Enhanced Conversions and the Server-Side Conversion API

Redaktion ·

Classic conversion tracking ran in the browser via third-party cookies for years. It works worse and worse: consent rejection, cookie lifetimes of sometimes just 24 hours under ITP, ad blockers and script errors all punch holes in the data. Enhanced conversions and server-side tracking are Google’s answer — they recover conversions that pure client-side tracking loses, without bypassing privacy rules.

Why client-side tracking goes leaky

The browser is a hostile environment for measurement today. Apple’s Intelligent Tracking Prevention (ITP) drastically cuts the lifetime of client-side cookies. If a user rejects cookies, the classic tag drops out entirely. Ad blockers kill tracking scripts before they fire. The result: you pay for clicks, but a growing share of real conversions never shows up in Google Ads. That distorts every bid, every target ROAS, every optimisation.

What enhanced conversions are

Enhanced conversions supplement your existing conversion tracking — they don’t replace it. When a conversion happens, first-party data — such as the email address the customer already entered in the form — is hashed with SHA-256 before sending and passed to Google. Google matches this hash against signed-in Google accounts that interacted with your ads, recovering a conversion the cookie would have lost.

The point of hashing: the raw data doesn’t leave your context in clear text. SHA-256 is one-way; Google sees the hash, not the email. That’s exactly what makes the method more privacy-friendly than plain-text uploads — but it doesn’t free you from the consent obligation (see below).

For Web vs. for Leads

There are two flavours for different conversion types.

Enhanced Conversions for Web measures online conversions that happen directly on the website — purchase, sign-up, lead form. On firing, the hashed user-provided data is sent along and matched with signed-in Google accounts.

Enhanced Conversions for Leads targets the offline close after a web lead. The typical case: someone fills in a form, but the deal only closes days later in the CRM or by phone. The hashed lead-form data is paired with later-imported offline conversions, so the offline revenue is attributed back to the campaign. That’s the key for long sales cycles.

The step to server-side tracking

Enhanced conversions improve matching; server-side tagging moves the measurement itself. Instead of firing directly in the browser, the tag fires in a server container (e.g. server-side Google Tag Manager) that you control. The browser only sends the event to your server, which then forwards it to Google — the server-side endpoint, or Conversion API.

The gain (industry figures as of 2026): server-set first-party cookies can persist up to two years instead of the few days under ITP, and measurement is more robust against ad blockers and browser restrictions. It’s reported that server-side tracking can recover up to around 30 percent of otherwise-lost conversion data — that’s an industry benchmark, not a guaranteed value for your account. Across the industry, server-side is increasingly the standard in 2026, not a luxury.

Setup overview: you set up enhanced conversions via the Google tag, Google Tag Manager, or the API. Server-side tagging additionally needs a server container (often hosted as a cloud service).

Here’s the most important sentence, because it’s often misunderstood: server-side tracking does not bypass consent. A common misconception is that moving to your own server escapes the consent obligation. That’s false. Even server-side, Google Ads conversion tags may only fire when valid consent exists and is signalled via Google Consent Mode v2.

If a user declines, the tag sends so-called cookieless pings — limited, aggregated signals from which Google estimates modelled conversions. So server-side buys you more control over the data pipeline and steadier measurement for consented users, not the right to track without consent.

Pitfalls and trade-offs

Complexity. Server-side setup is harder than a browser tag: host the container, wire up endpoints, test. That costs setup and maintenance.

False sense of privacy. Selling server-side as a consent workaround risks legal trouble. Consent Mode v2 is mandatory, not optional.

Garbage in, garbage out. Enhanced conversions only match with clean first-party data. Typos, missing fields or wrong hashing lower the match rate.

Expectation management. The 30-percent recovery is an upper figure from case studies. Realistically the effect depends on your consent share, data quality and industry.

FAQ

What are enhanced conversions? A supplement to existing conversion tracking: when a conversion fires, hashed first-party data (e.g. email via SHA-256) is also sent to Google. Google matches the hash with signed-in accounts and recovers conversions the cookie would have lost.

What’s the difference between for Web and for Leads? For Web measures online conversions directly on the website. For Leads targets offline closes after a web lead: hashed form data is paired with later-imported offline conversions to attribute long sales cycles.

What does server-side tracking add over client-side? Measurement runs in a server container instead of the browser. It’s more robust against ad blockers and ITP, and server-set cookies last longer. Up to around 30 percent recovered data is reported (an industry benchmark, not a guaranteed value).

Can I track without consent using server-side? No. Server-side tracking does not bypass the consent obligation. Google Ads tags may only fire with valid consent, signalled via Consent Mode v2. On rejection there are only cookieless pings and modelled conversions.

How do I set up enhanced conversions? Via the Google tag, Google Tag Manager, or the API. You must capture and hash the user-provided fields (e.g. email) correctly. For server-side, an additional server container is required.