PPC Tracking After Third-Party Cookies: What Needs to Change

Third-party cookies have been the backbone of paid search conversion tracking for over a decade. They made it straightforward to follow a user from ad click through to form submission, phone call or purchase. That era is ending. Browser-level restrictions from Safari and Firefox have already blocked third-party cookies by default, Chrome has introduced user-level controls through its Privacy Sandbox initiative. Privacy regulations across the UK and EU continue to tighten what data advertisers can collect without explicit consent. For any business running paid media campaigns, the question is no longer whether tracking will change but how to adapt before performance data degrades further. Priority Pixels provides PPC management services for UK businesses and this shift is something we’ve been preparing clients for across every major ad platform.

The practical impact is already visible in campaign dashboards. Finding an agency that understands these shifts is critical, and our PPC agency selection guide covers what questions to ask. Conversion counts that once closely matched CRM records now show widening gaps. Attribution windows have shortened. Remarketing audiences are shrinking because browsers no longer allow cross-site tracking pixels to build those lists in the background. Google, Microsoft, Meta and LinkedIn have all responded with platform-specific tools designed to preserve measurement accuracy, but each takes a different approach. Understanding which tools apply to your campaigns and how they interact with consent requirements is where many advertisers are struggling.

Why Third-Party Cookie Loss Hits PPC Harder Than You Might Expect

Organic search analytics can survive on aggregate data. You can measure traffic trends, keyword rankings and engagement metrics without needing to tie individual sessions back to specific users. Paid media is different. Every conversion needs to be attributed to a click, a keyword, an ad group and a campaign so that bidding algorithms can optimise spend. When that attribution chain breaks, it’s not just reporting that suffers. Automated bidding strategies like Target CPA, Target ROAS and Maximise Conversions rely on accurate conversion signals to function properly. Feed them incomplete data and they’ll make poor decisions with your budget.

The issue compounds across longer sales cycles. B2B campaigns where a prospect might click an ad, visit the site three times over two weeks and then fill in a contact form are particularly vulnerable. Each of those return visits previously relied on third-party cookies to stitch the journey together. Without them, the conversion appears as a direct visit with no ad attribution, which means the campaign that generated the lead gets no credit. Over time, this leads to high-performing campaigns being paused or having budgets cut because the data suggests they aren’t performing.

Server-Side Tagging as a Foundation

Server-side tagging has moved from a technical curiosity to a practical necessity for advertisers who want reliable conversion data. The concept is relatively straightforward. Instead of loading tracking scripts directly in the user’s browser (client-side), you route tracking data through your own server first. This server acts as an intermediary between the user’s browser and the ad platforms, processing and forwarding conversion data in a controlled environment.

Google Tag Manager’s server-side container is the most widely adopted implementation. It runs on a cloud server (typically Google Cloud or a similar provider) and receives data streams from your website. From there, it forwards relevant events to Google Ads, Microsoft Ads, Meta and any other platform you’re running campaigns on. The key advantage is that data sent server-to-server isn’t subject to browser-level blocking. Ad blockers, ITP restrictions in Safari and cookie consent rejections don’t prevent server-side events from reaching the ad platforms.

There are trade-offs worth understanding. Server-side tagging requires infrastructure costs for hosting the container, typically between a few pounds and a few hundred pounds per month depending on traffic volume. It also needs technical expertise to configure correctly. Poorly implemented server-side setups can make tracking worse by creating duplicate events or dropping data. The initial configuration takes longer than a standard client-side setup, but once running it provides a much more resilient data pipeline that won’t degrade every time a browser updates its privacy policies.

Enhanced Conversions and the Shift to First-Party Data

Enhanced conversions represent Google’s most accessible response to cookie-based tracking limitations. The mechanism works by capturing hashed first-party data (email addresses, phone numbers or physical addresses) that a user provides when completing a conversion on your site. This hashed data is then matched against Google’s logged-in user base to attribute the conversion back to the correct ad click, even when cookies aren’t available.

Setting up enhanced conversions in Google Ads can be done through Google Tag Manager, the Google tag or the Google Ads API. The tag-based approach is the simplest for most advertisers. You identify the form fields on your conversion pages that capture user data, map them to the appropriate enhanced conversion variables and the tag handles the hashing and transmission automatically. No personally identifiable information is sent in plain text.

