Using Google Analytics without sending query string data - javascript

We're doing a simple implementation of Google Analytics on our ASP.NET with jQuery/AJAX web, and for most of it we just call _trackPageview and let Google do the rest.
We do a lot of data transfer in query strings, and recently, management became concerned that a lot of our data (such as product numbers) would be sent to Google. Without discussing whether that should be a concern:
Is it possible to use Google Analytics at all without sending the query string to Google's servers? I know how to filter it out from the actual reports, but I'm looking for a way to prevent it from being sent over the wire at all.

Yes, as Litso said, you can send a whatever you want as the pathname for a GA page-view, but you'll want to automate the process with JavaScript.
The following code will take the current URL's pathname (which excludes the query string) and uses it as the pagename value.
_gaq.push(['_trackPageview', location.pathname ]);
Or, conversely, if you're using the old _gat code,
pageTracker._trackPageview(location.pathname);
So, if your URL is http://example.com/path/to/page.html?supersecretinfo, it will get tracked in GA as /path/to/page.html

In stead of automatically tracking the pageview, you can use
pageTracker._trackPageview('/dir/example.html');
You'll have to dynamically strip out the parameters off of the url of each page. I'm not sure how to do that but it's definitely possible with JavaScript.

Related

How to remove javascript code injection from a URL on HubSpot?

One of our clients received a social engineering warning from google. There is nothing hosted on the client's site and all I can assume is that the code is embedded in the URL. How can I stop this and make sure that the URL is not being taken advantage of?
Code below -
http://blog.essentialtech.com[.]au/events/public/v1/track/c/*W42X1Kh4VlKV7W4NDyrQ4Jwqwc0/*W34SKKS4FTw8nW7PlP8S8lBlFP0/5/f18dQhb0SfHC9dsQ84N7cW9rzHyjJqVS9MQR2B872gW3hHhb35zh-NRVnQ9Qq8Z_8m8W328bd38Xl1YFW2Mk5st5mZ50NMH5sdmJ4m23N8_dF8cJVPWRW4c2Tyb6d_m0TVHG2xy2R1bM2W2N6lzq4cj1_jW2pzD7d2MTPSyVKng6q1Wg4bjW58jf-C34RCjxW2p2f452LHP4rW5x5KNk7-XB_5N4Qzp5DMBCsfW7pKMHF2K4XMjW8tzC3F8q-1tCN1KKm4vRFkK4W5G18Kh3y9KYQN3dgtM7YrDrqW5hfJ425v5Cb1W8x-WCY3tg8kZN6p6WGsDLwCnW5BLL855GJB9nW5lW2Zn30_g8xW5kXBFn6n161-W38SQwr2Yy7gbW8Knjr38f7c2WW5rTvwF42SsX8W5nLxq_8r0-2RW30v4M38wyznpN3Gyjm6BNxmYW3gfMK48j556ZN8q1-LpjGXPKN64V3lHJRhw9VcZLWR86l4pCW8yq-Kr3rJTdsN5d_Q0Zj8tbNW480YZF3psJYWW8l-5SS6S8BxvW2RLxLy7X8G2fW5SdKBQ8s1s46W32wFFH1NsfDKSqhY367YLr102?_ud=617a5272-4c86-4d80-987a-d62228fd4f5e
This could be referring to a situation where in your code you're directly outputting the value of a query parameter or URL part in your page itself.
HubSpot has some automatic protections to prevent that kind of code injection, but there's still some best practices you should follow regardless of what CMS platform you're using.
Never trust query parameters as having only valid data. Never directly output it on the page. You can use HubL filters such as |escape and |striptags to remove potentially harmful code in the event you do need to display the value in the page.
An example of a time you might do that might be for a search results page, where you show "Search results for :"

Google Analytics (not with Tag manager), send page view with hashed URL and AJAX, SPA type web app

We have a web application (AJAX/SPA type) that I did not build but need to track analytics on. The URLs are not very nice or symantic and they are ran via Ajax in most cases. I don't really have control over what gets generated.
What I want to do is on an onClick, a function is called so I can track the "pageview" of the Ajaxed called page.
The URL format that gets generated in the address bar is something like this:
https://subdomain.mysite.com/subpage/myfoopage.html#details=ecatalogue.54321
https://subdomain.mysite.com/subpage/mybarpage.html#details=ecatalogue.12345
Given that the URL has a hash AND a period in it, I have NO idea how this will show up in Analytics and before I go sending "sends" to my analytics dashboard, I thought I would reach out for some advice. Thank you in advance.
My current code I was thinking of using would be the ga set and ga send.
But given the hash, I an wondering if I should use window.location.href to send it all or do I have to modify the URL before sning it to Analytics.
So currently, simply using jQuery for simplicity sake:
$(".somelink").on('click', function(){
//let the hash load
setTimeout(function(){
var myPath = window.location.href; //https://subdomain.mysite.com/subpage/myfoopage.html#details=ecatalogue.54321
ga('set', 'page', myPath);
ga('send', 'pageview');
},2000);
});
Would the path in full get sent with the hash and the period or would it add a special "+" character or something or do I need to so some string parsing to get rid of the hash and the period in the location path??
Thanks in advance.
If you don't want to send the hash and anything after it, you may should remove it from the path string using split method or whatever like this.
The best way to test it is configuring a "development" property in GA and send the data to it. After your validation you can change the property id to the production one.
The hash will come through. Using your example of:
https://subdomain.mysite.com/subpage/myfoopage.html#details=ecatalogue.54321
In GA it will show up like so:
/https://subdomain.mysite.com/subpage/myfoopage.html#details=ecatalogue.54321
With the additional / in front, since you're only supposed to send the page path.
So I recommend you parse out the hostname and protocol from it.

