6 Fatal Click Identifier Mistakes (gclid, fbclid, msclkid)
Click identifiers are case-sensitive. Common mistakes with gclid, fbclid, msclkid storage, Safari ITP, consent requirements.
Click identifiers are the backbone of advertising attribution. A single corrupted gclid and your Google Ads conversions vanish. A truncated fbclid and Meta can no longer optimize your campaigns. Here are the six most common mistakes, inspired by the work of Simo Ahava, and how to avoid them.
Click Identifiers Are Case-Sensitive
First surprise for many developers: some click identifiers are case-sensitive. Snapchat’s ScCid parameter will not work if your system normalizes it to sccid. Likewise, never convert the value of a gclid to lowercase. These identifiers are opaque tokens where every character matters.
Here is a summary table of parameters by platform:
| Platform | Parameter | Case-Sensitive |
|---|---|---|
| Google Ads | gclid | Yes (value) |
| Meta Ads | fbclid | Yes (value) |
| Microsoft Ads | msclkid | Yes (value) |
| TikTok Ads | ttclid | Yes (value) |
| Twitter/X Ads | twclid | Yes (value) |
| Snapchat Ads | ScCid | Yes (name AND value) |
| LinkedIn Ads | li_fat_id | Yes (value) |
Whitelist All Parameters in Your Redirects
The second fatal mistake: your redirects, CDN, or CMS silently strips unknown parameters. Every intermediary layer between the ad click and your landing page must explicitly whitelist gclid, fbclid, msclkid, ttclid, twclid, ScCid, and li_fat_id. Check your redirect rules, reverse proxies, and CMS settings.
Store Click Identifiers Correctly
Storage must be done on the root domain with a path of /. If you store a gclid cookie on www.example.com only, it will not be accessible from shop.example.com. Another classic trap: never store a value of null, undefined, or an empty string. Before writing the cookie, validate that the parameter exists and contains a non-empty value.
Safari ITP and Cookie Lifespan
Safari limits the lifespan of first-party cookies set via JavaScript to 7 days (or even 24 hours in some cases with ITP). This means a user who clicks on your Google ad on Monday and converts the following Sunday will no longer be attributed. The solution combines client-side localStorage and a server-side cookie write via an HTTP Set-Cookie header. To dive deeper into the Safari topic, see our article on Safari’s impact on gclid attribution.
Consent Is Mandatory in the EU
Storing a click identifier in a cookie or in localStorage constitutes personal data processing under the GDPR. In the European Union, you must obtain user consent before storing these identifiers. Without consent, no gclid cookie, no attribution. This is why Consent Mode and a properly configured CMP are essential to preserve maximum attribution while complying with regulations.
Combine Client-Side and Server-Side to Strengthen Attribution
The most robust strategy is to capture click identifiers on the client side, transmit them to your server, and then send them to advertising platforms via offline conversion APIs. This server-side approach bypasses ITP limitations, ad blockers, and parameter loss in redirects. It ensures that every conversion is correctly attributed, even in an increasingly restrictive environment for client-side tracking.