Don't let browsers interfere with measurement and advertising - Building a first-party measurement environment using server-side GTM and Usercentrics SST
This page has been translated by machine translation. View original
This is Konishi from the Berlin office.
Are your GA4 and Google Ads measurement tags working properly? Browser-side restrictions have been tightening year by year, and cases where data simply isn't being collected despite having tags embedded are now becoming common.
I had heard for a while that server-side GTM (hereafter sGTM) could help improve this situation, but since I had never actually tried it, I decided to give it a go.
Background and details on the issues are summarized in the article below, so please check that out as well.
What is Server-Side GTM (sGTM)?
With standard GTM, the browser sends data directly to each platform's endpoint, such as google-analytics.com or facebook.com. Since the destination domains are known tracking domains, the communication can be blocked entirely by browsers or their extensions.
With sGTM, requests from the browser are first received by your own domain's server, and then forwarded to GA4, Google Ads, Meta, and others. Rather than sending directly to each destination individually, think of it as consolidating everything at your own distribution center first and then delivering to each location.
However, the sGTM server environment typically needs to be set up in-house on Google Cloud Platform (GCP) or similar, which incurs infrastructure costs.
Relationship with User Consent
sGTM simply moves the data pathway to the server side — it does not handle consent management by itself. Under GDPR and the ePrivacy Directive, user consent must be obtained before sending measurement data, and a separate mechanism is needed to control that data from users who have not consented is not forwarded to GA4 or other platforms.
That is where a CMP (Consent Management Platform) comes in. The CMP obtains consent on the browser side and passes that consent signal to sGTM, which then allows the server container to determine "if consented, forward to GA4; if not consented, stop."
What is Usercentrics SST?
Usercentrics SST is a service that provides a managed execution environment for sGTM.
Since the company also offers Cookiebot, a CMP (Consent Management Platform), it provides an end-to-end solution covering consent acquisition, collection, and tag delivery.
The Starter plan is free, with up to 20,000 requests per month. No credit card registration is required. However, there is a limitation of one custom domain.
Actually Setting It Up
Configuration
I tried it out with the following configuration.
- Test site:
sst-webapp.example.com(static HTML = site displaying the consent banner) - sGTM custom domain:
sst-server.example.com(data collection layer) - GTM Web container (
GTM-XXXXXXX) + GA4 (G-XXXXXXXXXX) - Usercentrics SST (Starter plan)
- Cookiebot CMP (consent banner)
1. Creating the GTM Server Container
Create a new server container in the GTM admin interface. Select "Manual setup" for provisioning.

Setting the container to manual setup generates a configuration ID. Copy it as you will need to enter it on the Usercentrics side later.

2. Creating the sGTM Hosting in Usercentrics SST
Create a Usercentrics account at https://sst.usercentrics.eu/ and create an sGTM container from the SST admin dashboard.

In the container management screen, you're good to go if status=active is displayed.

Custom Domain (DNS) Configuration
By default, sGTM is hosted under a domain like xxxxx.server.usercentrics-sst.io. This works as-is, but browsers will treat it as a 3rd-party request, which means you won't be able to leverage the benefits of sGTM.
Add a CNAME record to your DNS to point your own subdomain (in this case sst-server.example.com) to the sGTM server. This causes requests to be treated as coming from a first-party domain.
Set your custom domain and add the specified CNAME to your DNS as well.

After completing the setup including DNS, it will become active after a short while.

3. Configuring the GTM Web Container
Create a new Web container in the GTM admin interface. (Create this separately from the server container created earlier.)
Add server_container_url to the configuration parameters of the GA4 tag (Google tag) in the Web container, and set the value to https://sst-server.example.com.
This causes GA4 measurement requests from the browser to be sent to your own domain's sGTM rather than Google's servers.

4. Configuring the GTM Server Container
Return to the GTM server container and configure it to forward received data to GA4.
Client: Add a GA4 Client (to receive requests from the Web container)
Requests arriving at the server container are raw HTTP requests as-is. The client's role is to parse these and convert them into event data that GTM can handle.

Tag: Create a Google Analytics: GA4 tag and configure the Measurement ID
On the server container side, you can use the x-ga-gcs variable to determine the user's consent state. Set up an exception trigger to prevent the GA4 tag from firing when consent has not been given.

5. Configuring Cookiebot CMP (Consent Banner)
Implement Cookiebot CMP on the test site to display the consent banner (shown below).

Since there are already many articles about Cookiebot, I'll skip the detailed steps.
That completes the setup.
Verification
Checking the Requests
Let's access the test site sst-webapp.example.com and observe the behavior. On the first visit, the consent banner appears.

Opening the browser's DevTools (Network tab), you can confirm that the destination of GA4's collect requests is going through your own domain (sst-server.classmethod.live in this example) rather than Google's servers.

We were also able to confirm in GA4's real-time reports that events are arriving correctly.

Regarding Requests Before Consent
You may notice that collect requests are being sent even before consent is given in the CMP.
This is not a configuration error — it is by design in Google Consent Mode v2. Requests before consent are tagged with the parameter gcs=G100. G1 indicates that Consent Mode is enabled, and 00 indicates that both ad_storage and analytics_storage are denied (not consented).
In this state, no cookies are set and no personally identifiable data is included. Google uses this data only for modeling (statistical estimation) purposes.
Incidentally, once consent is given, this changes to gcs=G111 (granted = consented).
The Benefits of sGTM
Let me summarize the benefits of sGTM.
1. Bypassing Ad Blocker Blocking
The destination of client-side GA4 requests is google-analytics.com, which appears on virtually all filter lists. By routing through sGTM, the destination changes to sst-server.example.com, making it harder to distinguish from requests to the site itself.
However, it is not a silver bullet. Filter lists such as AdGuard and EasyPrivacy have started adding detection patterns for sGTM subdomains.
2. Mitigating the Impact of ITP (Safari)
Safari's ITP expires first-party cookies set via JavaScript in as little as 7 days. With sGTM, cookies are set on the server side using Set-Cookie headers, which means they are treated as first-party cookies with their original expiration dates preserved, improving accuracy in identifying returning visitors.
However, since Safari 16.4, there is a rule (IP-matching rule) where if the IP prefix of the sGTM server does not match that of the website server, even server-set cookies are limited to 7 days.
3. Server-Side PII Filtering
The sGTM server container has a "Transformation" feature that allows you to strip or hash PII such as IP addresses and email addresses before forwarding to GA4 or Meta.
With client-side implementations, data flies directly from the browser to each vendor, so there's no way to pull back data that has already been sent. sGTM lets you place a gate before that point, which is effective for GDPR compliance.
Summary
I built a first-party measurement environment using sGTM with Usercentrics SST.
- The ease of getting started with sGTM in a fully managed environment
- Having CMP (consent banner) integration bundled together is a strength in environments where GDPR compliance is required
In environments running advertising, missing conversions means missing optimization data for bidding — so the longer you leave it, the more losses accumulate. If you're considering implementing sGTM, I think it's worth giving the Usercentrics SST Starter plan a try.
Reference Documents
- Usercentrics Server-Side Tagging Official
- Usercentrics SST Documentation
- Usercentrics: Strategies for Handling Consent in sGTM
- Ad blockers are now targeting server-side GTM subdomains by name
- Safari ITP - Everything You Need to Know | Stape
- Transformations In Server-side Google Tag Manager | Simo Ahava's blog