Don't let browsers interfere with measurement and advertising - Building a first-party measurement environment using server-side GTM and Usercentrics SST

Don't let browsers interfere with measurement and advertising - Building a first-party measurement environment using server-side GTM and Usercentrics SST

As browser restrictions tighten, there are increasing cases where GA4 and Google Ads measurement tags fail to work correctly. To address this challenge, I actually tried setting up server-side GTM (sGTM) using Usercentrics SST.
2026.07.08

This page has been translated by machine translation. View original

This is Konishi from the Berlin office.

Are your GA4 and Google Ads measurement tags working properly? Browser-side restrictions have been tightening year by year, and cases where data simply isn't being collected despite having tags embedded are now becoming common.

I had heard for a while that server-side GTM (hereafter sGTM) could help improve this situation, but since I had never actually tried it, I decided to give it a go.

Background and details on the issues are summarized in the article below, so please check that out as well.

https://dev.classmethod.jp/articles/how-usercentrics-sst-solve-broken-marketing-measurement/

What is Server-Side GTM (sGTM)?

With standard GTM, the browser sends data directly to each platform's endpoint, such as google-analytics.com or facebook.com. Since the destination domains are known tracking domains, the communication can be blocked entirely by browsers or their extensions.

With sGTM, requests from the browser are first received by your own domain's server, and then forwarded to GA4, Google Ads, Meta, and others. Rather than sending directly to each destination individually, think of it as consolidating everything at your own distribution center first and then delivering to each location.

However, the sGTM server environment typically needs to be set up in-house on Google Cloud Platform (GCP) or similar, which incurs infrastructure costs.

sGTM simply moves the data pathway to the server side — it does not handle consent management by itself. Under GDPR and the ePrivacy Directive, user consent must be obtained before sending measurement data, and a separate mechanism is needed to control that data from users who have not consented is not forwarded to GA4 or other platforms.

That is where a CMP (Consent Management Platform) comes in. The CMP obtains consent on the browser side and passes that consent signal to sGTM, which then allows the server container to determine "if consented, forward to GA4; if not consented, stop."

What is Usercentrics SST?

Usercentrics SST is a service that provides a managed execution environment for sGTM.

Since the company also offers Cookiebot, a CMP (Consent Management Platform), it provides an end-to-end solution covering consent acquisition, collection, and tag delivery.

The Starter plan is free, with up to 20,000 requests per month. No credit card registration is required. However, there is a limitation of one custom domain.

Actually Setting It Up

Configuration

I tried it out with the following configuration.

  • Test site: sst-webapp.example.com (static HTML = site displaying the consent banner)
  • sGTM custom domain: sst-server.example.com (data collection layer)
  • GTM Web container (GTM-XXXXXXX) + GA4 (G-XXXXXXXXXX)
  • Usercentrics SST (Starter plan)
  • Cookiebot CMP (consent banner)

1. Creating the GTM Server Container

Create a new server container in the GTM admin interface. Select "Manual setup" for provisioning.

Screenshot 2026-06-25 at 15.05.28

Setting the container to manual setup generates a configuration ID. Copy it as you will need to enter it on the Usercentrics side later.

Screenshot 2026-07-07 at 18.56.04

2. Creating the sGTM Hosting in Usercentrics SST

Create a Usercentrics account at https://sst.usercentrics.eu/ and create an sGTM container from the SST admin dashboard.

Screenshot 2026-07-07 at 18.58.50

In the container management screen, you're good to go if status=active is displayed.
Screenshot 2026-07-07 at 19.01.21

Custom Domain (DNS) Configuration

By default, sGTM is hosted under a domain like xxxxx.server.usercentrics-sst.io. This works as-is, but browsers will treat it as a 3rd-party request, which means you won't be able to leverage the benefits of sGTM.

Add a CNAME record to your DNS to point your own subdomain (in this case sst-server.example.com) to the sGTM server. This causes requests to be treated as coming from a first-party domain.

