Skip to main content

Tracking

What is S2S tracking?

Quick Definition

S2S tracking (server-to-server tracking) records affiliate conversions by passing a unique click ID at click time and having the advertiser's server fire that ID back to your tracker the moment a conversion happens. The user's browser is never involved.

How S2S tracking works

S2S tracking replaces the old cookie-and-pixel approach with a two-step handshake between servers:

  • At click: your tracker generates a unique click ID and appends it to the offer URL — e.g. https://offer.com/?cid=abc123. The offer's server stores that ID in its own database alongside the user session.
  • At conversion: when the user converts, the offer's server looks up the click ID, builds a postback URL, and fires a GET request back to your tracker — e.g. https://tracker.com/p?cid=abc123&payout=25.

Your tracker receives the postback, matches abc123 to the original click, and logs the conversion with the reported payout. The user's browser, cookies, device, and IP address are all irrelevant to the attribution.

Why S2S beats cookie tracking in 2026

Traditional pixel/cookie tracking has been degraded by years of privacy changes:

  • Safari ITP caps first-party cookies at 7 days and blocks third-party cookies outright
  • iOS 14+ App Tracking Transparency forces opt-in prompts that gut mobile cookie tracking
  • Ad blockers (uBlock, AdGuard, Brave) strip tracking pixels before they fire
  • Chrome privacy sandbox continues phasing out third-party cookies
  • Cross-device journeys — user clicks on phone, converts on desktop — kill cookie attribution entirely

S2S sidesteps all of this because the match happens on the advertiser's server, using an ID the user can't see or block. If the advertiser can identify the converting user, they can fire the postback — full stop.

S2S tracking vs pixel tracking

  • Pixel: fires in the browser. Requires cookies, page load, and no blocker interference. Reliable for organic traffic, lossy for paid.
  • S2S / postback: fires server-to-server. Requires the offer to support postbacks and pass through the click ID. Reliable regardless of traffic source or device.

Most serious affiliate trackers (Voluum, RedTrack, BeMob, FunnelFlux, Binom) run S2S by default and fall back to pixels only when an offer doesn't support postbacks.

Setting up S2S tracking

  • Confirm the offer supports S2S / postbacks — not all in-house affiliate programs do
  • Generate a unique click ID variable in your tracker (e.g. {click_id}, {sub1}, {tid})
  • Pass the click ID in your affiliate link via whichever parameter the offer accepts
  • Copy your tracker's postback URL and paste it into the offer's conversion settings
  • Run a test conversion end-to-end and verify the tracker records it with the correct click ID

Limitations of S2S tracking

It's not magic. S2S still breaks when:

  • The click ID isn't stored by the offer (redirect strips it, session expires, user clears data mid-flow)
  • The advertiser only fires postbacks in daily batches, creating attribution lag
  • The postback URL is misconfigured — wrong macro syntax, missing parameters, HTTPS mismatch
  • The advertiser decides to reject or claw back the conversion after the postback fires

Frequently asked questions

Is S2S tracking the same as postback tracking?

Yes — the terms are used interchangeably. "S2S tracking" describes the server-to-server architecture; "postback" is the URL the advertiser fires to your tracker to carry the conversion data. You can't have one without the other.

Do I need a tracker to run S2S tracking?

Yes. You need somewhere to generate click IDs and receive postbacks — that's what a tracker does. Options include Voluum, RedTrack, BeMob, FunnelFlux, Binom, and PeerClick. Self-hosted (Binom) vs cloud (Voluum) is a cost/control tradeoff.

Does every affiliate offer support S2S?

Most CPA networks (MaxBounty, CPAGrip, AdWork Media, etc.) support S2S natively. Large in-house programs (Amazon Associates, Impact advertisers, some SaaS) often only offer cookie-based tracking, which limits what you can track through an external tracker.

Is S2S tracking privacy-compliant?

S2S itself doesn't collect personal data — just a click ID — so it's generally compliant with GDPR, CCPA, and iOS privacy rules. However, you still need proper consent and disclosures for any user-identifying data captured alongside (IP, user agent, email). Privacy compliance is about what you collect, not how you transmit it.

Related terms

Postback URL

Conversion callback

Affiliate Link

Tracked URL

Cookie Window

Attribution timing

EPC

Earnings Per Click

Put it to work

Track every conversion paid traffic sends you.

The Analytics Playbook breaks down tracker selection, S2S wiring, and the optimization loops that turn raw postback data into profitable campaigns.

Analytics Playbook Microsoft Ads Course