Google Analytics' Security Warnings
The subject of security warnings with Google Analytics is one that has been frequently brought up by our readers, and was something that I ran into when I launched an earlier Practical eCommerce website. The issue is that occasionally someone will install Google Analytics on their site only to find that users are getting errors about "both secure and unsecure" information on the page. Whether you understand that or not, it is not conducive to making an online sale.
Install the tracking code
When installing Google Analytics, someone needs to place two small pieces of JavaScript code on each page of the site they want to track. The first downloads a library of JavaScript functions that are used, and the second contains unique information about your Google account and calls some tracking functions. The error is generated by the first script, which accesses the server "Google-analytics.com" for the JavaScript library. You will notice that this server is not secure, and is the one to blame for security warnings.
Luckily, the solution is quite simple. For the pages on your site that are secured by an SSL certificate, you need to place a different piece of code to install Google Analytics. You can get the correct piece of code for your account by logging in to your Google Analytics account, and selecting "edit" next to the website profile that you want to use. Choose to edit the URL at the top of that page, and replace the "http://" with "https://", which will tell Analytics your site is secure. Save the changes and click "account status" for that website profile to get the new JavaScript code to install on secure pages only.
Notice that the server the browser now gets the JavaScript library from is "ssl.google-analytics.com" and the secure pages no longer generate a security warning.
This article is filed under Design & Development and has the following keyword tags: analytics, security.
9 Comments
Legacy User says:
Just change the reference to the script to "//{url}" instead of "http://{url}" and youre set for both http and https pages...
-- Ryan
Legacy User says:
From the Analytics support page, this is the proper solution:
change "http://www" to "https://ssl"
-- Mel
Legacy User says:
Once you have signed into google analytics go to the http://www.google.com/support/analytics/bin/answer.py?answer=31846&topic=7175 page
-- Pete
Legacy User says:
After I changed my website url to https and got the ssl script... Do I have to change it into original form (http://) or leave it as it is?
-- rod
Legacy User says:
I don't know if this is new, but when you add the website for Google Analytics, you can select whether your website is http:// or https://
You get the correct js code to add depending on what you select.
-- Lalit Mehta
Legacy User says:
Mel's response above worked!!!
Change the reference to the javascript include from "http://www." to "https://ssl."
-- John
Legacy User says:
http://www.google.com/support/analytics/bin/answer.py?hl=en&answer=55483
-- Sergiy Lavryk
Legacy User says:
If you have a common footer for all your pages, you can use javascript to dynamically sense the protocol (http: or https:) and switch to the proper include file:
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
-- hatch
