Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How does Google Analytics restrict domains?

My understanding of cross-domain restrictions is that you can't verify which domain is loading your content using javascript or iframes. How, then, does Google know what incoming data is coming from users accessing the real domain? If someone uses my GA embed code on a different site, how does google know the difference?

like image 819
Citizen Avatar asked Jan 17 '12 18:01

Citizen


2 Answers

Google Analytics, in its default behavior, does not differentiate or validate the source of the data.

If someone were to maliciously put your GA account ID on their site, you'd get their data transmitted back to your account as if you'd put it on your site yourself.

However, by default, ga.js will append a hostname, from location.hostname, to the tracking data and have it available as a dimension. So, any traffic sent from foreign hostnames could be tracked, managed and segmented out.

If this becomes an issue, you could configure a Google Analytics filter to either exclude traffic from specific malicious domains, or include traffic to your specific domains.

This is very rarely an issue that comes up for people.

like image 52
Yahel Avatar answered Oct 03 '22 15:10

Yahel


The GA JavaScript (and any other JS you embed on your page) has access to the location object which contains the full url, domain, etc.

like image 22
ThiefMaster Avatar answered Oct 03 '22 14:10

ThiefMaster