The problem with the server only solution in that they can never detect the source of cheating, only the result of it.

And detecting the result is inaccurate as there are perfectly natural network latency and other issues that can generate the same result as a cheat, as that's actually how many cheats are discovered and implemented, by noticing that network latency or weird traffic creates an exploitable condition.

You need to run it on the client side to see if the natural circumstances are happening or someone is using tools to cause the circumstances. The first isn't cheating, the later is.

You can't detect from the server side what the client side is doing without running anticheat on the client side.