+30% more hits collected: what a first-party client-side infrastructure changes
29/06/2026 |
Adblockers, ITP restrictions and CMP blocking all degrade the quality of your client-side data collection. But this isn’t inevitable: a first-party client-side infrastructure can restore script execution, cookie lifetime and visitor identity consistency — while fully respecting your users and the legal framework. Here’s how.
Adblockers, ITP, ETP… The mechanisms degrading your client-side collection
You check your dashboards. GA4 looks stable. Meta Ads is reporting conversions. ROAS figures are acceptable. Everything seems fine.
At least on the surface.
Because a portion of your events never makes it into your tools. Your advertising algorithms are therefore running on truncated data. And some measurement cookies — including those that enable Google or Meta to optimise your bids — disappear after 24 hours for a share of your traffic. The worst part? No error is flagged: you are partially blind without even knowing it.
This isn’t a consequence of the end of third-party cookies. It’s worth recalling that in July 2024, Google ultimately abandoned its plan to remove them from Chrome — a decision confirmed in April 2025. These data losses have other causes:
- Adblockers, which have been blocking a share of traffic for years, and whose users are gradually ageing into demographic brackets with growing purchasing power and LTV.
- Safari, which has been limiting cookies since 2017, as has Firefox.
- The GDPR, which introduced a third source of loss: non-consent — both when users actively limit cookies, and when the consent banner itself fails to display because it has been blocked by an adblocker.
Three problems (see the table below) that, combined, degrade your client-side collection. And one key question: how do you architect your data collection to reduce these losses?
| Source of the problem | Explanation | Impact on data collection |
|---|---|---|
| Adblockers | Block either the loading of the JavaScript library (e.g. Meta Pixel) or the data collection request after the script has executed. | Up to 30% of events can disappear. Tools do not flag this absence of data. |
| Intelligent Tracking Prevention (ITP) in Safari Enhanced Tracking Protection (ETP) in Firefox |
Browser mechanisms that reduce the lifetime of measurement cookies to 24 hours for third-party scripts. In France, the combined market share of Safari and Firefox is estimated at 25%. | Truncates tracking data. A visitor who returns after 24 hours is counted as new. Late conversions are not attributed correctly (paid appears to underperform while SEO appears to over-perform). |
| CMP blocking | An adblocker blocks the Consent Management Platform (CMP) library. The consent banner does not appear and no consent is collected. | Absence of technical consent (as opposed to active refusal). No data is collected in strict implementations. GDPR compliance issue and data quality problem. |
Server-side and client-side: 2 methods for a shared challenge
This observation has driven, since 2020, a growing interest in server-side tracking as a new quality standard for data collection. Using it is well justified, and we have previously documented the benefits of server-side tracking in detail. But server-side also has two structural limitations that are often glossed over when it is presented as the solution.
The first is economic. Migrating to a server-side infrastructure and operating it represents a cost, which makes deployment often gradual. This makes sense: work that was previously handled by the browser is now taken on by a centralised server — that of your server-side platform.
Beyond this, client-side tracking has been a standard mastered by digital teams since 1996. It requires no major technical overhaul and is compatible with the entire martech stack.
The second limitation is more fundamental: server-side does not replace client-side. It complements it. The cookie remains central to the digital ecosystem. Many marketing solutions — A/B testing, ad servers, personalisation tools, analytics — still depend on it.
In practice, in 2026, client-side and server-side coexist across the web. Major brands have embraced the potential of server-side, which is growing fast, but smaller organisations remain attached to “tags”. In this context, the challenge is to bring client-side collection quality up to the level of server-side. That means protecting client-side collection as effectively as possible — especially since server-side as practised in the market still often relies on a client-side collection layer. The data exchange happens via API.
Google itself addressed this in May 2025 with the launch of Google Tag Gateway — a first-party tracking solution for GA4 and Google Ads. A strong signal: even for Google, client-side collection needs to be protected. And that protection rests on two pillars.
The two pillars of high-quality client-side collection
First-Party Hosting: making your scripts invisible to blockers
It all starts with a simple problem to state. Your partners’ JavaScript libraries (Meta Pixel, TikTok, Bing UET, etc.) are loaded from those partners’ own domains. Since these domains are well known, adblocker blacklists identify them immediately and block their loading.