Set your custom domain and add the specified CNAME to your DNS as well.
Screenshot 2026-07-07 at 19.03.32

After completing the setup including DNS, it will become active after a short while.
Screenshot 2026-07-07 at 19.05.44

3. Configuring the GTM Web Container

Create a new Web container in the GTM admin interface. (Create this separately from the server container created earlier.)

Add server_container_url to the configuration parameters of the GA4 tag (Google tag) in the Web container, and set the value to https://sst-server.example.com.

This causes GA4 measurement requests from the browser to be sent to your own domain's sGTM rather than Google's servers.

Screenshot 2026-07-07 at 19.07.45

4. Configuring the GTM Server Container

Return to the GTM server container and configure it to forward received data to GA4.

Client: Add a GA4 Client (to receive requests from the Web container)

Requests arriving at the server container are raw HTTP requests as-is. The client's role is to parse these and convert them into event data that GTM can handle.

Screenshot 2026-07-07 at 19.13.15

Tag: Create a Google Analytics: GA4 tag and configure the Measurement ID

On the server container side, you can use the x-ga-gcs variable to determine the user's consent state. Set up an exception trigger to prevent the GA4 tag from firing when consent has not been given.

Screenshot 2026-07-07 at 19.12.30

5. Configuring Cookiebot CMP (Consent Banner)

Implement Cookiebot CMP on the test site to display the consent banner (shown below).

Screenshot 2026-07-07 at 19.10.35

Since there are already many articles about Cookiebot, I'll skip the detailed steps.

That completes the setup.

Verification

Checking the Requests

Let's access the test site sst-webapp.example.com and observe the behavior. On the first visit, the consent banner appears.
Screenshot 2026-07-07 at 19.21.23

Opening the browser's DevTools (Network tab), you can confirm that the destination of GA4's collect requests is going through your own domain (sst-server.classmethod.live in this example) rather than Google's servers.

Untitled(20)

We were also able to confirm in GA4's real-time reports that events are arriving correctly.

Screenshot 2026-07-07 at 18.00.19

You may notice that collect requests are being sent even before consent is given in the CMP.

This is not a configuration error — it is by design in Google Consent Mode v2. Requests before consent are tagged with the parameter gcs=G100. G1 indicates that Consent Mode is enabled, and 00 indicates that both ad_storage and analytics_storage are denied (not consented).

In this state, no cookies are set and no personally identifiable data is included. Google uses this data only for modeling (statistical estimation) purposes.

Incidentally, once consent is given, this changes to gcs=G111 (granted = consented).

The Benefits of sGTM

Let me summarize the benefits of sGTM.

1. Bypassing Ad Blocker Blocking

The destination of client-side GA4 requests is google-analytics.com, which appears on virtually all filter lists. By routing through sGTM, the destination changes to sst-server.example.com, making it harder to distinguish from requests to the site itself.

However, it is not a silver bullet. Filter lists such as AdGuard and EasyPrivacy have started adding detection patterns for sGTM subdomains.

2. Mitigating the Impact of ITP (Safari)

Safari's ITP expires first-party cookies set via JavaScript in as little as 7 days. With sGTM, cookies are set on the server side using Set-Cookie headers, which means they are treated as first-party cookies with their original expiration dates preserved, improving accuracy in identifying returning visitors.

However, since Safari 16.4, there is a rule (IP-matching rule) where if the IP prefix of the sGTM server does not match that of the website server, even server-set cookies are limited to 7 days.

3. Server-Side PII Filtering

The sGTM server container has a "Transformation" feature that allows you to strip or hash PII such as IP addresses and email addresses before forwarding to GA4 or Meta.

With client-side implementations, data flies directly from the browser to each vendor, so there's no way to pull back data that has already been sent. sGTM lets you place a gate before that point, which is effective for GDPR compliance.

Summary

I built a first-party measurement environment using sGTM with Usercentrics SST.

  • The ease of getting started with sGTM in a fully managed environment
  • Having CMP (consent banner) integration bundled together is a strength in environments where GDPR compliance is required

In environments running advertising, missing conversions means missing optimization data for bidding — so the longer you leave it, the more losses accumulate. If you're considering implementing sGTM, I think it's worth giving the Usercentrics SST Starter plan a try.

Reference Documents

Share this article