# Server-Side Analytics vs Client-Side SDKs
There are two fundamentally different places to measure what happens in your product: in the user's browser (client-side SDK) or in your own infrastructure (server-side). Both have been the "obvious" choice at different points in the last decade. This is an honest comparison so you can pick the right one — or the right blend.
How each approach works
Client-side SDK. You drop a JavaScript snippet into your frontend. It runs in the browser, captures pageviews, clicks, and custom events, and ships them directly to an analytics endpoint (your own or a vendor's).
<script src="https://cdn.analytics.example/sdk.js"></script>
<script>
analytics.track('checkout_completed', { plan: 'pro', amount: 15 });
</script>Server-side. Your backend — or an edge proxy in front of it — records events as it handles requests. No browser code required.
# inside your request handler
analytics.capture(
event="checkout_completed",
properties={"plan": "pro", "amount": 15},
user_id=current_user.id,
)The head-to-head
| Dimension | Client-side SDK | Server-side |
|---|---|---|
| Ad blocker resilience | Poor — often blocked | Excellent — invisible to blockers |
| Data completeness | Lossy (20–40% can be dropped) | Near-complete |
| Browser-only signals (scroll, rage clicks, UTM on landing) | Strong | Weak / impossible |
| Page load impact | Adds JS weight | Zero client cost |
| Data control / privacy | Data often leaves to third party | Stays in your infra |
| Setup effort | Drop-in snippet | Needs backend integration |
| Bot / spoof resistance | Easy to fake from client | Harder to spoof |
The ad blocker problem
The headline weakness of client-side analytics is ad and tracker blocking. uBlock Origin, Brave, Safari's Intelligent Tracking Prevention, and privacy-focused DNS all block common analytics domains. Industry discussions consistently put the loss in the 20–40% range depending on audience — and a technical audience (developers!) blocks far more aggressively. Your numbers are systematically undercounted, and the undercount is biased toward exactly the users you most want to understand.
Server-side capture sidesteps this entirely. The event is recorded by your own backend; there is nothing for a blocker to intercept.
Where client-side genuinely wins
Be fair — server-side is not strictly better. Some signals only exist in the browser:
- UI interactions: scroll depth, rage clicks, hover, time-on-element.
- Client performance: Core Web Vitals, render timing.
- First-touch attribution: the UTM parameters on the very first landing page, referrer, screen size.
- Pre-conversion behavior on pages that never hit your backend (static, cached).
If your product questions are about *how people use the interface*, client-side has data the server simply never sees.
Where server-side wins
- Completeness and accuracy — you count what actually happened.
- Trustworthy revenue/conversion metrics — the events that matter for the business are usually backend events anyway (payment succeeded, order placed).
- Privacy posture — data stays in your control; easier to comply with GDPR/CCPA when you are not shipping raw events to a third party.
- Security — server events are harder to spoof than a client POST anyone can replay.
- Performance — no SDK weight slowing down your pages.
The hybrid reality
Mature analytics stacks often use both: server-side for the source-of-truth funnel and revenue, client-side for UX detail. The cost is complexity — two pipelines, identity stitching to reconcile a browser session with a backend user.
If you want one source of truth with maximum completeness and minimal setup, server-side first is the pragmatic default. Add client-side only for the specific browser signals you genuinely need.
A note on attribution
Neither approach magically solves attribution. Cross-device journeys, logged-out browsing, and privacy regulation make perfect attribution impossible regardless of where you measure. Server-side gives you a cleaner, more honest base; do not let any vendor promise 100% accuracy.
How PandaStack does it
PandaStack captures analytics server-side by recording requests at the Kong ingress and proxy layer and writing them to ClickHouse — no client SDK to install. You get ad-blocker-proof, complete metrics and analytics out of the box, with the data staying inside the platform. There is no tag to add, nothing to slow your pages, and nothing for a blocker to drop. If you later need browser-only UX signals, you can layer a client tool on top — but your funnel and traffic numbers are already trustworthy.
References
- [Plausible: Why server-side / first-party analytics](https://plausible.io/blog/server-side-tracking)
- [Mozilla: Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop)
- [WebKit Intelligent Tracking Prevention](https://webkit.org/tracking-prevention/)
- [PostHog: server-side vs client-side capture](https://posthog.com/docs/getting-started/send-events)
---
Server-side analytics trade a little browser detail for a lot of accuracy and privacy. PandaStack gives you complete, SDK-free analytics powered by ClickHouse on every plan — start free at [dashboard.pandastack.io](https://dashboard.pandastack.io).