How to Fix Shopify Attribution Loss After iOS 14

If you're running paid ads to a Shopify store and your Meta or Google attribution numbers have felt "off" since 2021, you're not imagining it. iOS 14.5 permanently changed how tracking works — and most merchants are still losing 30–50% of their real conversion data without realizing it.

This guide explains exactly what's happening at the technical level, why traditional browser pixels can't keep up, and how server-side CAPI tracking with GotTracked recovers what's lost.

What iOS 14 Actually Did to Your Tracking

Apple's App Tracking Transparency (ATT), introduced in iOS 14.5, requires all apps — including browsers like Safari — to ask users for permission before tracking them across websites. The majority of users decline.

But the deeper issue isn't just the opt-out prompt. Safari's Intelligent Tracking Prevention (ITP) has been aggressively limiting cookies for years:

• First-party cookies set by JavaScript (like the Meta Pixel fbp cookie) are capped at a 7-day expiry on Safari
• Third-party cookies are completely blocked on Safari by default
• Click ID parameters (fbclid, gclid) are stripped from URLs in some Safari versions
• Brave browser and uBlock Origin block pixel network requests entirely at the DNS level

Why Browser Pixels Cannot Be Fixed

The Meta Pixel, Google Tag, and TikTok Pixel all work the same way: they run JavaScript in the user's browser to detect page events (PageView, AddToCart, Purchase) and send them to the ad platform's servers.

This architecture has a fundamental vulnerability: the browser is controlled by the user, not by you. Any privacy setting, extension, or browser policy can intercept and block these requests. There is no browser-side fix for this — the data loss is structural.

The Server-Side Solution: Conversions API (CAPI)

The Conversions API (CAPI) is Meta's official server-side event delivery system. Instead of relying on the browser, your server sends conversion events directly to Meta's API. Google and TikTok have equivalent systems (Enhanced Conversions and Events API).

Server-side tracking bypasses all browser restrictions because the request never goes through the user's browser. It originates from your server, which has full network access and is not subject to ITP, ATT, or ad-blockers.

The Challenge: Matching Server Events to Ad Clicks

The hard part of CAPI implementation isn't sending the event — it's correctly matching the purchase to the original ad click. This requires preserving the click ID (fbclid, gclid, ttclid) from the first page visit all the way through to the order confirmation.

On Shopify, this is particularly difficult because Shopify's checkout is hosted on a different subdomain, and cross-subdomain cookie sharing is restricted by Safari ITP.

How GotTracked Solves All Three Problems

1. First-Party App Proxy Tunneling

GotTracked routes all tracking requests through your own Shopify store's domain via the native App Proxy feature (/apps/adtracker). From the browser's perspective, every tracking request is a first-party request to your own domain. DNS-level blockers cannot distinguish these from legitimate site traffic.

2. Server-Side CAPI Engine

Purchase, AddToCart, InitiateCheckout, and custom events are captured directly on the server when Shopify's Order Webhook fires. These events are enriched with hashed customer PII and sent to Meta CAPI, Google Enhanced Conversions, and TikTok Events API simultaneously — before any browser ever has a chance to block them.

3. Cart Attributes Healing

GotTracked's most distinctive feature is its 30-day attribution cache. When a visitor arrives from an ad, their click ID and UTM parameters are written to Shopify's Cart Attributes — a server-side storage mechanism that persists across sessions and subdomains.

Even if Safari strips the fbclid cookie after 7 days, the original click ID is still in the Cart Attributes. When the Order Webhook fires, GotTracked reads these attributes and sends a perfectly matched CAPI event.

SHA-256 Privacy Compliance

All customer PII passed through GotTracked is irreversibly hashed using SHA-256 before being forwarded to any ad platform. This ensures full compliance with GDPR, CCPA, and Apple's ATT framework.

Getting Started

GotTracked is currently available through a free 1-Year Pioneer Access program for the first 2,000 Shopify merchants. No credit card required. Setup takes under 15 minutes.

Frequently Asked Questions

Does iOS 14 affect all Shopify stores?+

Yes. Any Shopify store running Meta, Google, or TikTok ads is affected. Stores with over 50% mobile (iPhone) traffic typically lose 35–50% of conversion data when relying on browser pixels alone.

How much conversion data am I losing right now?+

If you're using only browser pixels and have significant iPhone traffic, you're likely missing 30–50% of actual purchases in your ad platform dashboards. The easiest way to check is to compare your Shopify Orders count against Meta's reported purchases for the same period.

What is the difference between Meta Pixel and Meta CAPI?+

The Meta Pixel is a JavaScript snippet that fires tracking events from the user's browser — which can be blocked by iOS ATT, Safari ITP, and ad-blockers. Meta CAPI (Conversions API) sends the same events from your server, bypassing all browser-side restrictions.

Should I run browser pixel and CAPI at the same time?+

Yes — running both in parallel maximises coverage. The browser pixel captures users who allow tracking; CAPI catches everyone else. Proper deduplication (using a matching event_id) prevents double-counting in Meta's reporting.

How long does it take to set up GotTracked on Shopify?+

Setup typically takes under 15 minutes. GotTracked installs as a native Shopify app, connects to your Meta/Google/TikTok ad accounts, and automatically configures the App Proxy routing and webhook listeners.