Is a cookie banner mandatory on every website in the EU?

No. A banner is only needed when you use non-essential cookies/trackers. Strictly necessary cookies do not require consent.

What is the purpose of Consent Mode V2?

It adjusts Google tracking behavior based on consent states (e.g., ad_storage, analytics_storage, ad_user_data, ad_personalization) and can send modeled/cookieless signals when consent is denied.

How can apps send data to a GTM Server container?

By sending events to a server endpoint using an SDK such as Firebase or GA4 SDK, since apps don’t rely on browser cookies.

Why use your own subdomain instead of the provider domain for server-side tracking?

Using a custom subdomain routes requests through a first-party context and typically results in more stable cookie behavior and attribution under modern browser tracking restrictions.

Which GTM parameter is NOT consent-related?

analytics_personalization is not a standard Consent Mode parameter. Common Consent Mode signals include ad_storage, analytics_storage, ad_user_data, and ad_personalization.

What does TTL mean in DNS?

Time To Live: the duration DNS resolvers cache a record before re-checking, affecting how quickly DNS updates propagate.

If identifiers are hashed, are they still personal data under GDPR?

Yes. Hashing is typically pseudonymisation, not anonymisation, so it can remain personal data under GDPR.

What does preserving the referrer before Consent Mode blocks GA4 solve?

It helps prevent sessions from being misclassified as Direct or Unassigned when analytics storage is denied, improving attribution accuracy.

What can cause a 400 error on a tracking subdomain in GTM server-side?

A common cause is missing or misconfigured client handling in the server container (e.g., no appropriate web container/GA4 client to parse incoming requests), depending on the setup.

Table of contents

Server-side Tracking quiz: expert answers

Q: What can you do with marketing cookies?

Marketing cookies enable behavioral tracking for ad platforms, ad personalization, retargeting, and attribution support via click identifiers.

Q: What is NOT a benefit of Server-side Tracking?

Shifting from first-party to third-party data collection. Server-side tracking typically moves measurement into a first-party context.

Q: What is the standard GTM Server-side flow?

Website → Web container → Server container → Vendor endpoints (e.g., GA4, Ads, Meta).

Q: Why is the Shopify purchase event not visible by default in GTM web container preview mode?

Shopify checkout runs in a sandboxed environment outside the standard DOM, so web preview mode can’t access the purchase event by default. Reliable options include webhooks and Shopify Customer Events.

Colorful data visualization and analytics graphics

By:

Maurice Borrel | 4 March 2026 | Last updated: 16 March 2026

The TAGGRS Games were created to test your knowledge in the most hands-on way possible: questions based on everyday use cases to answer and real-world tracking scenarios to fix. To qualify for the Grand Final, the Server-side Tracking quiz has challenged participants with 24 timed questions across 3 levels covering GDPR, Consent Mode V2, GA4, Meta CAPI, DNS, and bot filtering. Plus, advanced troubleshooting.

In this article, we explain the correct answers: not just what is right, but why it’s right, sharing examples and practical insights based on real-world implementations across 2,000+ clients.

Let’s dive in.

LEVEL 1: FOUNDATION OF MODERN TRACKING

Correct answer: No. Under GDPR and the ePrivacy Directive, a cookie banner is only mandatory if you use non-essential cookies (e.g., marketing, analytics without legitimate interest). Strictly necessary cookies (e.g., cart functionality) do not require consent. Read the GDPR’s official directory.

What can you do with marketing cookies?

Correct answer: Track user data on the website. Marketing cookies are used for:

behavioral tracking. It refers to the collection of information about how users interact with a website. For example, when a visitor views multiple product pages for running shoes, a marketing cookie can record which products were viewed and how long the user stayed on each page. This behavioral data is then shared with advertising platforms such as Google Ads or Meta. The advertiser can create audience segments based on this activity, such as users interested in running shoes, and target them with relevant campaigns.
ad personalization. Say a visitor browses high-end laptops in an online store. The marketing cookie stores information about the product category and sometimes the product value. Later, when that same user browses social media or other websites, advertising platforms can display ads featuring premium laptops instead of generic electronics. The ad creative is dynamically selected based on previous browsing behavior, increasing the likelihood of engagement and conversion.
Retargeting. Imagine a user who adds a product to the cart but leaves the website without completing the purchase. The marketing cookie stores this cart event. Later, the user sees an advertisement on Instagram or YouTube reminding them to complete the purchase. In advanced setups, the ad can even display the exact product that was left in the cart. Without marketing cookies or a server-side equivalent, this type of dynamic retargeting would not function reliably. We wrote more on how that in our Retargeting in a scattered digital world article.
attribution modeling. Consider a scenario where a user first clicks on a Google search ad, then returns 2 days later through a Meta retargeting ad and completes a purchase. Marketing cookies store click identifiers such as gclid or fbclid and help connect sessions across time. This allows analytics and advertising platforms to determine which channel contributed to the conversion. Accurate attribution enables businesses to allocate budgets effectively and optimize campaign performance.