First-Party Hosting solves this by moving the loading point. Instead of being served from partner domains, these scripts are hosted from your own domain, under randomly generated filenames that are refreshed every ten minutes to stay up to date. The practical benefit: partner scripts execute across all traffic, including for users running an adblocker.
Better still: the Consent Management Platform (CMP) itself can be hosted the same way. If your CMP library is blocked before it loads, the consent banner never appears, no consent is collected, and the entire downstream setup collapses. First-Party Hosting also protects this “zero link” in the chain — the one that makes everything else legally possible.
First-Party Tracking: restoring the lifetime of your cookies
Once scripts are executing, a second problem remains: the collection requests themselves. Even if the Meta Pixel loads correctly, its hits are sent to connect.facebook.net — an external domain that Safari detects. ITP restrictions then apply, and a cookie will only last 24 hours.
With First-Party Tracking, these requests are routed through your own domain (/yoursite/metrics) before being redistributed to partners. From the browser’s perspective, this traffic is first-party, and the cookie is treated accordingly — with a lifetime of up to 13 months.
And that longevity changes everything. Multi-day visitor journeys (the most common in retail) become traceable again. Returning visitors are recognised as such, rather than recounted at every session. Retargeting works again on Safari audiences. And consent management benefits from better long-term persistence.
| Pillar | Problem solved | Key benefit |
|---|---|---|
| First-Party Hosting | Scripts blocked by adblockers | Full library execution + CMP protected |
| First-Party Tracking | Measurement cookies limited to 24h (ITP/ETP) | Cookie lifetime restored — up to 13 months |
Commanders Act Gateway: both pillars in a single infrastructure
Setting up these two pillars separately is technically feasible, but at the cost of multiple configurations: partner by partner, with dedicated subdomains, heterogeneous stacks and dispersed maintenance.
And it is precisely to simplify both deployment and operation that Commanders Act offers its own solution: Commanders Act Tag Gateway (CAG). This infrastructure brings together both pillars under a single path on the client domain (/yoursite/metrics), whatever CDN (Content Delivery Network) or WAF (Web Application Firewall) is in place.
Concretely, a single deployment covers the entire partner ecosystem (Google, Meta, TikTok, Bing, Awin, Piano…) — all routing through the same infrastructure. Key point: CAG natively integrates Google Tag Gateway, guaranteeing full compatibility with GA4 and Google Ads.
With this solution, Commanders Act delivers client-side collection that is robust, protected, and platform-agnostic.
What this means for your measurement and performance
Combined within CAG, first-party hosting and first-party tracking correct the major distortions weighing on digital measurement. On advertising performance, the effect is direct. Platforms like Google Ads and Meta Ads run on machine learning: the quality of their optimisations depends on the quality of the conversion signals they receive. Incomplete collection leads to bidding on already-converted audiences, or under-investing in high-potential segments. More complete collection gives the engine the fuel it needs.
On CAG deployments, observed gains range from +20% to +30% additional hits collected, depending on the initial level of blocking — with corresponding effects on CPA and ROAS.
The gains also extend to attribution — this time, to improving the reliability of budget decisions. When measurement cookies expire after 24 hours, conversions made three days after a first click are no longer attributed to the right campaign. Paid appears to underperform while SEO appears to over-perform. Restoring cookie lifetime also means restoring visibility into the funnel.
Go further
First-party infrastructure in service of the CMP
Without a first-party infrastructure, the consent cookie placed by the CMP is subject to exactly the same ITP constraints as any other measurement cookie. On Safari, it expires in 24 hours to 7 days depending on the configuration. At every new session, the same user sees the consent banner again — even if they already consented the day before. Prompted repeatedly, they end up refusing out of reflex, or closing the banner without interacting. The brand loses consents it had already obtained. With First-Party Hosting, consent is stored durably. The user sees the banner only once. They make their decision without repeated pressure.
Why your CISO needs to be involved
Deploying a solution such as Commanders Act Tag Gateway (CAG) requires involving your information security teams. In a first-party architecture of this kind, all domain cookies travel with requests — including authentication cookies. Security teams’ concerns are understandable.
CAG addresses this through a dual filtering mechanism: a blacklist that removes sensitive cookies before they even reach the Gateway (at CDN level), and a per-partner whitelist that transmits only the cookies strictly necessary for each destination — ga and _gcl* for Google, for example. As a result, authentication cookies never reach either Commanders Act or its partners.
