GPC LIMITS YOUR DATA. SERVER-SIDE TRACKING RESTORES IT.

GPC is a browser-level signal that automatically tells every website a user visits: “do not sell or share my personal data.” GPC has legal enforcement behind it; Twelve US states now require businesses to treat a GPC signal as a valid opt-out request, equivalent to the user manually clicking “Do Not Sell My Data” on your site. California’s AB 566 law states that, as of January 2027, all browsers must have GPC built-in.

As of 2026, twelve states require businesses to honor GPC or equivalent universal opt-out signals: California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, and Texas. This list is growing. If your website is accessible to residents of these states (which, for most US businesses, it is), you are required to detect and honor the GPC signal.

Your consent management platform detects the GPC signal and automatically honors the opt-out. For most CMP configurations, this means the consent banner is suppressed entirely and the visitor never sees it, because their browser has already communicated their preference. As a result, no tracking scripts fire, no retargeting pixels load, and no third-party data collection occurs for that visitor. Your site never gets the opportunity to ask for consent. Under California’s updated CCPA regulations, you are also required to display an “Opt-Out Request Honored” confirmation to the user.

GPC blocks the sale and sharing of personal data with third parties. It does not prevent you from collecting first-party data into your own infrastructure. Server-Side Tracking routes all event data (pageviews, clicks, conversions) through your own server before anything reaches an ad platform. This means your analytics, customer journey data, and conversion records remain intact in systems you own. For visitors who have given consent (non-GPC users), your server then forwards conversion events to ad platforms via server-to-server APIs (Google Ads, Meta CAPI, LinkedIn Conversion API, and others), recovering the optimization signals your campaigns need. As a result, you maintain a complete first-party data picture regardless of GPC adoption, and you preserve ad platform signal for your consented audience.

No. Server-Side Tracking does not bypass, circumvent, or override GPC or any privacy regulation. When a visitor arrives with GPC enabled, SST respects their opt-out fully. No data is shared with third-party ad platforms for that user. What SST does is ensure that your first-party data collection remains functional. The data flows to your server, where it stays unless the visitor has given explicit consent for it to be forwarded. Think of it as the difference between collecting data you own and sharing data with others. GPC governs the sharing. SST protects the collecting. The two work together, not against each other.

AB 566, also known as the “Opt Me Out Act,” was signed into California law in October 2025. It requires all web browsers offered in California to include built-in GPC functionality by January 1, 2027. Browsers must make the GPC setting easy to find, clearly explain what it does, and disclose its effect. This is significant because it forces Chrome, Safari, and Edge to ship native GPC support. Chrome alone holds roughly 65% of global browser market share. An academic study found that 94% of users enable GPC when it is presented during browser setup, highlighting the impact that marketers can expect.

Usercentrics’ Server-Side Tracking solution is built to work seamlessly with the Usercentrics CMP. When a visitor arrives on your site, the CMP detects their consent status, including GPC signals, and passes this information to the server-side container in real time. Your server then reads both the event data (what the visitor did) and the consent data (what they’ve permitted), and routes accordingly. For consented users, conversion events are forwarded to your connected ad platforms. For GPC or non-consented users, data stays in your first-party systems only.

Usercentrics’ Server-Side Tracking solution is based on server-side Google Tag Manager (sGTM), which supports tag templates for all major ad and analytics platforms: Google Ads, Meta (via Conversions API), LinkedIn, TikTok, Google Floodlight, Microsoft Bing Ads, Pinterest, Reddit, Snapchat, Awin, and more. Usercentrics provides pre-built setup templates and documentation for these integrations, along with native consent signal routing from the Usercentrics CMP, so your server container knows which events to forward based on each visitor’s consent status.

A server-side request is generated each time an event (pageview, click, conversion, etc.) is sent from your site to your server container. Usercentrics offers a free Starter plan with 20,000 monthly requests so you can measure your actual volume before committing to a paid tier. The ROAS calculator on this page can also help you estimate the impact of server-side tracking on your ad performance.

The Starter plan includes 20,000 server-side requests per month at no cost, with no credit card required. The Starter plan is designed to let you test Server-Side Tagging on your site, measure your actual request volume, and see the impact on your conversion data before scaling to a paid tier.