Skip to main content
Server Side Tracking is a software architectural pattern where events are sent through a server to your marketing tools (e.g. Google Ads, Meta for Business, etc.) instead of directly from your frontend (i.e. website). There are two fundamental approaches: ➡️ Proxy Server-Side (e.g. Google Tag Manager Server, Meta Signals Gateway): acts as a customizable relay that requires hosting (e.g. GCP, AWS, Stape.io, etc…) and extensive configuration
  • Stateless - no memory between requests
  • Simply relays events from browser to destinations
  • Cannot retry requests after failures or enrich user data natively
➡️ Full Server-Side (e.g. OneView): acts as a platform that handles data collection, compliance enforcement, deduplication, and advertising integrations out of the box
  • Stateful - maintains memory and user context
  • Stores user journeys, click IDs, and hashed user data
  • Can retry failed events and enrich use data natively
  • Full Server-Side (OneView)
  • Proxy Server-Side
  • Client-Side Tracking
Very Low Complexity.
  • No Script ⏳ that can be blocked.
  • Cookies 🍪 are replaced by a Master Cookie.
  • The Loader 🚀 can be loaded from 1st party context.
There are many options to send events to OneView.

Comparison

OneView offers a complete Server Side Tracking solution capable of both enforcing consent and storing Click IDs, providing the benefits of true server-side tracking.
AspectClient-Side Tracking (GTM Web)Proxy SST (GTM Server)Full SST (OneView)
Apple Compliance❌ Cookies expire in 7 days⚠️ Requires custom Conversion Linkers + ✅ Requires a or . Check out the implementation guide.
Safari Compliance❌ Ad Tracking broken❌ Ad Tracking broken✅ UTM-based attribution. Check out integrations supporting LTP.
Safari Compliance❌ Blocked browser fingerprinting— N/A— N/A
Ad-Blockers and VPNs⚠️ Cat-and-mouse game. Don’t play it.⚠️ Cat-and-mouse game. Don’t play it.⚠️ Cat-and-mouse game. Don’t play it.
✅ When using
Retries & Network Errors❌ No retry capability. Will lose events.❌ Stateless, can’t retry. Will lose events.✅ High-throughput global queue
Duplicated Events❌ Cannot deduplicate⚠️ Requires Firestore and custom Tags✅ Use Idempotency-Key to prevent duplicates.
Privacy Compliance I (GDPR, CCPA)⚠️ Must hash PII manually.⚠️ Must hash PII manually.✅ Hashing enforced. Cannot be disabled. Plaintext never stored.
Privacy Compliance II (ePrivacy)✅ Must handle multiple cookies.✅ Must handle multiple cookies✅ Only one master cookie to handle
Website Performance⭐️ Poor. Scripts slows down your website, even when deferred.⭐️⭐️ Good. Some scripts run on the server.⭐️⭐️⭐️ Excellent. Up to one script on the frontend. All weight is on OneView.
Maintainability⭐️⭐️ Good. Requires basic marketing skills.⭐️ Poor. Requires expert-level skills.⭐️⭐️⭐️ Excellent. OneView handles everything for you.

Features

Apple® ITP Compliance

Intelligent Tracking Prevention (ITP) is WebKit (Safari) technology that:
  • blocks all third-party cookies
  • restricts first-party cookies to a 7-day lifetime, unless they are set by the webserver
This means that tracking data for Safari users gets reset every 7 days, breaking attribution for longer customer journeys. Hosting your tracking server on a subdomain (e.g. data.example.com) is not enough to comply with Apple® ITP. This technique is called CNAME Cloaking and is explicitly targeted by ITP. OneView achieves full ITP compliance when using a or setup. With these configurations, you have full control over the OneView master cookie, ensuring client_id persistence beyond the 7-day ITP limit.
Check out the implementation guides.

Apple® LTP Compliance

OneView ensures full attribution accuracy across Safari, Brave, Firefox, and other privacy-focused browsers, even when Click IDs are missing. No actions required.
Link Tracking Protection (LTP) is a WebKit (Safari) technology that automatically detects and removes link decorators from URLs, including:
  • gclid (Google Ads)
  • fbclid (Meta/Facebook)
  • msclkid (Microsoft Ads)
  • ttclid (TikTok)
This breaks every traditional form of pixel-based tracking (either client or proxy server-side), because it removes the key identifier required by those pixels / server tags. OneView achieves full LTP compliance by providing UTM-based attribution fallback, and Enhanced Conversions for all supported integrations
OneView solves LTP compliance through two complementary methods that work even when the browser or a plugin strips all tracking parameters:
1

UTM-First Attribution

OneView uses a UTM-first attribution model that remains fully functional across Safari, Brave, Firefox, and all high-privacy scenarios. Instead of relying on platform-specific click IDs, OneView attributes conversions using UTM parameters that are LTP-compliant.
Integration UTM Fallback Configuration

Configure custom UTM fallback values for each integration in OneView

You can customize the utm_source fallback value for each Media Partner, ensuring accurate attribution even when click IDs are removed.
2

Enhanced Conversions Recovery

When consent is granted and the Media Partner supports it, OneView automatically sends Enhanced Conversions via each platform’s Conversion API. This allows ad networks to recover attribution data using:
  • First-party customer data (hashed emails, phone numbers)
  • Browser and device information
  • Conversion event details and timing
This dual approach ensures maximum attribution coverage across all privacy scenarios.
See which platforms support this dual attribution approach in our integrations overview.

