Google DFP safeframe/friendlyframe Issue - iframe

Recently ran into some trouble with Google DFP that I'm hoping others have had.
We have a site that's served via SSL and it contains some Google DFP ad tags. Google DFP's debugging console shows no errors in the tags or our implementation of them. (i.e. the tags themselves are fine)
However, the ads are getting served via different methods. Some of the iframes get served as FriendlyFrames and some get served as SafeFrames. The SafeFrame ads appear correctly. The FriendlyFrame ads don't show up.
It appears that the FriendlyFrame ads are running afoul of some sort of browser security measure (likely because the pages are served via SSL).
I looked into this in the DFP docs but haven't found anything that explains how to solve the issue. There is a setForceSafeFrame method available that I've tried to use but it doesn't actually seem to do anything when I try to use it:
https://developers.google.com/doubleclick-gpt/reference#googletag.PassbackSlot_setForceSafeFrame
I've setup a test page demonstrating the issue here:
https://methnen.com/ad-test
There should be 5 separate ads on the page. If you get all of them refresh the page until you get at least one ad that doesn't show. The broken ads are being served as a FriendlyFrames.
Really hoping someone knows what the heck is going on.

FYI and possibly helpful for anyone else who might run into this at a later date:
Turns out the Ad Ops person hadn't set things up on their end to have enough inventory to fill all of the slots and there was nothing wrong with the tagging at all. The empty FriendlyFrames are apparently what DFP serves up when it decides it doesn't have anything to fill a given slot.

Try to force render all ads in SafeFrame
googletag.pubads().setForceSafeFrame(true);
More about it here https://developers.google.com/doubleclick-gpt/reference#googletag.PassbackSlot_setForceSafeFrame

Related

Google Analytics not tracking Google Ads and UTMs clicks correctly

I've identified a discrepancy between Google Ads clicks and Analytics sessions in Paid Search (about twice more clicks than sessions). So I contacted Google Ads support and after a long conversation, they send me an email saying that my website structure uses redirections and it's making it lose parameters, and that I had to contact a developer to solve that problem because they don't give assistance on it. What exactly they told me to tell the developer was that:
Loss of parameters by redirection
The website trendotrends.com is not holding navigation parameters
because of the structure in which it was developed.
To verify this redirection, simply replicate the following steps: I
accessed the link
https://trendotrends.com/products/running-shoes?variant=15320930779194
After full site loading, I added the & gclid = Tester123 parameter to
the URL (in the browser, so the final URL was
https://trendotrends.com/products/running-shoes?variant=15320930779194&gclid=Tester123)
and hit Enter To understand if there is a redirect, the normal
behavior would be for the URL to remain the same (with & gclid =
Tester123 at the end), but in this case, the parameter disappears (and
hence the assignment) This link was just an example, which can be
verified in several other products of the site.
They also said I can't use manual tagging (UTMs) instead of automatic tagging in Google Ads because those redirections are also going to spoil the UTMs.
I don't use any redirections in my website and I have also tested with UTMs and there's also a discrepancy in google analytics data for that.
But before I contact a developer and invest on this fix, I would like to know if anyone had experienced that? If Googles answer fits this problem? And even if is there a way to fix it without being an expert.
Thanks in advance.
The issue here isn't really that there's a redirect (301), but a state change. There is javascript on the page that essentially rewrites the URL before the GA code can parse it.
Are you able to change to a different theme and test if this happens with that theme?

Google Analytics reporting data before tag is even up

So I've been working on a website for a while. GA account has been up for a couple months but I waited for the website to be finished before putting up the actual JS tag.
In the meantime, the website is being HTTP password restricted (basic authentication) so it isn't even accessible unless you know the user/pwd combination.
To my surprise, I realized today that GA has logged several hundred views to the root of my website. Paths are mostly things like:
/
/?from=http://social-widget.xyz/
/?from=http://www.traffic2cash.xyz/
Bounce% and exit% both at 100% for all of them.
I realize this looks like referral spam, and there are ways to prevent it. Came across this upon googling:
http://botcrawl.com/block-social-widget-xyz-referral-spam-in-google-analytics/
My question is: how can GA log anything anyway when no tag is up and the website isn't even accessible?
Thank you very much in advance
Because it's spam. They hit Google Analytics directly with random GA codes and don't even go through your website.
GA can't tell if these are real hits (from website visits) or fake hits (from spam bots who hit GA directly calling the same ode as they would if on the website). Though arguably they should do more about this.
Massively annoying - particularly when first starting out as this can be a heavy proportion of your "traffic".
It's easy to set up a filter rule is to catch a lot of this by filtering on hostname. As they are randomly hitting GA and don't even know what website they are hitting GA for, they don't usually set this correctly. Real traffic should only come from yourwebsitedomain.com so add a filter for that.
STRONG piece of advice: abandon the default UA-########-1 tracking code of your new website -- simply do not use it!
Create a second and third property on the Admin screen, then use the tracking code for the third property. You will immediately see a lot less spam. No filters or segments necessary!
If you want the whole sad story about spam visits in GA, I have been maintaining the Definitive Guide article for over a year now:
http://help.analyticsedge.com/spam-filter/definitive-guide-to-removing-google-analytics-spam/

How to stop Google Analytics Hacks?

