Google Tag Gateway Recovers Lost Conversions Fast — But It Has Three Gaps
TL;DR:
where
how
/g/collect
What Google Tag Gateway actually does
Tag Gateway serves Google’s tracking scripts from your own domain instead of Google’s — a real improvement, but a narrow one.
Google Tag Gateway, previously called First-Party Mode, does one specific thing: it serves Google’s measurement scripts — gtag.js, the GA4 and Google Ads tags — from your own domain instead of from googletagmanager.com. Because the scripts now load from a first-party origin, domain-based blocking can’t catch them as easily, and the requests look like they belong to your site rather than to a third party.
The recovery is real. Google’s own aggregated, self-reported figures attribute about 14% more measured conversions and roughly 7% lower CPA to Tag Gateway. It takes about ten minutes to set up. For most WooCommerce stores running Google Ads, that’s a clear win worth claiming.
But here’s the thing: it changes where Google’s scripts load from. It does not change how your cookies are written, it does not touch non-Google vendors, and it does not move event processing onto infrastructure you control. Those distinctions are exactly where the three gaps live.
Google’s own aggregated figures attribute about 14% more measured conversions and roughly 7% lower CPA to Tag Gateway — but it changes only where Google scripts load, not how cookies are written.
Gap 1: It’s Google-only — Meta and TikTok stay blocked
Tag Gateway covers GA4, Google Ads, and Floodlight — and nothing else.
The first gap is scope. According to Google for Developers, Tag Gateway covers Google products only: GA4, Google Ads, and Floodlight. Meta Pixel, TikTok Pixel, and LinkedIn Insight tags remain third-party scripts — and they keep getting blocked by Safari ITP, Firefox Enhanced Tracking Protection, and every ad blocker that was already dropping them.
For a WooCommerce store that runs Meta and Google ads side by side, this is a lopsided fix. Your Google conversion data improves by double digits while your Meta conversion data stays exactly as lossy as it was. If you’re optimising Meta campaigns on that data, Tag Gateway hasn’t helped you at all on that side of the ledger.
You may be interested in: Safari 26 is stripping gclid and fbclid — why WooCommerce attribution needs a server-side net
Gap 2: The /g/collect path is still detectable
Serving from your domain defeats domain blocking — but the request path still carries Google’s signature.
The second gap is subtler. Tag Gateway moves the script origin to your domain, which defeats blockers that work by blocking known third-party domains. But the requests Google’s scripts send still carry recognisable path signatures — most notably /g/collect, the endpoint GA4 uses to send event data.
Signature-matching blockers like uBlock Origin and Ghostery don’t only match on domain — they match on URL patterns too. A request to yourstore.com/g/collect still looks like GA4 telemetry to a pattern-matching filter, so those blockers can still catch and drop it even though it’s now first-party.
A server-side endpoint sidesteps this entirely, because you define the path. Events go to a custom endpoint on your infrastructure that carries none of Google’s known signatures, so there’s nothing for a signature filter to match against.
Tag Gateway keeps Google path signatures like /g/collect in the request URL, so signature-matching blockers such as uBlock Origin and Ghostery can still detect and drop those requests by pattern, not domain.
Gap 3: Safari’s 7-day cookie cap is untouched
This is the gap that costs the most attribution — and the one Tag Gateway does the least about.
The third gap is the one with the biggest impact on attribution windows. Safari’s Intelligent Tracking Prevention caps JavaScript-written cookies at 7 days — and just 24 hours for traffic that arrives with link decoration (click IDs in the URL). After that window, the cookie is gone and the visitor looks new.
Tag Gateway changes where scripts load, not how cookies are written. The cookies are still written by JavaScript, in the browser, so Safari’s 7-day cap applies exactly as before. A shopper who clicks your ad, browses, and comes back 10 days later to buy is invisible to Tag Gateway’s attribution — the cookie expired on day 7.
This is where server-set cookies change the game. HTTP cookies set by your server from a first-party origin sit outside ITP’s 7-day JavaScript cap and can persist 365+ days, restoring the long attribution windows that Tag Gateway simply cannot reach. The difference isn’t incremental — it’s the gap between a 7-day window and a year-long one.
You may be interested in: Why server-side tracking is still essential even after Google cancelled Privacy Sandbox
What a full server-side pipeline closes
A complete first-party pipeline addresses all three gaps at once — and adds capabilities Tag Gateway was never designed for.
