning to estimate conversions for Google Ads.

  2. We can use our own server to send the events to a webhook. With this approach we can validate the data for security purposes before submitting it as a purchase / Google Ads conversion. Maybe it could also be more accurate at tracking conversions. But this seems to utilize offline conversion tracking to work with Google Ads, which either requires a lot more setup, or requires us to use Google Sheets (and manually update conversion data?)…

Very, very confused right now about how we should be moving forward. We just want the best conversion tracking we can get while moving the analytics out of the browser and into server-side GTM.

If anybody can provide real insights into this, it would be greatly appreciated. TIA.

I’ve never heard of anyone facing the problem of massive fake events due to user c data layer manipulation, I don’t think it’s a real case scenario.

Pure s2s tracking (webhook based) is a good approach, but:

a) This is not suitable for all platforms. In particular it is not suitable for GA4 and especially Google ADS.

GA4 as a whole is not designed to work purely s2s and like Google ADS still relies heavily on third party cookies, especially for view-through conversions and audience collection.

So in fact, if you actively use it by imlpmenting s2s tracking - you will get worse results than correctly configured tracking with signals from the client side.

For some platforms it is more suitable, for example Meta, TikTok, Snapchat although they still rely on third party cookies - but it is not as critical as for GA4 and Google ADS (this is my personal opinion). I’ve seen often settings made purely by s2s here and there were no special problems with it, the results were better than client tracking.

At the same time all these platforms offer as best practice the hybrid method and this is not just a matter of opinion. So unless you have other reasons, it is better to use tracking as the platforms recommend.

b) Correctly implementing this approach is a lot of time and de-bugging. This is primarily due to the fact that you need to set and transmit additional data besides just event data:

  • necessary cookies for each platform (don’t forget about handlings of how long they are kept, their format, etc.)
  • technical data like user ip, user agent, page location, page refferrer, etc. There can be dozens of them. This is something that is collected by tags automatically and you don’t think about it.

So implementing this is if you have the resources to do it and really some reason why you can’t track it through the client side. Usually s2s only do events that can’t be tracked on the client side (like monthly subscription payments or really offline conversions, etc).