Google Analytics features an 'In-Page Analytics' view to show click-through rates and other information directly on your own website. I'm looking to build something similar that logs all clicks.
The problem is I'm not really sure how Google implement their In-Page Analytics views - they seem to use an iframe, or two, and have injected their own HTML and JavaScript onto other pages.
How would one go about doing such a thing - are iframes the best way to go? How would you avoid the same-origin security policies of Javascript if domainX is trying to manipulate the rendering of domainY?
What is In-Page Analytics. In-Page Analytics is a Google Chrome extension that lets you see some parts of your Google Analytics data right there on your website, no need to go to Google Analytics.
To setup the tool simply: Download the Chrome extension and enable the extension by clicking on the button in your toolbar. Make sure you are signed-in with the relevant Google Analytics account with a profile for the site you want to review. Load up the page you want to review clicks for into your browser.
A pageview is defined as a view of a page on your site that is being tracked by the Analytics tracking code. If a user clicks reload after reaching the page, this is counted as an additional pageview. If a user navigates to a different page and then returns to the original page, a second pageview is recorded as well.
The first thing you need to do is open up Google Analytics, and then go to the behavior tab. In the behavior tab, click on the site content, then content drilldown tab. Then, you simply need to click the search icon in the bar, and you will be greeted with analytics specific to that individual page/post.
This is a very interesting question. You're right, the same origin policy forbids injecting JS. But Google Analytics has an advantage: it already is in your site (the tracker code).
So here is how it works (as far as I can see):
So I guess the bottom line is this: Things like in-page analytics can be done if the site's owner has already trusted you by adding a script you control to his website (this is a good example why one should be very careful before doing such a thing). If you don't have that kind of access to the site, it might be impossible to bypass the same-origin policy - at least, I can't think of another way to do it (except maybe proxying all the requests through your sever, but that leads to other major problems).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With