What people are doing is basically taking the UA-XXXXXX code that you normally get with analytics, and they are generating calls against it. This is skewing my analytics stats. On top of that, in Google WebMaster tools, it's also causing this:
It looks like somehow these pages, with my code on or at least with the generated code on, is making Google Webmaster tools think I have lots of 404's. This can't possibly be good for my rankings.
Anyone know if there is anything you can do to stop this?
Try making async call from your server end using CURL.That way you will never expose your GA code.
I have not implemented it, but it might work as per theory
Since you can filter by custom dimensions you can set a "token" in a custom dimension on every page and filter out any traffic in your view settings that does not include the token.
Obviously this will not help against people who use the code from your website (unless you also implement shahmanthan9s suggestion - which is a lot of work but will give you cleaner data), but it will work against drive-by shooters who randomly select UAIDs to send data to (which is the situation you refer to in your comment).

Google Analytics, iframes & cross-domain

I have GA on every page on one domain (actually not me, but my company, whose programmer needs auditing). Just the default code (Classic version, ga.js), no special accommodations whatsoever that I've seen or know of. Bare minimal if any configuration past registering the service with the main site...
All the pages are either aspx or static HTML. It's common practice for this guy to embed pages on the site within other pages on the site in iframes, where both the parent (top-level) & child (embedded) pages contain the GA script.
I don't really know much at all about GA, have never worked with it, but I do suspect that might result in extra hits being counted by GA or something, that that may be messing with the metrics. But then I've read stuff about GA using first-party cookies so by default pages loaded in iframes won't be tracked/counted... I could really use some clarification on this, please.
Then our programmer frames pages from the main site in pages on other sites that we own, that are on different domains. So then there's this cross-domain business, with no segregation of sources, because they really don't care much. So what should be the outcome of that? The external sites' pages don't have the GA code.
However, we're rebuilding one of those other sites - actually I am, for the most part - and the programmer told me to just copy and paste the same exact GA script used on the main site into that one. So, it's a different domain. That wouldn't work as-is, would it? Wouldn't there have to be some sort of special configuration, setting of the domain, something?
I'd really appreciate if someone could tell me more about the scenarios described above. Thanks in advance.
In the Google Analytics developer menu, you can create a new 'profile' for this new site. The analytics will then be tracked for just that one site, not for all. In theory, it is possible to use one GA.js for all your sites, but it kind of kills the whole concept of Google Analytics, so it's not recommended.
Your really shouldn't be using iframes anymore IMO. There are reasons to use them like embedding code for tracking etc, I think, even GA uses iframes. But, generally Google doesn't like them because a lot of spammers use them to try and fool the Google Crawler.
Also, it get's very complicated to understand what is going on within GA.
To answer your question: Each iframe is like an independent webpage completely separated from the other webpage (for security reasons). So when Google or a web browser goes to your website it will do this:
Load your main html document.
Render that page.
See that you have an iframe.
Load that page in the iframe.
Render the iframe.
Now, if you don't have GA installed on the iframe page it will not track the page being loaded.
But if you do put GA in the iframe it will record when the iframe is loaded or the webpage is loaded.
But, remember that one of the main reasons of having GA is to see where your customers are coming from and why. If you have an iframe of another webpage, you really don't know if that is because a customer is:
A) visiting your website from the page directly.
OR
B) the customer is visiting that page through an iframe on another page.
It can get very complicated
You must generate a new tracker for each domain you are using. Otherwise what is to stop someone from just copying your GA code, and putting it on their webpage.

LinkedIn button shows up intermitent

I am using the code to place a linkedIn Follow button (generated here https://developer.linkedin.com/plugins/follow-company) on this page, http://new.janeirodigital.com (view Client Testimonials section). However, the buttons sometimes show up and sometimes don't.
I have read a little bit of cross domains issues that may cause this, but I am not able to find a workaround to fix this. If you visit that page in Chrome and see the errors console, you'll see a couple of errors like regarding the linked in button, like:
Unsafe Javascript attempt to access frame with URL mysite.com from frame with URL http://platform.linkedin.com/js/....Domains, protocols and ports must match.
Has anybody experienced this problem before?
Any help appreciated
Daniel
The messages you are seeing in the developer console in Chrome are unrelated to your problem. They are an artifact of the cross-domain communication and as you'll notice, you see them for Facebook and Twitter as well on the same page.
That said, viewing your page I am also seeing intermittent 403s for some of the backend calls that the FollowCompany plugin is making. I have alerted our NOC to the issue and they should be investigating now.
Reviewing your page, it seems you have done everything necessary and are set, so once we fix the operational issue you should be good to go.
My apologies for any inconvenience!
-Jeremy
I just found that this is happening when there are more than one follow button on the page, if you delete the first one and the second shows without problems but the others have the same problem...
Hope this could help your team Jeremy!!

Resources