SGTM isn’t just about moving tags from client to server - it’s about setting first-party cookies via HTTP, which lasts way longer than JS-based cookies of the web GTM tags. What does this mean for you? More accurate tracking, clearer insights into your ad campaigns, and ultimately, knowing where your money’s making the most impact.
But here’s the kicker—just as we get good at something, the rules change. Enter Intelligent Tracking Prevention (ITP). This system is like the bouncer at the club, deciding which cookies can party for long and which get kicked out early. ITP checks if your sGTM's setup looks fishy—like if it’s hanging out on a different server—and if it does, it shortens the life of your cookies to just 7 days. Not cool, right?
To be more precise: ITP checks the DNS records of the SGTM backend (i.e. sgtm.yourdomain.com) and if it finds out that its IP address differs from the main website in the first two triads (in case you set it via A record) or if CNAME point to other domain - it treats it like third-party cookies.
See Simo Ahava post about it
So, what’s a marketer to do? Go undercover with a little proxy action. Here's a sneak peek into using Cloudflare to keep your cookie game strong and ITP off your back:
But here’s the kicker—just as we get good at something, the rules change. Enter Intelligent Tracking Prevention (ITP). This system is like the bouncer at the club, deciding which cookies can party for long and which get kicked out early. ITP checks if your sGTM's setup looks fishy—like if it’s hanging out on a different server—and if it does, it shortens the life of your cookies to just 7 days. Not cool, right?
To be more precise: ITP checks the DNS records of the SGTM backend (i.e. sgtm.yourdomain.com) and if it finds out that its IP address differs from the main website in the first two triads (in case you set it via A record) or if CNAME point to other domain - it treats it like third-party cookies.
See Simo Ahava post about it
So, what’s a marketer to do? Go undercover with a little proxy action. Here's a sneak peek into using Cloudflare to keep your cookie game strong and ITP off your back:
You've got two options:
1. Proxy Magic with Subdomains
Proxy all traffic from separate subdomain to your SGTM by Cloudflare Page Rules and DNS
Pro Tip: Check that Cloudflare keeps your IP in the same subnet as your main site to avoid suspicion.
Proxy all traffic from separate subdomain to your SGTM by Cloudflare Page Rules and DNS
Pro Tip: Check that Cloudflare keeps your IP in the same subnet as your main site to avoid suspicion.
2. URL Proxy Sleight of Hand
Just set up a reverse proxy of yourdomain.com/ss/* traffic straight to your sGTM and watch your conversions get tracked like magic. It’s slick, seamless, and totally under the radar.
Just set up a reverse proxy of yourdomain.com/ss/* traffic straight to your sGTM and watch your conversions get tracked like magic. It’s slick, seamless, and totally under the radar.
Option 1. Proxy SGTM subdomain to SGTM container
This approach will use the ss.yourdoamin.com subdomain as the SGTM endpoint. Cloudflare will proxy all requests to the real SGTM container.
Disclaimer: We expect that Cloudflare will give to the subdomain an IP that will be the same subnet with the same first two IP parts 111.222.*.*, for example, 195.233.12.12 for the main website, and 195.233.20.40 for the subdomain
However, if the subdomain IP differs in the first two parts, the ITP considers such a subdomain third-party and limits the cookie lifetime to 7 days.
Configure DNS in Cloudflare:
- Go to your Cloudflare dashboard and select your domain.
- Navigate to DNS settings.
- Add a new CNAME record with the following details:
- Name: ss
- Target: https://server-side-tagging-xxxxxxx.us-central1.run.app
- Proxy Status: Set it to Proxied (orange cloud icon).
This will proxy all traffic to ss.yourdomain.com to your SGTM while hiding the real backend from ITP.
Option 2. Proxy /ss/* URLs on the main domain to SGTM
This approach is just slightly more complex but it is undetectable for ITPs.
You need to configure a Cloudflare reverse proxy so that requests to yourdomain.com/ss/*are proxied to server-side-tagging-xxxxxxxx.us-central1.run.app/*
Deploy the Worker:
- Go to the Workers section of your Cloudflare dashboard.
- Create a new Worker.
- Copy and paste the above script into the Worker code editor.
- Save and deploy the Worker.
Set Up Routing:
- In the Cloudflare dashboard, go to Workers and click on Triggers.
- Set the Route to something like yourwebsite.com/ss/*.
- Associate the route with the Worker you just created.
Step by step instruction
- Navigate to Workers in your Cloudflare dashboard.
- Create a new Worker and press deploy:
- Click Edit code
- Paste the following script:
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
// Clone the request to prevent issues with body being already read
const requestClone = request.clone()
// Get the original URL
const url = new URL(request.url)
// Modify the path to remove '/ss' prefix
const newPath = url.pathname.replace(/^\/ss/, '')
// Construct the new URL
const targetUrl = 'https://server-side-tagging-XXXXXXXXXXX.us-central1.run.app' + newPath + url.search
// Create a new request to the target URL with added headers
const modifiedRequest = new Request(targetUrl, {
method: requestClone.method,
headers: new Headers({
...Object.fromEntries(requestClone.headers),
'X-Forwarded-Host': 'ss.YOURDOMAIN.com' // Add the X-Forwarded-Host header
}),
body: requestClone.body,
redirect: 'follow'
})
// Fetch the response from the target URL
const response = await fetch(modifiedRequest)
// Return the response back to the client
return response
}Note: replace the https://server-side-tagging-xxxxxxx.us-central1.run.app by your sGTM URL
- Go to settings
- click "Add route"
Enter route like "www.yourdomain.com/ss/*" but change for your real domain
Select the domain from Zone selector
Click "Add"
Select the domain from Zone selector
Click "Add"
Set the server_container_url in the GA4 GTM tag to www.yourdomain.com/ss
Enjoy!