Cookies have no impact on the website’s speed.

Correct answer: Adjust tracking based on consent categories. Consent Mode V2 dynamically adjusts ad_storage, analytics_storage, ad_user_data, and ad_personalization. Instead of disabling tracking completely, it sends modeled (cookieless) pings when consent is denied. This enables:

Conversion modeling
Better attribution
Compliance with DMA requirements.

It’s worth mentioning that not all tracking platforms support these cookieless pings just yet. For example, Meta does nothing with them. So, ensure your setup handles platform-specific behaviors accordingly. Based on Consent Mode V2, we built TAGGRS’ Consent Approval Graph.

Which parameter does Meta not prefer for its algorithms?

Correct answer: Favorite color. Meta’s algorithms rely on strong identifiers like email, phone number, first name, and street name. “Favorite color” is irrelevant for identity matching or EMQ score. What is this metric and how to boost it, you can find in our guide Improve your Facebook EMQ score.

What is NOT a benefit of Server-side Tracking?

Correct answer: Shifting from first-party to third-party data collection. Server-side Tracking does the opposite: moves from third-party to first-party context, improves data ownership, reduces ad-blocker impact, and increases attribution accuracy. Have a full overview of the 8 key benefits of Server-side Tracking.

How can apps send data to a GTM Server?

Correct answer: Using a server endpoint with Firebase or GA4 SDK. This is because apps don’t use browser cookies. Learn more about Server-side Tracking for mobile apps.

What is the standard GTM server-side flow?

Correct answer: Website → Web container → Server container → Software

What is the main purpose of using your own subdomain instead of the Server-side Tracking provider domain?

Correct answer: It transitions tracking to first-party cookies. When server-side tracking is configured on a custom subdomain such as tracking.yourdomain.com, the server container operates in a first-party context. Instead of sending tracking data directly from the browser to an external provider domain, requests are routed through your own domain first.

Because cookies are then set via your own (sub)domain, they function as first-party cookies rather than third-party cookies. Modern browsers apply strict limitations to third-party cookies and cross-site tracking such as Safari’s Intelligent Tracking Prevention, which often results in shortened cookie lifetimes and data loss in traditional client-side setups.

By operating in a first-party context and setting cookies server-side, server-side tracking typically benefits from longer cookie lifespans, more stable attribution and reduced impact from browser tracking prevention mechanisms. This structural difference is a key reason why measurable conversions often increase after implementation.

What is the average uplift of Server-side Tracking based on 2,000 TAGGRS clients?

Correct answer: 16–22% more tracked data. Check success stories of improved data reliability across industries and organizations in our case studies.

What did Google do with third-party cookies?

Correct answer: Switched to a user-choice model. Google stopped full deprecation and introduced user-level privacy controls and Privacy Sandbox APIs. This reinforces the importance of first-party server-side tracking.

LELVEL 2: ADVANCED IMPLEMENTATION AND DATA INTEGRITY

Why is the Shopify purchase event not visible by default in GTM web container preview mode?

Correct answer: Shopify runs purchases in a sandboxed environment. The checkout occurs outside the standard DOM context. So, preview mode cannot access it.

Webhooks: Server-to-server order notifications that completely bypass the browsers.
Server-side purchase tracking: Sends purchase data directly to your GTM Server container, typically using webhooks or scripts implemented via Shopify’s Customer Events environment.
Shopify Customer Events: Custom pixels/scripts running inside checkout sandbox, feeding data to GTM for processing.

Important to mention: Shopify Customer Events can be used for both web and server-side tracking:

for web tracking, they can forward events to the dataLayer (within sandbox limits).
for Server-side Tracking, they can send purchase data directly to a GTM Server container.