Apple® AFP Compliance

OneView is not affected by Apple® Advanced Fingerprinting Protection.
Advanced Fingerprinting Protection (AFP) is a WebKit (Safari) technology that standardizes device information to reduce the uniqueness of browser fingerprinting. This prevents the generation of unique user identities based on device configurations such as screen resolution, fonts, and GPU specifications, making it harder to track users across sessions without cookies. OneView does not rely on browser fingerprinting for user identification, making AFP compliance a non-issue. Instead, OneView uses:
  • a single master cookie on the frontend, to store the anonymous client_id
  • identity resolution using your Identity graph, built on consenting users
Which both operate independently of browser fingerprinting techniques.

Ad-Blockers and VPNs

OneView’s philosophy on Ad-Blockers and VPNs:
  • We believe you should respect users’ clear privacy preferences
  • User consent should be expressed through lawful, explicit mechanisms (not circumvention)
OneView is built with privacy by design and by default. It’s your responsibility to send OneView proper consent data.
Ad-blockers and VPNs actively block tracking by:
  • Filtering requests to known analytics and advertising domains
  • Blocking JavaScript files with tracking capabilities
This creates a constant “cat-and-mouse game” where tracking implementations continuously try to circumvent blocking mechanisms. The result? Unreliable data collection, poor user experience, and potential compliance issues. OneView fixes this issue at its root. We guarantee complete data coverage for customers using . This approach generates page_view events at the server level - basically treating OneView as a log sink. This creates a complete picture of user interactions that’s invisible to any browser-based mechanism.
Check out our traffic mirroring implementation guide to configure your reverse proxy for complete data coverage.

Retries & Network Errors

OneView’s global queue system ensures no events are lost due to temporary network issues or endpoint failures. No actions required.
Network interruptions cause permanent data loss in traditional tracking because:
  • Server timeouts result in failed requests
  • Temporary connectivity issues drop events
  • Endpoint unavailability loses conversion data
  • No retry mechanism exists for failed transmissions
Proxy solutions can’t match this - they’re stateless by design. The browser itself cannot guarantee it will always retry a failed event: you get irrevocably inconsistent data across your marketing platforms. This is the leading cause of your dashboards reporting different numbers for the same event. OneView operates a high-throughput global queue system that automatically retries failed requests. Once an event is accepted, you’re guaranteed that it will eventually reach its destination, even if downstream services experience extended outages (up to 7 days).

Duplicated Events

Event duplication occurs when:
  • Page refreshes trigger multiple tracking calls
  • Back-button navigation re-fires events
  • Multiple tracking implementations overlap
  • Single-page applications double-track route changes
OneView provides built-in deduplication using the Idempotency-Key field. When you send the same event with the same , OneView automatically prevents duplicates from being processed, ensuring clean data across all downstream integrations.
Include an Idempotency-Key with each event request using a unique identifier like user_id + event_type + transaction_id to prevent duplicate processing.

Privacy Compliance I (GDPR, CCPA)

OneView automatically hashes PII and never stores plaintext sensitive data, ensuring built-in privacy compliance. No actions required.
While having flexible PII handling options seems convenient, it creates unnecessary risks since sensitive data can be accidentally transmitted or stored in plaintext. OneView takes a zero-tolerance approach to privacy. We enforce automatic PII hashing that cannot be disabled - eliminating human error and ensuring consistent compliance across all data processing. This is especially critical with ad_user_data and ad_personalization consent requirements. With OneView, you simply need to:
  • Send the correct consent status for each conversion event
  • Include PII data, which can be either:
    • Pre-hashed by you (if you prefer to hash before sending)
    • Sent in plaintext (OneView hashes it instantly at the edge, before data reaches your home region)
All personally identifiable information - including emails, phone numbers, names, and addresses - is automatically hashed using before any processing or storage occurs.
OneView does not inspect custom fields for PIIs. Please check the implementation guides.
OneView automatically detects and hashes emails, phone numbers, names, addresses, IP addresses, and any other field containing personally identifiable information before processing or storage.

Privacy Compliance II (ePrivacy)

Traditional implementations require complex consent management systems to handle multiple cookies from different vendors and services. OneView simplifies privacy compliance by using only one master cookie instead of multiple tracking cookies. This dramatically reduces consent management complexity, as you only need to handle consent for a single cookie rather than managing consent for dozens of different tracking pixels and their associated cookies.

Website Performance

Performance impacts from multiple tracking scripts include: Even deferred, scripts consume processing resources and impact user experience, leading to higher bounce rates, especially on mobile. OneView delivers excellent website performance by requiring only one script on the frontend (or none at all with implementations such as ). All heavy processing and integration work happens on OneView’s servers, dramatically improving your Lighthouse score.
Typical improvements:
  • 20-40 point increase in Lighthouse performance scores
  • 50-70% reduction in Total Blocking Time
  • Significant improvements in Core Web Vitals metrics
Your actual improvement depends on:
  • Number of tracking scripts you can remove
  • Current resource usage of those scripts
  • Your existing website optimization level
Most customers with 5+ tracking pixels see dramatic performance gains within days of switching to OneView.