Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set "secure" attribute of the cookies used by Google Analytics Global Site Tag (gtag.js)?

Tags:

google-analytics

gtag.js

I'm using Google Analytics Global Site Tag (gtag.js) tracking code on my Github Pages. The following tracking code is copy-and-pasted as the first item into the <HEAD> of every webpage I want to track (I replaced my own tracking ID with GA_MEASUREMENT_ID):

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'GA_MEASUREMENT_ID');
</script>

Recently, when I open my Github Pages site with Firefox browser, the console logs the following warning messages:

Cookie “_ga” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Cookie “_gid” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

How can I fix this issue?

like image 569
Gorisanson Avatar asked Jun 25 '20 06:06

Gorisanson

2 Answers

The gtag.js cookie settings can be customized. Specifically, we can set cookie_flags field to solve the issue.

In the tracking code, the line

gtag('config', 'GA_MEASUREMENT_ID');

should be changed to

gtag('config', 'GA_MEASUREMENT_ID', { cookie_flags: 'SameSite=None;Secure' });

to fix the issue.

So the whole tracking code should be the following (Don't forget to replace the two occurrences of GA_MEASUREMENT_ID with your own tracking ID):

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'GA_MEASUREMENT_ID', { cookie_flags: 'SameSite=None;Secure' });
</script>

UPDATE (Thanks to @RichDeBourke for the comment):

The console can still log a warning message like the following:

Cookie “_ga” has been rejected for invalid domain.

To fix the issue, cookie domain of gtag.js needs to be configured. So the line mentioned in the original answer

gtag('config', 'GA_MEASUREMENT_ID', { cookie_flags: 'SameSite=None;Secure' });

should be further edited to

gtag('config', 'GA_MEASUREMENT_ID', {
  cookie_domain: 'YOUR_GITHUB_PAGES_DOMAIN',
  cookie_flags: 'SameSite=None;Secure',
});

Then, the whole tracking code is the following (Don't forget to replace YOUR_GITHUB_PAGES_DOMAIN with your own GitHub pages domain (which is, typically, <username>.github.io where <username> is your actual GitHub user name) and the two occurrences of GA_MEASUREMENT_ID with your own tracking ID):

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'GA_MEASUREMENT_ID', {
    cookie_domain: 'YOUR_GITHUB_PAGES_DOMAIN',
    cookie_flags: 'SameSite=None;Secure',
  });
</script>
like image 70
Gorisanson Avatar answered Oct 05 '22 11:10

Gorisanson

I just set up a Google Analytics 4 property, and was getting the same warning in Firefox console as in the original question:

Cookie “_ga” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. ...

But adding the cookie_flags as an option to the gtag('config', ...) invoke was not working for me.

Browser cookie storage revealed that the GA cookies were indeed not being stored with as secure.

I was able to fix the problem by adding an additional gtag('set', ...), like so:

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('set', {cookie_flags: 'SameSite=None;Secure'});
  gtag('config', 'GA_MEASUREMENT_ID');
</script>

Perhaps something has changed with Google Analytics API?

The Google Documentation seems to indicate that set is how you should be passing cookie_flags.

like image 32
Andrew Avatar answered Oct 05 '22 12:10

Andrew
Sign in to Comment

Related questions

How to trigger Google Analytics from code?
How do you troubleshot google analytics code?
Find segment ID in Google analytics?
How to track click events with google analytics
Angulartics GA events not getting tracked
Google analytics on my React app with firebase SDK
Google Analytics custom variable not getting set
Format event_date and event_timestamp Big query while querying data in custom query
Tracking offline event with Google Analytics
Google Analytics with Firebase
gtag not sending custom dimensions for events
iOS : Google Analytics User Timing report is not updated in my Google Analytics Account
How to set the Google Analytics cookie only after another consent cookie is set and "true"?
Tracking Site Activity (Google Analytics) using Backbone
Google Analytics - Can I put script in footer?
Google Analytics Log Level
Disable Google Analytics in iOS simulator
Google Analytics filter not working
google analytics api query a specific url
Filtering results from Google Analytics Reporting API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!