Title: DataFirefly Server-Side
Author: datafirefly
Published: <strong>Agẹmọ  13, 2026</strong>
Last modified: Agẹmọ  13, 2026

---

Ṣàwárí àwọn plugin

![](https://ps.w.org/datafirefly-server-side/assets/banner-772x250.png?rev=3606656)

![](https://ps.w.org/datafirefly-server-side/assets/icon-256x256.png?rev=3606656)

# DataFirefly Server-Side

 Láti ọwọ́ [datafirefly](https://profiles.wordpress.org/datafirefly/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/datafirefly-server-side.2.2.2.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/datafirefly-server-side/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/datafirefly-server-side/#reviews)
 *  [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/datafirefly-server-side/#installation)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/datafirefly-server-side/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/datafirefly-server-side/)

## Àpèjúwe

DataFirefly Server-Side delivers complete, reliable WooCommerce conversion tracking
with a single connection key:

 * **Full funnel** — page view, product view, add to cart, initiate checkout, add
   payment info, purchase.
 * **Dual delivery, deduplicated** — every event fires a light client pixel (Meta/
   GA4 / TikTok) **and** a signed server-side event sharing the same event id, so
   ad blockers never cost you a conversion and nothing is ever counted twice.
 * **Per-destination control** — enable or disable the Meta, GA4 and TikTok client
   tags individually. A disabled destinationÌtumọ̀ Yorùbá: ’s third-party script(
   and its cookies) is never loaded in your visitors’ browsers.
 * **Consent-first (GDPR)** — with “Require consent” on (the default), nothing fires
   and nothing is sent — client-side or server-side — until the visitor explicitly
   grants marketing consent (DataFirefly Cookie Consent, WP Consent API, Complianz,
   Cookiebot, IAB TCF v2). This includes the server-side purchase event: the consent
   decision is captured at checkout and enforced even when the purchase confirmation
   arrives later from a payment gateway.
 * **Reliable** — failed sends are queued and retried with exponential backoff; 
   an Activity panel shows delivery status live.
 * **Secure by design** — no destination credential ever reaches the browser; the
   HMAC secret never leaves the server; the public beacon endpoint is rate-limited,
   size-capped and strictly sanitized; purchase events are server-authoritative 
   and cannot be spoofed.

This plugin is the WooCommerce connector for the DataFirefly server-side tracking
service. It requires a DataFirefly account (https://datafirefly.com), and no data
is ever transmitted anywhere until the shop administrator explicitly connects the
plugin with their accountÌtumọ̀ Yorùbá: ’s connection key. See the “External services”
section below for full details of what is sent, when, and to whom.

### External services

This plugin relies on the following external services. No data is sent to any of
them until the shop administrator explicitly connects the plugin to a DataFirefly
account, and — when the “Require consent” setting is enabled (the default) — no 
visitor data is sent unless that visitor has explicitly granted marketing consent.

**1. DataFirefly server-side tracking dispatcher (the service this plugin connects
to)**

 * What it is and what it is used for: DataFirefly is the tracking service this 
   plugin is a connector for. The dispatcher (https://serverside.datafirefly.com)
   receives your shopÌtumọ̀ Yorùbá: ’s e-commerce events, signs them and forwards
   them server-side to the advertising/analytics destinations configured in your
   DataFirefly account (Meta Conversions API, Google Analytics 4 Measurement Protocol,
   TikTok Events API).
 * What data is sent and when: after the administrator connects the plugin, e-commerce
   events are sent to the dispatcher — funnel events (page view, product view, add
   to cart, checkout) carrying pseudonymous browser identifiers (cookie ids such
   as _fbp, _ga, click ids), page URL, IP address and user agent; and the purchase
   event carrying order data (order id, amount, currency, products) and the customerÌtumọ̀
   Yorùbá: ’s billing details (email, phone, name, city, postcode, country). When“
   Require consent” is enabled, none of this is sent for a visitor who has not granted
   marketing consent.
 * Service provider: DataFirefly Limited — [Terms and Conditions](https://www.datafirefly.com/en/terms-and-conditions/)—
   [Privacy Policy](https://www.datafirefly.com/en/privacy-policy-2/)

**2. Meta (Facebook) Pixel**

 * What it is and what it is used for: when the Meta destination is configured in
   your DataFirefly account and enabled in the plugin settings, the plugin loads
   the Meta Pixel script in the visitorÌtumọ̀ Yorùbá: ’s browser to record client-
   side ad events (deduplicated with the server-side events).
 * What data is sent and when: the script is loaded from https://connect.facebook.
   net and, once loaded, Meta receives the standard pixel data (page URL, browser
   information, event data, Meta cookies) — only after marketing consent is granted
   when “Require consent” is enabled, and never if the destination is disabled.
 * Service provider: Meta Platforms — [Terms of Service](https://www.facebook.com/legal/terms)—
   [Privacy Policy](https://www.facebook.com/privacy/policy)

**3. Google Analytics 4 (gtag.js)**

 * What it is and what it is used for: when the GA4 destination is configured and
   enabled, the plugin loads GoogleÌtumọ̀ Yorùbá: ’s gtag.js script in the visitorÌtumọ̀
   Yorùbá: ’s browser to record client-side analytics events (deduplicated with 
   the server-side events).
 * What data is sent and when: the script is loaded from https://www.googletagmanager.
   com and, once loaded, Google receives the standard GA4 data (page URL, browser
   information, event data, Google cookies) — only after marketing consent is granted
   when “Require consent” is enabled, and never if the destination is disabled.
 * Service provider: Google — [Terms of Service](https://policies.google.com/terms)—
   [Privacy Policy](https://policies.google.com/privacy)

