It’s safe to say that, at this point, any data you are reporting on isn’t the full amount. Even if you haven’t implemented cookie consent banners for GDPR or CCPA, there are other ways users can prevent their behavior from being tracked, such as features built into their browsers like Intelligent Tracking Prevention in Safari, or Enhanced Tracking Protection in Firefox. Browsers like Brave provide “Shields” that prevent tracking scripts from being loaded. Old-school extensions like Ad-Blockers are used for less technical folks, and browsers have made a cookie’s life span much shorter (1-7 days), making most returning visitors appear new. And for more technical users who use Google Consent Mode, no real data is sent. What is sent is simply modeled data that makes strong assumptions and is completely unreliable for websites with lower traffic.
Source of Data Loss
It’s easy to assume website owners lose up to 70% of their data because modern privacy controls block or limit client-side tracking, meaning analytics scripts never load, never fire, or cannot retain data long enough to be useful.
Here is a likely breakdown of cause and data loss:
- Consent not given: 20-40% data loss
- Browser tracker blocking: 20-35% data loss
- Ad blockers & extensions: 10-30% data loss
- Cookie expiration: 10-20%
- Consent Model modeling gaps: 5-15%
And this is the common outcome in audiences outside of the EU. It becomes worse for European Union (EU) audiences, with data loss up to 80-90%.
Solution
One of the best ways to stop losing so much data is to switch to a first-party data plan that uses server-side tagging. Instead of having your tracking tools run in the user’s browser—where they get blocked by privacy settings, ad blockers, or consent pop-ups—you move the tracking to your own website’s server. This makes the data appear to come straight from your site, so browsers trust it and are less likely to block it. Server-side tagging also lets you control exactly which information you collect and share, helping you stay on the right side of GDPR and other privacy rules.
Here is a high-level overview of a server-side tagging solution.
With server-side tagging, you basically get back all the data lost to browser blocking, ad blockers, and other technical measures.
Server-side tracking can technically collect more data than browsers allow, but you’re still legally required to honor GDPR consent rules. If you send personal data to tools like GA4, Meta, or HubSpot without consent, it’s still a violation. But you can send data to privacy-first analytics tools like Fathom or Plausible without consent because they anonymize it.
My Recommendation
For a website under 200k page views a month that still desires robust reporting, you probably don’t want to build everything from scratch. There are managed services that host the server container for you and act as a central “hub” for first-party events. All of these options follow the same basic pattern: your site sends simple, privacy-safe events to a server you control, and that server is the only one that communicates with Google Analytics, ad platforms, and other tools.
I suggest the following approach.
- Select a “first-party” server-side tagging solution like Cloudflare Zaraz or something similar and connect all of your analytics accounts like HubSpot, GA4, Meta, Fathom, etc.
- Choose a backup “privacy-first” analytics solution like Plausible or Fathom as an alternative (backup) to Google Analytics.
- Implement your consent method and integrate with your SST solution. For example, Zaraz has a “setConsent” method in their API that allows you to direct it appropriately.
Implementing this stack for your data collection will allow you to use different data sources for specific reasons. You would get all the data back that was lost due to modern browser privacy settings and ad blockers. When consent is given, all of your data flows to your other tools. When a user doesn’t consent, their privacy is respected, and you have a backup analytics tool to provide the data that you missed out on before.
Even if you do not need to ask for consent based on your business and privacy requirements, I still recommend implementing a server-side tagging solution like Zaraz at a minimum, and for extra credit, a privacy-first analytics backup to validate the data you see in GA4.
