- The paper presents a novel multi-modal value-template approach using network requests, cookies, and window variables to detect sGA.
- It achieves 99.8% accuracy and a meta-classifier F1 score of 97.17%, demonstrating strong resilience against evasion techniques.
- The study finds that 4.21% of top domains deploy sGA, exposing significant challenges in maintaining tracking transparency and privacy.
SST-Guard: Detecting and Characterizing Server-Side Google Analytics
Motivation and Context
Server-side tracking (SST) has emerged in response to increased privacy protections in browsers and widespread deployment of filter lists for blocking client-side tracking. While conventional defenses rely on identifying direct client-to-tracker communication, SST shifts data reporting through publisher-controlled or intermediary endpoints, fundamentally weakening these defenses. Google Analytics, the dominant third-party tracker, has actively promoted server-side deployments, making accurate detection of sGA a critical challenge for ecosystem transparency and user privacy.
Figure 1: Distinction between client-side (top) and server-side (bottom) tracking architectures, highlighting how SST obscures direct tracker communication.
SST-Guard System Overview
SST-Guard leverages a multi-modal strategy to detect sGA, focusing on semantic artifacts left in the browser irrespective of endpoint customization or payload obfuscation. The key innovation is a value-template approach, using regular expressions across three modalities—network requests, cookies, and window variables—to identify GA-specific artifacts. Feature extraction yields binary vectors per domain/request, enabling real-time classification via Logistic Regression.
Figure 2: SST-Guard design pipeline: web crawl, value template generation, feature extraction, classifier training, artifact removal, and sGA detection.
SST-Guard achieves strong detection metrics, validated against ground truth from Google Tag Assistant on Tranco top-10k domains. On the sGA evaluation set, the network request classifier demonstrated 99.8% accuracy, with meta-classifier achieving F1 of 97.17%. Ensemble modalities proved robust against adversarial customizations, especially base64-encoded requests deployed as evasions. Window variable classifiers maintained resilience due to API stability constraints in developer tooling, even when network and cookies were obfuscated.
Figure 3: Google Tag Assistant interface during server-side tracking detection, as used for ground truth validation.
sGA Ecosystem Characterization
SST-Guard's deployment across Tranco top-150k domains revealed sGA on 4.21% (6,314) domains, with 40,199 sGA requests. Subdomain-based routing dominated (81.59%), but 18.4% used path-based routing, evading subdomain analysis and filter lists. Analysis showed extensive use of CNAME cloaking (21.05%) and direct A/AAAA records (73.51%), frequently delegating hosting to Google, Stape.io, and AWS.
Figure 4: Typical sGA deployment scenarios, including first-party endpoints, load balancer routing, and cloud-hosted containers via CNAME/A-records.
Subdomain naming was highly varied, with sgtm, gtm, and sst as the most common prefixes.


Figure 5: Frequency distribution of subdomain prefixes in sGA deployment, demonstrating naming diversity.
Network level analysis via DNS resolution and ASN mapping confirmed infrastructure delegation, undermining DNS-based and browser CNAME defenses.
Figure 6: Sankey diagram illustrating network-level routing, including CNAME cloaking and infrastructure shifts to external providers.
Payload and Filterlist Evasion
Payload analysis indicated high prevalence of standard GA keys (97.3%) but also substantial customization (96.6% non-standard parameters). Advanced evasion included base64 encoding, custom query parameters, and path endpoints beyond /g/collect. EasyPrivacy blocked only 93.5% of detected sGA requests, failing for customized or obfuscated deployments.
SST-Guard is deployed as a Chrome Manifest V3 extension with negligible performance impact, confirmed via page load time benchmarks against vanilla Chrome and uBlock Origin Lite. On domains with intensive obfuscation (e.g., themeisle.com, shapeways.com), window variable and cookie modalities reliably detected sGA where network-based classification failed.

Figure 7: Cumulative distribution of mean page load time change induced by SST-Guard vs. baseline and filter-list extensions.
Implications and Future Directions
SST-Guard exposes the fragility of endpoint-based and DNS-level defenses under SST and provides actionable intelligence for enhancing filter lists (e.g., EasyPrivacy) through empirical feedback. Its value-template approach is theoretically extensible to other trackers if ground truth artifacts are available. However, the system relies on semantic invariants; approaches like direct Measurement Protocol usage or full custom events may require integrating taint tracking or cross-layer data flow analysis.
From a regulatory and auditing perspective, SST complicates compliance verification, reducing transparency and user agency. As SST adoption grows, browser and filter-list maintainers must adapt by leveraging behavioral and value-based detection rather than static pattern matching.
Conclusion
SST-Guard demonstrates that robust sGA detection requires multi-modal artifact analysis rather than endpoint inspection alone. Its high-accuracy classifiers, resilience under adversarial conditions, and practical deployment underscore its utility for privacy researchers and tool builders. The observed ecosystem trends—endpoint customization, infrastructure delegation, and payload obfuscation—indicate that future defenses must prioritize semantic behavior over legacy client-side assumptions. SST-Guard's methodologies offer a foundation for systematic tracking detection adaptable to evolving web architectures.
(2604.27497)