When you rely solely on client-side parameters like UTM tags, referrers, or cookies, youβre missing a deeper layer of user context. HTTP headers, available only in Server-Side Google Tag Manager (ssGTM), can unlock enhanced attribution signalsβcapturing true source, device characteristics, bot detection, and even email/SMS traffic insights.
π Why Use HTTP Headers for Attribution?
| Header | Attribution Value |
|---|---|
Referer |
Real origin of user (cross-domain) |
User-Agent |
Browser, OS, and device insights |
X-Forwarded-For |
Actual client IP behind proxies |
Accept-Language |
Geographic and language signals |
Host |
Detect subdomain-based split tests |
X-Source-ID (Custom) |
Track unique email/SMS links |
β Prerequisites
- Working Server-Side GTM container hosted at
https://gtm.yourdomain.com - Web GTM container sending requests to the server endpoint
- Access to modify headers in Email/SMS platforms or redirectors
- GA4 Measurement Protocol API Secret (for event forwarding)
- (Optional) CRM or attribution platform integration
π§ Step-by-Step Guide to Use HTTP Headers in ssGTM
πΉ Step 1: Inspect Headers in Incoming Requests
In GTM Server Preview:
- Open the Preview panel.
- Click any request.
- Scroll down to Request Headers to view values like:
{
"user-agent": "...",
"referer": "...",
"x-forwarded-for": "...",
"accept-language": "en-US,en;q=0.9",
"x-source-id": "email_q2_promo" // custom header
}
πΉ Step 2: Create Header-Based Variables in Server-Side GTM
Go to Variables > New
Type: Request Header
Examples:
- Name:
Header - Refererβ Header name:referer - Name:
Header - User Agentβ Header name:user-agent - Name:
Header - IP Addressβ Header name:x-forwarded-for - Name:
Header - Source IDβ Header name:x-source-id
β These are now available to be passed into tags or triggers.
πΉ Step 3: Attach Header Values to GA4 Event Tags
Use Case: Pass refined attribution into GA4
Create a GA4 Event Tag (in ssGTM):
- Event Name:
page_vieworpurchase - Parameters:
referer:{{Header - Referer}}user_agent:{{Header - User Agent}}ip_address:{{Header - IP Address}}source_id:{{Header - Source ID}}
User Properties (Optional):
client_language:{{Header - Accept-Language}}
πΉ Step 4: Use Headers in Conditional Logic for Attribution
Custom Trigger Example:
Fire a special conversion tag only if the traffic came from an email campaign:
Trigger:
Header - Source IDcontainsemail_
This ensures you only attribute conversions to email when explicitly marked in headers.
πΉ Step 5: Inject Custom Headers in Email/SMS Links
When generating outbound links from Klaviyo, Mailchimp, or Postscript:
https://gtm.yourdomain.com/redirect?url=https://yourdomain.com/offer
If your ESP supports it, inject a custom header (e.g., X-Source-ID: email_q3_offer).
πΉ Step 6: Store Header-Based Attribution in a CRM
Use a Webhook or HTTP Request Tag in ssGTM to forward attribution info to your backend:
POST /crm-webhook
{
"user_id": "USER123",
"campaign": "email_q3_offer",
"referer": "https://mail.google.com/",
"user_agent": "Mozilla/5.0...",
"ip_address": "103.25.113.11",
"language": "en-US"
}
This enhances the attribution granularity in your CRM (e.g., Salesforce, HubSpot).
πΉ Step 7: Create Attribution Models in GA4
Go to Admin > Custom Dimensions:
referer_domain(event scope)source_id(event scope)device_info(from user-agent)
In Explore β Path or Funnel Reports:
- Break down by
source_idorreferer - Compare email vs social vs unknown referrers
- Attribute purchases to email/sms clicks even without UTM params
πΉ Step 8: Debugging Tips
- Use Server-Side GTM Preview Mode
- Check full HTTP request β Headers
- Use
console.log()in custom templates to inspect headers - Confirm GA4 receives custom parameters via Realtime DebugView
πΉ Step 9: Security and Compliance Notes
- Never forward or log raw IP addresses without user consent (GDPR/CCPA)
- Do not expose X-Source-ID or internal logic in public-facing JS
- Use hashed identifiers if any user info is included in headers
- Respect Consent Mode: donβt fire GA4 or Ads tags unless consent is granted
jsCopyEditgtag('consent', 'default', {
ad_storage: 'denied',
analytics_storage: 'denied'
});
π₯ Real-World Attribution Scenarios
| Scenario | Header | Usage |
|---|---|---|
| Email click without UTM | referer = mail.google.com |
Tag as email traffic |
| SMS redirect | x-source-id = sms_dec_offer |
Track SMS channel performance |
| Privacy-restricted Safari traffic | Use x-forwarded-for |
Still get IP + geolocation |
| Device-based testing | user-agent |
Identify mobile/tablet behavior |
π¦ Summary Table
| Step | Action |
|---|---|
| 1 | View headers in GTM Server request logs |
| 2 | Create GTM variables for relevant headers |
| 3 | Pass headers as GA4 parameters |
| 4 | Build conditional triggers based on headers |
| 5 | Inject headers via email/sms redirect links |
| 6 | Forward enriched data to backend or CRM |
| 7 | Report on header-based attribution in GA4 |
| 8 | Debug via ssGTM preview |
| 9 | Ensure consent compliance & privacy |
Related posts:
Server-Side Email and SMS Event Tracking Integration
Server-side Tracking Facebook Conversions API (CAPI) with Event Match Quality
Set Up Server-Side GA4 Tracking for Enhanced Ecommerce tracking
π Advanced Guide to Facebook Conversion API (CAPI) Setup via GTM Server for eCommerce
Server-Side Integration TikTok events API using Google Tag Manager
Implementation Server-side Snapchat Conversion API using Google Tag Manager
Google Ads Enhanced Conversions with Server-Side Tagging
TikTok Events API Server-Side Tracking for eCommerce Stores