Lesson 5 of 8
Cookies, Ad Blockers & ITP
The most concrete payoff of server-side tagging is resilience. Two browser realities erode client-side data, and a server container softens both.
Ad blockers & tracking prevention
- Block requests to known vendor domains (google-analytics.com, facebook.com).
- A request to your own first-party subdomain is far less likely to be blocked.
- Vendor calls move server-to-server, out of the browser's reach.
Safari ITP & cookie caps
- JavaScript-set (document.cookie) cookies are capped, often to 7 days.
- Cookies set by your server via an HTTP response header last much longer.
- Longer-lived IDs mean more returning users are recognized, not counted as new.
The first-party cookie trick
When the GA4 client runs server-side, it can write the FPID (first-party identifier) as a HTTP-only cookieHTTP-only cookieA cookie set via a server response header, not JavaScript, immune to browser tracking-prevention rules that cap script-set cookie lifetimes. from the server response. Because it is set server-side on your own domain, it sidesteps the JavaScript cookie cap that shortens _ga on the client.
Key takeaway
First-party endpoint + server-set cookies = fewer blocked hits and IDs that outlive ITP's 7-day cap. This is the single most measurable reason teams adopt server-side.