How to programmatically get campaign/source/medium for current Visit in Google Analytics

I'd like to know how active are the users depending on the source/medium/campaign of the traffic they came from before sign up. I'm hitting wall when trying to get campaign/source/medium for the current visit from Google Analytics tracker in JS.
I found this tracker.get() method: https://developers.google.com/analytics/devguides/collection/analyticsjs/method-reference#get but they don't specify what are the possible values for 'fieldName'. I inspected the tracker object in Firebug and found out the screen attached screen grab:
Are these the only fields that I can query? Is reading any of the campaign fields possible? I understand that GA intends to be anonymous, but I figured this information is not really a secret...
If I can't retrieve this information from GA tracker, how would you approach this question? Should I set my own cookie whenever there's a visit with utm_ parameters and then read it if the visitor chooses to sign up?
I'm aware of this response: How do I extract Google Analytics campaign data from their cookie with Javascript? but a comment says parsing a cookie won't work for AdWords traffic..
I had to do something similar for a project. You need to think outside of the box to get this working. This will only work for cases where you put the campagn information in the url, for tagged url's.
1) On every page add server side code(php, asp .net) to parse the querystring and save the campagn/source/medium from the url in a session(or cookie)
2) Retrieve this information where you need it and process it.
You indeed need some custom javascript in order to achieve this.
I created an open source project for this that addresses the need quite simply:
https://github.com/ilkkapeltola/visitdata
Once you include the javascript library, you can call visitdata.get() and it'll return an object with things such as source, medium etc.

Google Analytics Site Search

I use following sample URL pattern to search pattern on my web site.
http://www.mysite.com/search/someword
No query strings, just clean URL..
How can set this URL to google analytics site search system?
In theory, you should be able to create a profile filter to convert the URLs to use a query string. In practice, it turns out it's not possible, because Site Search gets processed before filters get processed.
Instead, what I've found that works is to just manipulate it in JavaScript so that you "fake" a query string directly from the browser.
Something like:
if(!location.pathname.match(/^\/search/)){
_gaq.push(["_trackPageview"]);
}
else{
_gaq.push(["_trackPageview", location.pathname.replace("/search/","/search?q=")]);
}
This would "fake" a query string with a key of q that you could then easily use the Site Search feature with.

how to cross direct user with google analytics

After a user fills in my "new" user form on "example-one.com", the "create" controller creates the record in the db. Then it does a redirect_to to an external site "payment-checkout.com". I have setup the Google Analytics code on both sites.
Google provides two functions _link and _linkByPost for use to use in any links or forms that go to your external domains. The problem is the user is being redirected by the controller action outside of the view and I cant use those two javascript functions to pass on the relevent G.A. info - what do i do?
Can anyone help?
The way _link works is by passing the Google Analytics cookies from your first domain via a query string to your second domain. The second domain, if configured correctly, will accept those URL parameters and apply them as cookie values for the purposes of tracking.
So, it shouldn't be difficult for you to apply your own version of the _link function.
Specifically, the _link function passes the following cookies:
__utma, __utmb, __utmc, __utmx, __utmz, __utmv and __utmk
Into a query string as such: ?__utma=87278922.614105561.1288923931.1294376393.1298325957.6&__utmb=87278922.1.10.1298325957&__utmc=87278922&__utmx=-&__utmz=87278922.1288923931.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=-&__utmk=72493274
So, all you need to do to replicate the _link function is, before you apply the server side redirect, grab the cookie values, and apply them as a query string on the URL you're redirecting to.
Now, that's not the only thing you'll need to do to get this working. The Google Analytics configuration on the payment site will need to be configured with _setAllowLinker set to true, as well as potentially disabling the domain hash and setting a particular domain name for the tracking cookies; it depends on your configuration. You can find out more about that in Google Analytics Cross Domain Tracking Guide.
#yc's approach looks like the best bet but if that doesn't work, I would suggest having your controller redirect the user to a "temp" page on your site itself and show some text like "Checking out....Please wait..." and using Javascript trigger the call to the "_link" function to redirect the user to the "payment-checkout.com" (again using Javascript).
I assume you're also tracking the page the user returns to and want to measure how many users you lose in the process in between?
My knowledge of the Google Analytics API is fairly limited, so maybe there's a better solution, but you could consider rendering a page containing the GA code and triggering the _link() function from there?
It might also be possible to perform an AJAX call on submitting the form (maybe using remote_form_for) and handling the GA redirect in an RJS-response:
page << "_gaq.push(['_link', 'http://example.com/test.html']);"
However, I'm not sure how well that would fit into your application.

Categories