**4. TikTok Pixel**

 * What it is and what it is used for: when the TikTok destination is configured
   and enabled, the plugin loads the TikTok Pixel script in the visitorÌtumọ̀ Yorùbá:’
   s browser to record client-side ad events (deduplicated with the server-side 
   events).
 * What data is sent and when: the script is loaded from https://analytics.tiktok.
   com and, once loaded, TikTok receives the standard pixel data (page URL, browser
   information, event data, TikTok cookies) — only after marketing consent is granted
   when “Require consent” is enabled, and never if the destination is disabled.
 * Service provider: TikTok — [Terms of Service](https://www.tiktok.com/legal/terms-of-service)—
   [Privacy Policy](https://www.tiktok.com/legal/privacy-policy)

## Ìgbéwọlẹ̀

 1. Upload the plugin and activate it. At this point the plugin does nothing and sends
    nothing.
 2. Go to Settings  DataFirefly Server-Side.
 3. Paste the connection key from your DataFirefly client space and click Connect. 
    That is the only step.
 4. Optional: in the same screen, untick any client destination (Meta, GA4, TikTok)
    you do not use.

## FAQ

### Does the plugin send any data before I connect it?

No. Until you paste your DataFirefly connection key and click Connect, the plugin
loads no third-party script and sends no data anywhere.

### Does the plugin load Facebook / TikTok / Google scripts on my shop?

Only for the destinations that are both configured on your DataFirefly account **
and** enabled in the “Client destinations” setting. Untick a destination and its
script will never be injected.

### Is visitor consent respected?

Yes. When “Require consent” is on (the default), no tag is injected and no event
is sent — including the server-side purchase event — until the visitor explicitly
grants marketing consent, with live re-check when the visitor accepts. The consent
decision is captured at checkout and stored on the order, so a purchase confirmed
later by a payment gateway webhook still honours it. With “Require consent” on and
no explicit grant (including when no consent banner is installed), the purchase 
event is simply not sent, and an order note tells you why.

### Which consent tools are supported?

DataFirefly Cookie Consent, the official WP Consent API, Complianz, Cookiebot, and
IAB TCF v2-compatible banners.

## Àwọn àgbéyẹ̀wò

Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.

## Àwọn Olùkópa & Olùgbéejáde

“DataFirefly Server-Side” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí 
ti ṣe ìkópa sí plugin yìí.

Àwọn Olùkópa

 *   [ datafirefly ](https://profiles.wordpress.org/datafirefly/)

[Túmọ̀ “DataFirefly Server-Side” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/datafirefly-server-side)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/datafirefly-server-side/),
ṣàyẹ̀wò [ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/datafirefly-server-side/),
tàbí ṣe àgbékalẹ̀ sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/datafirefly-server-side/)
nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/datafirefly-server-side/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 2.2.2

 * Security: the thank-you-page tracking context now enforces the same authorization
   as WooCommerceÌtumọ̀ Yorùbá: ’s own order-received template — the order key (
   or being logged in as the orderÌtumọ̀ Yorùbá: ’s customer) is required before
   any order detail (products, total, order number) is exposed to the page. A guessed
   order-received URL no longer reveals anything.

#### 2.2.1

 * Privacy: the server-side purchase flow now strictly enforces end-user opt-in 
   consent when “Require consent” is enabled — the visitorÌtumọ̀ Yorùbá: ’s consent
   decision is captured at checkout, stored on the order and honoured even when 
   the purchase fires later from a gateway webhook; without an explicit grant, no
   personal or order data is sent.
 * Privacy: Complianz and Cookiebot consent cookies are now also read server-side
   as a defense-in-depth signal.
 * Docs: added the “External services” disclosure (DataFirefly dispatcher, Meta 
   Pixel, GA4 gtag.js, TikTok Pixel) with links to each serviceÌtumọ̀ Yorùbá: ’s
   terms and privacy policy.
 * i18n: the text domain now matches the plugin slug (datafirefly-server-side).

#### 2.2.0

 * New: per-destination client-tag toggles (Meta, GA4, TikTok) — a disabled destinationÌtumọ̀
   Yorùbá: ’s script is never loaded.
 * Fix: coding-standards and Plugin Check compliance pass (i18n translators comments,
   input sanitization, no unprefixed globals).

#### 2.1.1

 * New: merchandising events (view_item_list, select_item, view_promotion, select_promotion).

#### 2.0.1

 * Full-funnel client tracking layer with dedup-perfect server-side delivery, retry
   queue and Activity panel.

#### 1.x

 * Server-side purchase event delivery.

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **2.2.2**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **ọjọ́ 4 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **Tó kéré sí 10**
 *  Ẹ̀yà WordPress ** 5.8 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **7.0.1**
 *  Ẹ̀yà PHP ** 7.4 tàbí ju bẹ́ẹ̀ lọ **
 *  Èdè
 * [English (US)](https://wordpress.org/plugins/datafirefly-server-side/)
 * Àwọn àmì
 * [Conversion API](https://yor.wordpress.org/plugins/tags/conversion-api/)[Facebook Pixel](https://yor.wordpress.org/plugins/tags/facebook-pixel/)
   [ga4](https://yor.wordpress.org/plugins/tags/ga4/)[tracking](https://yor.wordpress.org/plugins/tags/tracking/)
   [woocommerce](https://yor.wordpress.org/plugins/tags/woocommerce/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/datafirefly-server-side/advanced/)

## Àwọn ìbò

Kò sí ìwádìí tí a tíì fi ránṣẹ́.

[Your review](https://wordpress.org/support/plugin/datafirefly-server-side/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/datafirefly-server-side/reviews/)

## Àwọn Olùkópa

 *   [ datafirefly ](https://profiles.wordpress.org/datafirefly/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/datafirefly-server-side/)