Server-side Tracking Migration Audit
The conversion-loss audit you run before and after the GTM Server-side cutover.
Who this is for
- Brands still on browser-side tracking
- Operators about to ship a GTM SST migration
- Tracking leads validating an existing SST setup
Why this exists
Server-side tracking is a 5-15% conversion recovery in 2026, but the migration is where most brands break attribution silently for weeks. This audit gives the pre and post checks that catch the silent breaks before Smart Bidding optimises against bad data.
Read this first
Server-side tracking moves the conversion ping from the browser to your own infrastructure, then forwards it to ad platforms with hashed PII enrichment. The recovery is 5-15% of conversions previously lost to iOS, ad blockers, and consent banners. The risk is that during the cutover, something silently breaks and Smart Bidding optimises against half-broken data for weeks before the dashboards make it visible. This audit catches the break early.
Migration order with the four most-skipped steps
Pre-migration baseline
Before touching anything, capture the current state: browser-side conversion volume per platform (Google Ads, Meta, TikTok), GA4 ecommerce revenue, Shopify total revenue, and EMQ scores in each platform's Events Manager. Save the baseline with the date. This is what you'll compare against to know whether the migration broke or recovered conversions.
Stand up the GTM Server-side container
Provision the server (App Engine, Cloud Run, or self-hosted via Docker depending on your stack). Configure the GTM SS container, set up the preview mode, validate it receives events from the web container in real time. This is technical setup, often where the migration stalls; budget two days for it.
Wire Conversions API on each platform
Google Ads via the Click Conversions API with GCLID forwarded server-side. Meta CAPI with deduplication keys against the browser-side pixel. TikTok Events API with event_id matching. The four most-skipped steps: dedup keys, currency formatting, hashed user_data populated correctly, and event_time in the right format. Skip any one of them and the platform either drops the event or double-counts.
Layer Enhanced Conversions
Enhanced Conversions sends hashed user data (email, phone, name, address) alongside the conversion ping. It's the feature that recovers the iOS / consent-blocked conversions and pushes EMQ scores to 8+. Configure Enhanced Conversions for Web on Google Ads, then Enhanced Conversions for Leads if relevant, then verify the field mapping is correct. The most-common silent break is Enhanced Conversions firing without hashed user_data because the field map didn't pick up the dataLayer variable.
Run the 14-day post-migration sanity check
For 14 days after cutover, freeze every other change. No bid-strategy moves, no structural splits, no creative refreshes. The sole job is to validate that conversion volume, EMQ scores, and revenue parity stayed in range. After 14 days of clean data, resume optimisation. Most failed migrations got optimised before they were validated.
Pre vs post baseline check
Run this side by side. Numbers should land within the expected delta range. Anything outside the range gets investigated before any bid change.
| Metric | Pre-migration | Post-migration (target) | Investigate if outside |
|---|---|---|---|
| Google Ads conversion volume | Baseline number | +5% to +15% | Below baseline OR above +25% (likely double-count) |
| Meta CAPI conversion volume | Baseline number | +5% to +15% | Below baseline OR above +25% |
| GA4 ecommerce revenue | Baseline number | Within 5% (GA4 is independent) | Above 10% delta in either direction |
| EMQ score (Google Ads) | Often 4-6 for browser-side | 8+ post-migration | Below 8 means hashed user_data didn't wire correctly |
| EMQ score (Meta) | Often 5-7 for pixel-only | 8+ post-migration | Below 8 means dedup or hashed PII broken |
| Shopify-to-platform revenue parity | Often 60-80% (browser-side leakage) | 85-95% (post-SST recovery) | Below 80% means CAPI is dropping events |
Field-mapping mistakes that break attribution silently
- Email field unhashed (some implementations send raw email; ad platforms reject or deprioritise)
- Phone field with country code missing (E.164 format required)
- Currency code missing on conversion value (defaults to USD, distorts non-USD accounts)
- Event time in milliseconds vs seconds (Meta wants seconds, easy mistake)
- User-agent and IP not forwarded (drops EMQ score by 1-2 points each)
- Click ID not forwarded server-side (GCLID, FBCLID, TTCLID all required for their respective APIs)
- Deduplication key inconsistent between web pixel and CAPI (causes double-counting)
- Test events labelled as production (pollutes the live conversion data set)
- Cookie consent state not propagated to the server-side container (Consent Mode v2 silently denies events)
- Enhanced Conversions enabled but the conversion action doesn't have the field map populated
What good looks like 14 days after cutover
EMQ scores 8+ across every platform you spend on. Conversion volume up 5-15% vs the pre-migration baseline. Revenue parity between Shopify and platforms within 10%. Smart Bidding has settled into its new value signal. No bid changes have been made for 14 days. From here, optimisation can resume against clean data.
External resources
Authoritative references we link to alongside the template. Read them before running the audit.
- Google Tag Manager, server-side tagging overviewOfficial documentation for the GTM Server-side container setup.
- Google Ads, Conversions API integrationReference for the Click Conversions API setup in step 3.
- Google Ads, Enhanced Conversions for WebReference for the Enhanced Conversions wiring in step 4.
- Meta, Conversions API best practicesAuthoritative reference for Meta CAPI dedup and EMQ patterns.
- Google Ads, Consent Mode v2Required reading for the consent-state propagation in the field-mapping checklist.
- Search Engine Journal, server-side tracking coverageTopic index. Useful for tracking SST platform changes and case studies.
Want this run for you?