Correct answer: analytics_personalization. Official Consent Mode parameters are:

ad_storage
analytics_storage
ad_user_data
Ad_personalization.

What is the primary benefit of using a webhook for a purchase event?

Correct answer: It does not rely on the thank-you page. Webhooks fire server-to-server, are not blocked by ad blockers, and work even if the user closes the browser. Best practice for e-commerce tracking.

What is a typical use case for GTM transformations?

Correct answer: Modifying or enriching incoming data. GTM transformations process raw events in the server container (like cleaning parameters, adding custom dimensions, or formatting user identifiers) before forwarding to endpoints like GA4 or Meta. This improves data quality without client-side changes. For example, you might hash emails for Enhanced Conversions or filter bot traffic early.

What does TTL mean in the context of DNS?

Correct answer: Time to Live. TTL defines how long DNS records are cached and how fast updates propagate. It is a critical parameter when configuring custom subdomains and server-side containers.

What is NOT a standard GA4 ecommerce event?

Correct answer: purchase_canceled. Standard GA4 events include: view_item_list, add_to_wishlist, purchase, and refund. See Google's official recommended events reference.

Correct answer: Cookie set by an external domain. First-party cookies are set within your own domain context.

What CANNOT be the reason why the server does not receive events?

Correct answer: Denied consent. Server-side Tracking receives events directly via first-party endpoints, bypassing browser consent blocks that affect client-side pings. Common issues might be: network errors, misconfigured clients, DNS problems, or ad blockers stopping the initial client request. Not consent denial itself.

Which parameter is not part of enhanced conversions in Google Ads?

Correct answer: browser_language. Enhanced conversions use hashed user data like email, phone_number, address, first_name, and last_name to improve match rates. browser_language isn't a standard parameter; it's unrelated to user identification for conversion matching.

Which parameters are minimally required to set up Google Ads Enhanced Conversions?

Correct answer: Email and/or phone number. Enhanced Conversions improve match rates, attribution accuracy, and conversion modeling. Hashed identifiers are still personal data under GDPR.

What is an example of a user agent?

Mozilla/5.0 (Macintosh; Intel Mac OS X). User agents are strings sent by browsers or bots identifying software, OS, and device details. This partial example mimics Safari/Chrome on macOS, helping with traffic filtering, bot detection, and analytics segmentation in server-side setups.

Correct answer: Yes. Hashing does not equal to anonymization. It is pseudonymisation. Data can still be re-identified. Learn more about anonimization.

What is the primary use of the TAGGRS Enhanced Tracking Script (Custom Loader)?

Correct answer: Masks GTM to protect against blockers. The TAGGRS Enhanced Tracking Script is designed to reduce the likelihood that ad blockers detect and block your tracking implementation. Some advanced blockers recognise the default Google Tag Manager script pattern and prevent it from loading entirely. When this happens, both client-side and server-side tracking can fail before any data is sent.

What does it actually do? The Custom Loader modifies how GTM is delivered so that it is less likely to match common filter lists used by ad blockers. As a result, event delivery rates increase and data loss caused by script blocking is reduced. Unlike aggressive workarounds, this approach preserves website performance while improving measurement reliability.

Correct answer: 1,000 daily visitors. Consent Mode modeling relies on statistical thresholds. When traffic volume is too low, modeled conversions become less reliable because the algorithm does not have enough data points to extrapolate patterns accurately. For businesses running high-spend campaigns with significant traffic, modeling can meaningfully reduce signal loss. For smaller websites, however, server-side tracking and first-party infrastructure often play a more important role than relying purely on modeled data.

Correct answer: Prevents Unassigned & Direct traffic. When Consent Mode denies analytics storage, GA4 may lose access to the original traffic source if the referrer is not preserved correctly. This often results in sessions being categorised as Direct or Unassigned, which distorts attribution and negatively impacts ROAS reporting.

By preserving referrer data before restrictions apply, you maintain cleaner attribution paths and more reliable campaign reporting. Learn more about how to fix Unassigned traffic in GA4.

LEVEL 3: EXPERT-LEVEL TRACKING AND DEBUGGING

What can cause a 400 error on a subdomain?

Correct answer: No web container client in server container. A 400 error usually indicates that the server container can’t properly process incoming requests. This commonly occurs when using the enhanced tracking script without Anti-adblocker functionality, as it requires a web container client (like the GA4 client template) to parse and forward requests. Without it, requests fail.

