DataFirefly Server-Side

وضاحت

DataFirefly Server-Side delivers complete, reliable WooCommerce conversion tracking with a single connection key:

  • Full funnel — page view, product view, add to cart, initiate checkout, add payment info, purchase.
  • Dual delivery, deduplicated — every event fires a light client pixel (Meta / GA4 / TikTok) and a signed server-side event sharing the same event id, so ad blockers never cost you a conversion and nothing is ever counted twice.
  • Per-destination control — enable or disable the Meta, GA4 and TikTok client tags individually. A disabled destination’s third-party script (and its cookies) is never loaded in your visitors’ browsers.
  • Consent-first (GDPR) — with “Require consent” on (the default), nothing fires and nothing is sent — client-side or server-side — until the visitor explicitly grants marketing consent (DataFirefly Cookie Consent, WP Consent API, Complianz, Cookiebot, IAB TCF v2). This includes the server-side purchase event: the consent decision is captured at checkout and enforced even when the purchase confirmation arrives later from a payment gateway.
  • Reliable — failed sends are queued and retried with exponential backoff; an Activity panel shows delivery status live.
  • Secure by design — no destination credential ever reaches the browser; the HMAC secret never leaves the server; the public beacon endpoint is rate-limited, size-capped and strictly sanitized; purchase events are server-authoritative and cannot be spoofed.

This plugin is the WooCommerce connector for the DataFirefly server-side tracking service. It requires a DataFirefly account (https://datafirefly.com), and no data is ever transmitted anywhere until the shop administrator explicitly connects the plugin with their account’s connection key. See the “External services” section below for full details of what is sent, when, and to whom.

External services

This plugin relies on the following external services. No data is sent to any of them until the shop administrator explicitly connects the plugin to a DataFirefly account, and — when the “Require consent” setting is enabled (the default) — no visitor data is sent unless that visitor has explicitly granted marketing consent.

1. DataFirefly server-side tracking dispatcher (the service this plugin connects to)

  • What it is and what it is used for: DataFirefly is the tracking service this plugin is a connector for. The dispatcher (https://serverside.datafirefly.com) receives your shop’s e-commerce events, signs them and forwards them server-side to the advertising/analytics destinations configured in your DataFirefly account (Meta Conversions API, Google Analytics 4 Measurement Protocol, TikTok Events API).
  • What data is sent and when: after the administrator connects the plugin, e-commerce events are sent to the dispatcher — funnel events (page view, product view, add to cart, checkout) carrying pseudonymous browser identifiers (cookie ids such as _fbp, _ga, click ids), page URL, IP address and user agent; and the purchase event carrying order data (order id, amount, currency, products) and the customer’s billing details (email, phone, name, city, postcode, country). When “Require consent” is enabled, none of this is sent for a visitor who has not granted marketing consent.
  • Service provider: DataFirefly Limited — Terms and ConditionsPrivacy Policy

2. Meta (Facebook) Pixel

  • What it is and what it is used for: when the Meta destination is configured in your DataFirefly account and enabled in the plugin settings, the plugin loads the Meta Pixel script in the visitor’s browser to record client-side ad events (deduplicated with the server-side events).
  • What data is sent and when: the script is loaded from https://connect.facebook.net and, once loaded, Meta receives the standard pixel data (page URL, browser information, event data, Meta cookies) — only after marketing consent is granted when “Require consent” is enabled, and never if the destination is disabled.
  • Service provider: Meta Platforms — Terms of ServicePrivacy Policy

3. Google Analytics 4 (gtag.js)

  • What it is and what it is used for: when the GA4 destination is configured and enabled, the plugin loads Google’s gtag.js script in the visitor’s browser to record client-side analytics events (deduplicated with the server-side events).
  • What data is sent and when: the script is loaded from https://www.googletagmanager.com and, once loaded, Google receives the standard GA4 data (page URL, browser information, event data, Google cookies) — only after marketing consent is granted when “Require consent” is enabled, and never if the destination is disabled.
  • Service provider: Google — Terms of ServicePrivacy Policy

