Popular topics
Follow Us
a large room filled with lots of computer monitors.

Respectful User Consent Tracking Server Side

Table of Contents Hide
  1. Step 1: Create a first-party cookie variable
  2. Step 2: Send the cookie value to the tracking server
  3. Step 3: Create an “Event Data” variable
  4. Step 4: Condition the server-side trigger of tags based on the user’s choice
  5. Bonus Step: Save money by limiting unnecessary requests
  6. Conclusion

Suppose server-side tracking enables bypassing technological blocking such as Safari’s ITP or ad-blockers. In that case, the website must still comply with GDPR by triggering tracking tags only when the user consents.

The configuration of the Axeptio module continues to be done on the Google Tag Manager Client-Side as described in our documentation on Axeptio and Google Tag Manager.

In a classic configuration, the tags of different endpoints must be triggered based on the user’s choice. The principle of tracking server-side is different. To optimize the site’s costs and performance, it is recommended to centralize the sending of information to the server through a tag like GA4 or Data Tag, for example.

This implies that a GA4 tag can feed the tracking of Google’s web analytics tool, Google Ads, and the Facebook Conversion API.

Therefore, it is impossible to condition the choice of triggering based on the user’s selection on the Google Tag Manager Client-Side. This would prevent respecting the option of a visitor who accepts the deposit of a Google Ads cookie in their browser but not that of Facebook.

We will transport the user’s choice with the Google Analytics 4 tag to the tracking server.

The Axeptio module stores positive consent choices in a cookie named “axeptio_authorized_vendors.”

image 18

Therefore, a variable must be created in Google Tag Manager to capture the value of the cookie.

Untitled 3

Now that the variable has been created, we must send the information to Google Tag Manager Server-Side. To do this, we will pass it through an event parameter of the GA4 configuration tag.

Untitled 4

Here, we add the field x-vendors-consent, which corresponds to the value of the axeptio_authorized_vendors cookie.

Note: Custom parameters are preceded by x-{{vendor}}-for naming conventions. For a parameter specific to Facebook, we could have x-fb-{{params}}. In our case, we can define x-vendors-consent as the parameter that will apply to all endpoints.

Step 3: Create an “Event Data” variable

The x-vendors-consent variable is now sent with the request to the tracking server. This parameter can be found in sGTM’s debug mode in the Event Data tab.

Untitled 5

To condition the trigger of tags, we will create an “Event Data” variable, as shown below.

Untitled 6

Step 4: Condition the server-side trigger of tags based on the user’s choice

Now we have all the elements set up to respect the choice made by the visitor.

Let’s take the case of Google Analytics 4. We trigger the dedicated tag when the GA4 Client receives an event and when the x-vendors-consent variable contains “google_analytics.”

Untitled 7

Note that the x-vendors-consent parameter could be sent to Google Analytics, which is not our intention. To prevent this, we need to specify that the GA4 tag should exclude x-vendors-consent, as shown below.

Untitled 8

This feature is one of the most valuable possibilities of Google Tag Manager Server-Side. Unlike Google Tag Manager Client-Side, it is possible to filter specific parameters, not to send them to endpoints.

Bonus Step: Save money by limiting unnecessary requests

Tracking server-side has a financial cost! Therefore, triggering requests is useless if they have no interest. This is the case when a visitor refuses ALL cookies.

We will therefore create an Exception trigger when the axeptio_authorized_vendors cookie variable is empty, which is the case when the visitor does not want to be tracked.

The custom event trigger takes the form presented below:

Untitled 9

As illustrated, let’s use the regular expression .* as the event name and the condition that the axeptio_authorized_vendors cookie variable is equal to ,, (which is the case when the user does not consent for any cookies).

This trigger used as an exception means that for every event without consent, the tag will be systematically blocked before it is even triggered.

This exception will be added to all client-side Google Analytics 4 tags, which send information to the server side.

Conclusion

While tracking offers many advantages, such as the proxying of Google Analytics 4 according to CNIL recommendations, the circumvention of adblockers, or improving site performance, it is not exempt from user consent.

Therefore, you must add the settings to remain compliant with the GDPR and maintain your visitors’ trust.

Romain Trublard

Get Your Website Compliant in Minutes
Tweet
Share
Share
Get more delicacies
Axeptio, for a free and informed browsing!
Axeptio insights
Total
0
Share