Microsoft Ads has introduced a similar feature called Enhanced Conversions which functions almost identically. Microsoft Ads campaigns benefit from the same hashed-data matching approach, using the Universal Event Tracking tag with additional configuration to capture first-party identifiers. Meta’s Conversions API follows a parallel logic, sending server-side events enriched with hashed customer data to improve match rates for Facebook and Instagram ad attribution.

The common thread across all of these is a shift from passive tracking (dropping cookies without the user’s knowledge) to active data collection (using information the user has voluntarily provided). This is a fundamental change in how conversion tracking works. It means your forms, checkout flows and lead capture mechanisms become direct inputs to your advertising measurement infrastructure.

Consent Mode V2 and What It Means for UK Advertisers

Google’s Consent Mode was introduced to bridge the gap between privacy compliance and advertising measurement. The original version allowed websites to adjust how Google tags behave based on a user’s consent choices. If someone declined analytics cookies, the tag would still fire but in a restricted mode, sending cookieless pings that Google could use for modelled conversions rather than observed ones. Consent Mode V2 expanded this with two additional parameters: ad_user_data and ad_personalisation. These give more granular control over whether user data can be used for advertising purposes and whether ads can be personalised based on that data.

For UK businesses operating under the UK GDPR and PECR regulations, Consent Mode V2 isn’t optional if you want to maintain remarketing capabilities and conversion modelling in Google Ads. Without it configured properly alongside a compliant consent management platform, Google will eventually stop modelling conversions for non-consenting users entirely. That means your reported conversion numbers could drop significantly, not because fewer people are converting but because Google can’t attribute those conversions without consent signals.

The implementation requires a consent management platform (CMP) that integrates with Google’s consent framework. Tools like Cookiebot, OneTrust and Complianz all support Consent Mode V2. The CMP captures the user’s preferences and passes consent states to Google’s tags in real time.

With Consent Mode V2 configured correctly, Google can model conversions for users who decline cookies. Without it, those conversions are lost from your reporting entirely.

When consent is granted, tags operate normally with full cookie access. When consent is denied, tags switch to restricted mode and Google fills the measurement gap with statistical modelling based on the behaviour patterns of consenting users. The modelling isn’t perfect, but it recovers a significant portion of conversion data that would otherwise disappear from your campaign reports.

Platform-by-Platform Tracking Approaches

Each major ad platform has taken a slightly different approach to cookieless tracking. The table below summarises the primary tools available across the four platforms most commonly used in B2B and service-sector campaigns.

Google and Microsoft have the closest feature parity because Microsoft’s tracking infrastructure has historically followed Google’s lead. The two platforms support server-side tagging through GTM containers and offer enhanced conversions using hashed first-party data. They also integrate with Consent Mode frameworks. The differences are mostly in maturity and documentation quality. Google’s implementation guides are more detailed, while Microsoft’s advertising documentation has been catching up over the past year.

Meta Ads campaigns rely heavily on the Conversions API (CAPI), which operates as a server-to-server connection between your website and Meta’s advertising infrastructure. CAPI can run alongside the Meta Pixel, creating a dual-tracking setup where browser-side and server-side events are deduplicated automatically. This redundancy means that even if the pixel is blocked by a browser or ad blocker, the server-side event still registers. For B2B advertisers running lead generation campaigns on Facebook or Instagram, CAPI has become almost mandatory to maintain accurate cost-per-lead reporting.

LinkedIn’s Conversions API is newer but follows the same principles. It’s particularly relevant for B2B campaigns where LinkedIn advertising often targets senior decision-makers in longer sales cycles. The ability to send offline conversions (such as a qualified lead status from your CRM) back to LinkedIn through the API means you can optimise campaigns against outcomes that happen well after the initial click, without relying on cookies to maintain that attribution chain.

Offline Conversion Imports and CRM Integration

For B2B businesses with sales cycles measured in weeks or months rather than minutes, offline conversion imports solve a problem that cookies never addressed well even when they worked. The concept is simple: you capture a click identifier (GCLID for Google, MSCLKID for Microsoft) when a prospect arrives on your site, store it in your CRM alongside the lead record and then upload conversion data back to the ad platform once that lead reaches a meaningful stage in your pipeline.

This approach sidesteps cookie deprecation entirely because the attribution link is maintained through the click identifier stored in your own database rather than through browser cookies. A prospect could clear their cookies, switch devices and come back through a different browser entirely. As long as the original GCLID or MSCLKID is attached to their CRM record, the conversion can still be attributed to the correct campaign when it’s imported back to the ad platform.