4. TikTok Pixel

  • What it is and what it is used for: when the TikTok destination is configured and enabled, the plugin loads the TikTok Pixel script in the visitor’s browser to record client-side ad events (deduplicated with the server-side events).
  • What data is sent and when: the script is loaded from https://analytics.tiktok.com and, once loaded, TikTok receives the standard pixel data (page URL, browser information, event data, TikTok cookies) — only after marketing consent is granted when “Require consent” is enabled, and never if the destination is disabled.
  • Service provider: TikTok — Terms of ServicePrivacy Policy

انسٽاليشن

  1. Upload the plugin and activate it. At this point the plugin does nothing and sends nothing.
  2. Go to Settings DataFirefly Server-Side.
  3. Paste the connection key from your DataFirefly client space and click Connect. That is the only step.
  4. Optional: in the same screen, untick any client destination (Meta, GA4, TikTok) you do not use.

FAQ

Does the plugin send any data before I connect it?

No. Until you paste your DataFirefly connection key and click Connect, the plugin loads no third-party script and sends no data anywhere.

Does the plugin load Facebook / TikTok / Google scripts on my shop?

Only for the destinations that are both configured on your DataFirefly account and enabled in the “Client destinations” setting. Untick a destination and its script will never be injected.

Is visitor consent respected?

Yes. When “Require consent” is on (the default), no tag is injected and no event is sent — including the server-side purchase event — until the visitor explicitly grants marketing consent, with live re-check when the visitor accepts. The consent decision is captured at checkout and stored on the order, so a purchase confirmed later by a payment gateway webhook still honours it. With “Require consent” on and no explicit grant (including when no consent banner is installed), the purchase event is simply not sent, and an order note tells you why.

Which consent tools are supported?

DataFirefly Cookie Consent, the official WP Consent API, Complianz, Cookiebot, and IAB TCF v2-compatible banners.

جائزا

ھن پلگ ان لاءِ ڪي به رايا ناھن.

تعاون ڪندڙ & ڊولپرز

“DataFirefly Server-Side” اوپن سورس سافٽ ويئر آهي. ھيٺين ماڻھن ھن پلگ ان ۾ حصو ورتو آھي.

تعاون ڪندڙ

ترجمو ڪريو “DataFirefly Server-Side” توهان جي ٻولي ۾.

ڊولپمينٽ ۾ دلچسپي؟

ڪوڊ براؤز ڪريو، چيڪ ڪريو SVN مخزن، يا رڪنيت حاصل ڪريو ڊولپمينٽ لاگ پاران RSS.

لاگ تبدیل ڪريو

2.2.2

  • Security: the thank-you-page tracking context now enforces the same authorization as WooCommerce’s own order-received template — the order key (or being logged in as the order’s customer) is required before any order detail (products, total, order number) is exposed to the page. A guessed order-received URL no longer reveals anything.

2.2.1

  • Privacy: the server-side purchase flow now strictly enforces end-user opt-in consent when “Require consent” is enabled — the visitor’s consent decision is captured at checkout, stored on the order and honoured even when the purchase fires later from a gateway webhook; without an explicit grant, no personal or order data is sent.
  • Privacy: Complianz and Cookiebot consent cookies are now also read server-side as a defense-in-depth signal.
  • Docs: added the “External services” disclosure (DataFirefly dispatcher, Meta Pixel, GA4 gtag.js, TikTok Pixel) with links to each service’s terms and privacy policy.
  • i18n: the text domain now matches the plugin slug (datafirefly-server-side).

2.2.0

  • New: per-destination client-tag toggles (Meta, GA4, TikTok) — a disabled destination’s script is never loaded.
  • Fix: coding-standards and Plugin Check compliance pass (i18n translators comments, input sanitization, no unprefixed globals).

2.1.1

  • New: merchandising events (view_item_list, select_item, view_promotion, select_promotion).

2.0.1

  • Full-funnel client tracking layer with dedup-perfect server-side delivery, retry queue and Activity panel.

1.x

  • Server-side purchase event delivery.