This error is specific to that script configuration: standard setups or Anti-adblocker-enabled scripts don't need the web container client. Other causes may include incorrect endpoint configuration or DNS issues.

Correct answer: GA4. The GA4 server tag, like all other Google-related tags in the server container, is designed to read consent signals automatically and apply them accordingly, reducing manual configuration while aligning analytics behavior aligns with Consent Mode settings.

But consent logic must still be implemented correctly in the web container and server container configuration. Misalignment between layers can still cause data discrepancies.

What is the _gl parameter?

Correct answer: Google linker parameter. The _gl parameter is used for cross-domain tracking and session preservation. It ensures that session identifiers and click IDs are passed correctly between domains so attribution remains intact.

Without proper linker configuration, cross-domain journeys may break, resulting in lost attribution and inaccurate reporting.

What is NOT a reason for unassigned traffic?

Correct answer: Low website traffic. Unassigned traffic is usually caused by broken UTM parameters, cross-domain misconfigurations, missing session identifiers or consent-related tracking loss. Simply: having low traffic volume does not create Unassigned sessions.

Fixing these issues often requires reviewing server-side setup, parameter forwarding and consent implementation.

Correct answer: gcd=11r1r1r1r5. The gcd parameter reflects the consent state passed via Google Consent Mode. It determines whether signals are granted, denied or modeled. Understanding this parameter helps diagnose discrepancies between modeled and observed conversions.

What is a known issue with the Pinterest conversion API?

Correct answer: It delays the request that is sent to the server which can cause slowing down the website. Some Pinterest Conversion API implementations can introduce delays in request processing, which may slow down event confirmation or affect reporting timelines. While this does not necessarily impact attribution directly, it can affect how quickly data appears in dashboards.

Correct answer: Data can still be re-identified back to person. Hashing personal identifiers does not make them anonymous: hashed data can still be matched back to individuals if combined with other information. Under GDPR, this qualifies as pseudonymised data, not anonymised data. Learn more about this distinction.

This is important when implementing Enhanced Conversions or Meta CAPI, as hashed identifiers are still considered personal data.

Which statement about AI browsers is NOT true?

Correct answer: Perplexity Comet only gives consent for analytics_storage. AI-driven browsers and assistant-based browsing tools behave differently from traditional browsers. Consent signals, ad blocking logic and user-agent masking may vary significantly. This creates new challenges in attribution and measurement consistency.

Read more about AI browsers tracking and attribution in the article AI browsers tracking challenges.

On which browser version is Safari currently testing the removal of click IDs?

Correct answer: Safari Technology Preview. Safari’s experimental builds allow testing of evolving privacy features, including click identifier stripping. These changes directly impact affiliate tracking, paid search attribution and cross-site measurement.

Which parameter has the lowest impact on Meta’s EMQ score?

Correct answer: Last name. Meta’s Event Match Quality (EMQ) score relies heavily on strong identifiers such as email and phone number. While additional parameters contribute marginally, core identifiers drive match success. Improving EMQ often requires structured server-side enrichment and correct formatting of identifiers.

How can you track data from an iframe?

Correct answer: By building proper event listeners. Tracking inside iframes requires careful event listener configuration and secure communication between frames. Direct script injection or unsafe workarounds can introduce vulnerabilities. Server-side forwarding often improves reliability in these environments.

Correct answer: 51% of global web traffic is bots. The implications? Server-side validation is critical, filtering logic is mandatory, and attribution inflation is common. Learn more about bot traffic and techniques to block it.

What’s an example of ChatGPT Atlas User Agent?

Correct answer:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)

AppleWebKit/537.36 (KHTML, like Gecko)

Chrome/142.0.0.0 Safari/537.36

Understanding user agents helps detect AI traffic, identify bot patterns, and improve filtering logic.

About the author

Maurice Borrel

Server-side Tracking Implementation Specialist

Maurice Borrel is a Server-side Tracking Implementation Specialist at TAGGRS. He possesses extensive knowledge of Google Tag Manager and has a background in Backend Development. Since 2023, Maurice has ensured the accurate and efficient implementation of tracking solutions. He also reviews TAGGRS’ blog posts to guarantee that only up-to-date and correct information is published.

Ready to
track smarter?

See exactly how Server-side Tracking can work for your marketing strategy. Live, with an expert.