I have a page on A.com that has an iframe whose "src=" is on B.com.
For example, src="http://B.com/index.asp?123456"
The query string 123456 is a client key assigned to domain A.com.
index.asp does a database lookup with the key to identify the domain.
How can I ensure that it was a page on A.com that made the call?
I thought about passing location.host, but that can be hacked.
That is, C.com could say: it's B.com by changing location.host to B.com.
(Obviously, location.host is determined via JavaScript.)
I can have other HTML code on A.com than just the iframe.
You can use postMessage and verify the origin on the event object., but you should never rely on any client side validation where security is a concern. Simply by adding a break point on the post message callback in any developer tool can easily circumvent this method.
Related
A user enters https://example.com/mypage on the browser
.httaccess redirects to https://example.com/myfinallandingpage
I would like to track the traffics of /mypage.
/mypage is not an actual page, but /myfinallandingpage is a working page.
Does anybody know a way to do this?
Out of the box you can't measure server-side redirects such as 301 or 302 since the browser JavaScript, and thus Google Analytics won't be executed on the redirect source pages.
However you can by doing a little customization:
Insert a URL parameter on the redirect destination page eg https://example.org/destination-page?ref=https://example.org/source-page and track whatever you want on that destination apge
Perform server-side tracking: you could handle your redirects at PHP level, allowing you to use a GA server-side tracking library with GA Client ID retrieved via the cookies in HTTP headers
My goal is to track a user session when a visitor is sent from a specific website.
I would expect visitor from 2 websites: a.com and b.com
I would want trigger a tag 1 if referrer contained a.com
and trigger tag 2 if referrer contained b.com. Once a user lands on my site, they would be expected to travel around many pages on my domain. I still would need to track that session even though the HTTP Referer is no longer matching a.com.
My goal is to track how many of these sessions get sent from a.com, how many from b.com and how many reach of each reach a thank page at /thankyoupage
How would this be configured ?
Would this require session scope and if so, how would this be configured ?
If you just want to see this in Google Analytics you can create a segment with referrer a.com or b.com (mind that in GA the referrer is a traffic channel and only filled if there are not campaign parameters present on the landing page url). So for Analytics you do not need extra work. Traffic channels are automatically in session scope (as a change in channel starts a new session).
If you want to fire a tag conditionally based on the referrer it get's a tad more complicated. GTM does not maintain sessions, and does not, by itself, transfer information between page views. So you need to store the info yourself.
You would use the built-in referrer variable in a trigger that fires a tag if the referrer does not match your own domain. You would use that to fire a custom html tag with a Javascript function that sets a cookie. You then set a cookie with the referrer.
On your thankyou page you use the built-in cookie variable to read your cookie. If the cookie contains a.com or b.com respectively you use that for triggers that fire the appropriate tags (pageview trigger, fire on some pageviews, filter "[your cookie variable] equals a.com" (or b.com)). Since cookies are domain specific this only works when your thankyou page is on the same domain.
I don't think you need to do any configuration for this.
For referral traffic, you can see the acquisition report. It should show up with a source as a.com and b.com.
for reaching the thank you page, I'd suggest you set up goals based on the arrival of the thank you page.
As per my understanding, you want to have cross-domain tracking and want to track below thing:
Page 1of a.com --> Page 2 of a.com --> Page 1 of b.com --> page2 of b.com
By default whenever the domain changes User's GA ID is changed. So for a.com and for b.com GA will treat the same user as different, so by default, you cannot track such things.
To track above scenario GA should consider that the user on both the site is same And to do that GA provides Cross Domain tracking using Linker
https://developers.google.com/analytics/devguides/collection/analyticsjs/linker
I have a site, let's say test.com. This incorporates Google Tag Manager. I have a console for booking, this goes to a different domain. So the form's action is say, bookings.anotherdomain.com.
When the form is submitted, the URL becomes bookings.anotherdomain.com/?_ga=TOKEN. From what I understand, _ga is the new param for all google tracking, all the utm params are stored for it in google's database.
On bookings.anotherdomain.com, for the moment this site is not fully responsive and has a "sniffer" script that redirects to mobile.yetanotherdomain.com. Yes, that's 3 different domains.
The problem is during the redirect from bookings.anotherdomain.com to mobile.yetanotherdomain.com, no GA params are passed. This redirect happens via server side.
I'm wondering if the proper procedure would be to pass the _ga variable?
$ga = '?_ga=' . htmlspecialchars( $_REQUEST['_ga'] );
header('Location: mobile.yetanotherdomain.com/' . $ga );
exit;
Would this be the right way of sending the GA params? I can't use JS for this as I want to keep it a server-side redirect, so that eliminates any GA JS script calls.
The short answer to your question is yes, forward that URL parameter if you can.
It sounds like you're using the analytics.js linker plugin, which is designed to do cross-domain tracking. Analytics.js keeps track of a particular user on a domain by storing a client ID value in a cookie. So, in order for analytics.js to track a particular user when she leaves domain A and goes to domain B, that client ID must be passed somehow. That's what the _ga=TOKEN URL parameter is -- the client ID.
In order for the destination domain to know to check for that _ga URL param, you have to tell your tracking code to expect it. The developer guide I linked to above should explain how to do that.
This site also has some good information on cross-domain tracking:
https://support.google.com/analytics/answer/1034342
I hope that helps; let me know if you want more details.
Once I visit a ecommerce website and then go to some other website, I see the items that I visited on the 1st ecommerce website. I want this technique to be implemented on my website too. What is this technique called and how can I implement this?
Any help would be appreciated.
Poor man single sign on ? The basic technique is quite simple - you have one root cookie domain like 'www.cookie.com'; and cookie like "ID" on that domain.
On your ecommerce page, include javascript, that will check if cookie "LocalID" exists in page; if it doesn't add reference to
<script src="www.cookie.com"></script>
This script will be served by .ashx handler on www.cookie.com domain; with behavior:
1) if no cookie value for "ID" exists, create new "ID" cookie and assign it random guid
2) send back script
3) this script will set cookie "LocalID" to have the same value as the "ID" cookie (handler on www.cookie.com will generate javascript dynamically)
That's pretty much it, you can now relay on LocalID cookie to be unique for the same user (more precisely browser with cookies turned on) across different websites on every ecommerce domain implementing this. Now you just need some persistent storage to which your applications have access to (webservice, database) and use LocalID cookie as key for retrieving/persisting user profile.
I am interested to detect the email client or website a new user of my site is redirected from. For instance, if he was redirected from Gmail.com (by clicking a link in one of his email there) I would like to track that.
If I need to manipulate the links leading to my website somehow I can do that.
I know there is a way to do that cause I have seen many sites and services doing it but I would like to find out how. I can track the user agent but this tells me nothing about the site or email client.
You must use QueryStrings for this purpose. For example the link that sends the user to your site must be like this www.yourwebsite.com/default.aspx?sender="googleMail"
You can get this using the code shown below when your default.aspx page loads
if(Request.QueryString["sender"]!=null)
{
string Sender=Request.QueryString["sender"].ToString();
}
You can set different Querystrings like
www.yourwebsite.com/default.aspx?sender="googleMail"
www.yourwebsite.com/default.aspx?sender="YahooMail"
www.yourwebsite.com/default.aspx?sender="googleAdsense"
There are methods to trace the users Browser, IP address etc. But to trace this you must adopt the above method.