Overview
In most cases, client-side beacons (from the browser or app) are the preferred and recommended method for tracking ad events. However, in cases where this is not possible — such as on the server side, inside a mobile app, or within privacy-constrained environments, a server-side beacon can be used as a fallback.Header | Required | Purpose |
|---|---|---|
| Yes | Includes original user IP |
| Yes | Identifies client device/browser |
| Recommended | Provides page context |
Required HTTP Headers
To ensure server-side beacons are valid and accepted by our systems, specific HTTP headers must be included in the request.X-Forwarded-For format
The X-Forwarded-For header is a comma-separated list of IP addresses that tracks the path of the request through proxies.
-
If the header is already present, append the client IP to the list:
X-Forwarded-For: ip-address-1, ip-address-2, client-ip-address -
If the header is not present, create it with just the client IP:
X-Forwarded-For: client-ip-address
Read more on
X-Forwarded-For here (Mozilla Developer documentation).User-Agent format
Provide the actual user agent string from the browser or app where the event originated.
Example:
HTTP
Read more on
User-Agent here (Mozilla Developer documentation).Recommended Header
Referer is recommended. It indicates the URL where the beacon event occurred and is helpful for attribution.
Read more on
Referer here (Mozilla Developer documentation)Alignment with Ad Delivery API Requirements
These header requirements are consistent with those enforced by Criteo’s Retail Media Ad Delivery API. In both cases, proper client metadata (IP, User-Agent, Referer) must be preserved in server-side requests to ensure accurate attribution and filter out invalid traffic.
If you’re implementing both ad delivery and beacon tracking server-side, ensure that your integration includes:
- A realistic and IAB-compliant
User-Agent, - A well-formed
X-Forwarded-Forheader including the end-user IP, - A valid
Refererindicating the origin page or context.
Mobile developersMake sure to avoid using default agents like
okhttp/x.y.z, as these are considered invalid under IAB rules. Customize your User-Agent string to include OS and app version, e.g. app_android 1.2.3.Example
Here is an API call example including theX-Forwarded-For, a User-Agent and a Referer in the header.
