Categories
GTM

First-party GTM: Why We Moved Away from Third-party Analytics

Modern browsers, ad-blockers, and privacy regulations are steadily killing traditional third-party analytics setups. For us, this became the main reason to migrate Google Tag Manager (GTM) from a third-party domain to a first-party one.

The Problem with Third-party GTM

A classic GTM integration looks like this:

https://www.googletagmanager.com/gtm.js?id=GTM-XXXX

This approach has several practical issues:

  • Ad-blockers often block googletagmanager.com
  • Browsers increasingly restrict third-party cookies
  • Lower data quality (missing page views, sessions, events)
  • Compliance complications (GDPR, consent management)

In short: your analytics slowly becomes blind, especially on modern browsers.

Why First-party GTM Helps

With first-party GTM:

  • GTM is loaded from your own domain
  • Requests look like regular site traffic
  • Much harder to block
  • Better data completeness
  • Cleaner GDPR story (still needs consent, but more predictable)

Instead of a Google domain, the browser sees:

https://www.example.com/first-party-gtm/

High-level architecture

Browser
  |
  |  GET /first-party-gtm/?id=GTM-XXXX
  v
Nginx (reverse proxy)
  |
  |  proxy_pass
  v
googletagmanager.com

Example: Nginx Configuration

location /first-party-gtm/ {
        proxy_pass https://$gtm_id.fps.goog;
        # Since we are using host as variable, we need resolver
        resolver 1.1.1.1 8.8.8.8 valid=300s;
        resolver_timeout 5s;

        proxy_ssl_name $gtm_id.fps.goog;
        proxy_ssl_server_name on;

        proxy_set_header Host $gtm_id.fps.goog;

        # Forward client-related headers
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header X-Forwarded-Host       $host;
        proxy_set_header X-Forwarded-Uri        $request_uri;
        proxy_set_header X-Forwarded-Country    $geoip2_data_country_code;
        proxy_set_header X-Forwarded-Region     $geoip2_data_region_code;

        # Do not cache Google tag responses on Nginx level
        proxy_no_cache      1;
        proxy_cache_bypass  1;
}

Important Notes

  • Consent is still required (this is not a GDPR workaround)
  • Verify with DevTools → Network that requests hit your domain
  • Monitor errors carefully after rollout
  • Roll out gradually if possible

Result

After switching to first-party GTM we observed:

  • Fewer blocked requests
  • More stable analytics data
  • Cleaner observability in logs
  • Better long-term compatibility with browser privacy changes

Leave a Reply

Your email address will not be published. Required fields are marked *