A full server-side pipeline receives events on your own infrastructure, enriches them, and routes them to multiple destinations before sending. That architecture closes every gap Tag Gateway leaves open:
| Capability | Google Tag Gateway | Full server-side pipeline |
|---|---|---|
| Google conversion recovery | ~14% more conversions | ~95%+ of browser-lost events |
| Meta / TikTok / LinkedIn | Not covered — stays blocked | Routed server-side to each vendor |
| Request path signature | Keeps /g/collect (detectable) | Custom endpoint (no known signature) |
| Safari cookie lifetime | 7-day JS cap (unchanged) | Server-set HTTP cookies, 365+ days |
| Data ownership | Google processes the data | Your BigQuery, enriched before send |
| Setup effort | ~10 minutes | Higher, but one-time |
The pipeline also captures roughly 95% or more of events the browser would otherwise lose, and it lets you enrich and route data to non-Google vendors and into BigQuery before anything is sent. That last point matters for more than recovery: owning the data in BigQuery means you can model, attribute, and build first-party audiences on your own terms, rather than handing the only copy to Google.
So should you turn it on?
The question isn’t Tag Gateway versus server-side. It’s whether Tag Gateway is enough on its own.
Yes — turn Tag Gateway on. It’s a ten-minute change that recovers a real slice of Google conversions, and there’s no reason to leave that on the table. The mistake is treating it as the finish line.
If you run Meta or TikTok ads, if Safari is a meaningful share of your traffic, or if you want your conversion data in BigQuery for your own modelling, Tag Gateway is a starting point, not a solution. And the two aren’t mutually exclusive — Tag Gateway can run as one input into a larger server-side pipeline, so adopting it now doesn’t lock you out of the full architecture later.
The June 15, 2026 ad_storage consent change raised the stakes on owning a durable first-party signal. Tag Gateway is Google’s answer for Google’s own products. The three gaps it leaves are precisely the ones a full first-party pipeline was built to close.
You may be interested in: How Google’s June 15 consent change broke WordPress phone-call attribution
Key Takeaways
- Tag Gateway is a real but narrow fix: It recovers roughly 14% more Google conversions and cuts CPA about 7% by serving Google scripts from your domain — in about ten minutes.
- Gap 1 — Google-only: It covers GA4, Google Ads, and Floodlight. Meta, TikTok, and LinkedIn tags stay third-party and keep getting blocked.
- Gap 2 — detectable path: It keeps the
/g/collectsignature in the URL, so pattern-matching blockers like uBlock Origin and Ghostery can still drop the requests. - Gap 3 — Safari’s 7-day cap: It changes where scripts load, not how cookies are written, so Safari’s 7-day JavaScript cookie cap stays exactly where it was.
- A full pipeline closes all three: Server-set HTTP cookies persist 365+ days, events route to every vendor plus BigQuery, and roughly 95%+ of browser-lost events are recovered.
No. Tag Gateway (formerly First-Party Mode) changes only where Google’s tracking scripts load — serving them from your own domain instead of googletagmanager.com. It does not move event processing to a server you control, it does not change how cookies are written, and it does not handle non-Google vendors. True server-side tracking receives, enriches, and routes events from your own infrastructure.
No. Tag Gateway covers Google products only — GA4, Google Ads, and Floodlight. Meta Pixel, TikTok Pixel, and LinkedIn Insight tags remain third-party scripts and continue to be blocked by Safari ITP, Firefox ETP, and ad blockers. To recover Meta and TikTok conversions you need a full server-side pipeline that can route to multiple vendors.
No. Safari’s Intelligent Tracking Prevention caps JavaScript-written cookies at 7 days, and 24 hours for link-decorated traffic. Tag Gateway changes where scripts load, not how cookies are written — they’re still written by JavaScript, so the 7-day cap stays. Only server-set HTTP cookies from a first-party origin sit outside that cap and can persist 365+ days.
Partially, yes. Tag Gateway serves scripts from your domain, which defeats domain-based blocking. But it keeps Google path signatures like /g/collect in the request URL, so signature-matching blockers such as uBlock Origin and Ghostery can still detect and drop those requests by pattern. A server-side endpoint with a custom path avoids the known signatures entirely.
Tag Gateway is a fast, low-effort first step that recovers a meaningful slice of Google conversions in minutes — it’s worth turning on. But it’s a partial fix, not a destination. If Meta and TikTok matter, if you have significant Safari traffic, or if you want data in BigQuery for your own modelling, a full server-side pipeline is the structural answer. The two aren’t mutually exclusive — Tag Gateway can run as one input into a larger pipeline.
References
- Google for Developers — Tag Gateway / server-side dependency serving, 2026
- Apple WebKit — Intelligent Tracking Prevention, 2026
- Seresa — Safari 26 Strips Click IDs: WooCommerce Attribution Needs a Server-Side Net, 2026
- Seresa — Google Killed Privacy Sandbox: Do WooCommerce Stores Still Need Server-Side Tracking?, 2025
Google Tag Gateway recovers your Google conversions — but Meta, your Safari shoppers, and signature-blocked traffic stay lost. The Transmute Engine™ routes every event server-side to all your vendors and into BigQuery, with first-party cookies that outlast Safari’s 7-day cap. See how the full pipeline works at seresa.io.