Google Ads supports offline conversion imports through manual CSV uploads as well as automated integrations via the Google Ads API. The API route is more practical for businesses processing a high volume of leads because it can be triggered automatically whenever a CRM record reaches a specific status. Microsoft Ads offers a near-identical process using MSCLKID values. The data feeds into the same bidding algorithms as online conversions, which means your automated bidding strategies can optimise towards qualified leads rather than just form fills.

The main challenge with offline conversion imports is the time lag. If your average sales cycle is 60 days, Google’s bidding algorithm needs to wait that long before it sees whether a click led to a conversion. This can make the learning period for new campaigns longer, though Google’s conversion value rules and adjusted conversion windows help mitigate the delay. Setting interim micro-conversions (such as “sales-qualified lead” status) with shorter lag times gives the algorithm more frequent signals to work with while you wait for final outcomes.

Building a First-Party Data Strategy That Delivers Results

The phrase “first-party data strategy” risks sounding like a buzzword, but the practical steps behind it are concrete. At its core, you’re building systems that capture, store and activate data that users voluntarily share with your business. For PPC tracking specifically, this means capturing email addresses, phone numbers and other identifiers at every reasonable touchpoint on your website and connecting those identifiers to your advertising infrastructure.

Every interaction where a user voluntarily provides their details creates a data point you can use for conversion matching. Common touchpoints that generate usable first-party data include:

• Newsletter sign-ups and email subscription forms
• Gated content downloads such as whitepapers or guides
• Enquiry forms and callback request pages
• Live chat interactions where users provide contact details
• Account registration and login flows

Each of these touchpoints can feed into enhanced conversions, CAPI events or CRM-based offline imports. The businesses that will maintain the most accurate PPC tracking over the next few years are those with the most touchpoints capturing first-party data, because each one creates another opportunity to match an ad click to a conversion without relying on cookies.

There’s a consent dimension to this as well. First-party data is only usable for advertising purposes if the user has given appropriate consent under UK GDPR and PECR. Your consent management platform needs to distinguish between different purposes. Someone consenting to receive email newsletters hasn’t necessarily consented to their email address being hashed and sent to Google for conversion matching. Making these distinctions clear in your privacy notice and consent flows is a legal requirement as well as a practical one, because platforms like Google will increasingly refuse to process data that lacks proper consent signals.

What to Prioritise Right Now

Not every business needs to implement every tracking solution simultaneously. The right approach depends on your campaign complexity, sales cycle length and technical resources. For most B2B advertisers running campaigns across Google and one or two other platforms, there’s a logical order of priority.

• Implement enhanced conversions on Google Ads first. This has the lowest technical barrier and the highest immediate impact on conversion data accuracy. Most setups can be completed through Google Tag Manager in an afternoon
• Configure Consent Mode V2 with a compliant CMP. This protects your access to modelled conversions and remarketing audiences. Without it, you’ll lose data progressively as Google tightens enforcement
• Set up the Conversions API for Meta if you’re running Facebook or Instagram campaigns. CAPI paired with the pixel creates the redundancy needed to maintain reliable attribution
• Evaluate server-side tagging if you’re spending significantly on paid media or operating in a privacy-sensitive sector like healthcare or financial services. The infrastructure cost is justified by the improvement in data quality
• Build offline conversion imports if your sales cycle extends beyond a single session. This is the only way to give bidding algorithms visibility into what happens after a form fill

The transition away from third-party cookies isn’t a single event with a fixed deadline. It’s a gradual shift that has been under way for several years and will continue to accelerate. Safari and Firefox users (roughly 30-40% of UK web traffic depending on your audience) have already been invisible to traditional cookie-based tracking for some time. Chrome’s Privacy Sandbox changes extend that to the remaining majority. The businesses that treat this as a phased infrastructure project rather than a panic response will come out of it with tracking setups that are more accurate, more compliant and more resilient than what they had before.

Getting cookieless PPC tracking right requires careful configuration across multiple platforms, each with its own implementation requirements and consent obligations. The technical detail matters because poorly configured enhanced conversions or a misconfigured Consent Mode setup can be worse than no setup at all, feeding bad data into bidding algorithms and distorting campaign performance. If you’re unsure where your current tracking stands, a structured audit of your conversion tracking setup across all active platforms is the most productive place to start.