Practical Ecommerce

Google Analytics’ Security Warnings

The subject of security warnings with Google Analytics is one that has been frequently brought up by our readers, and was something that I ran into when I launched an earlier Practical eCommerce website. The issue is that occasionally someone will install Google Analytics on their site only to find that users are getting errors about “both secure and unsecure” information on the page. Whether you understand that or not, it is not conducive to making an online sale.

Install the Tracking Code

When installing Google Analytics, someone needs to place two small pieces of JavaScript code on each page of the site they want to track. The first downloads a library of JavaScript functions that are used, and the second contains unique information about your Google account and calls some tracking functions. The error is generated by the first script, which accesses the server “Google-analytics.com” for the JavaScript library. You will notice that this server is not secure, and is the one to blame for security warnings.

Luckily, the solution is quite simple. For the pages on your site that are secured by an SSL certificate, you need to place a different piece of code to install Google Analytics. You can get the correct piece of code for your account by logging in to your Google Analytics account, and selecting “edit” next to the website profile that you want to use. Choose to edit the URL at the top of that page, and replace the “http://” with “https://”, which will tell Analytics your site is secure. Save the changes and click “account status” for that website profile to get the new JavaScript code to install on secure pages only.

Notice that the server the browser now gets the JavaScript library from is “ssl.google-analytics.com” and the secure pages no longer generate a security warning.

Brian Getting

Brian Getting

Bio   •   RSS Feed


email-news-env

Sign up for our email newsletter

Comments ( 9 )

  1. Legacy User February 8, 2007 Reply

    Just change the reference to the script to "//{url}" instead of "http://{url}" and youre set for both http and https pages…

    — *Ryan*

  2. Legacy User April 5, 2007 Reply

    From the Analytics support page, this is the proper solution:

    change "http://www" to "https://ssl"

    — *Mel*

  3. Legacy User April 5, 2007 Reply

    Both these solutions lead to a JavaScript error for me.

    — *Mel*

  4. Legacy User June 5, 2007 Reply

    Once you have signed into google analytics go to the http://www.google.com/support/analytics/bin/answer.py?answer=31846&topic=7175 page

    — *Pete*

  5. Legacy User July 31, 2007 Reply

    After I changed my website url to https and got the ssl script… Do I have to change it into original form (http://) or leave it as it is?

    — *rod*

  6. Legacy User August 16, 2007 Reply

    I don't know if this is new, but when you add the website for Google Analytics, you can select whether your website is http:// or https://

    You get the correct js code to add depending on what you select.

    — *Lalit Mehta*

  7. Legacy User December 7, 2007 Reply

    Mel's response above worked!!!

    Change the reference to the javascript include from "http://www." to "https://ssl."

    — *John*

  8. Legacy User April 2, 2008 Reply
  9. Legacy User June 3, 2008 Reply

    If you have a common footer for all your pages, you can use javascript to dynamically sense the protocol (http: or https:) and switch to the proper include file:

    var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
    document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));

    — *hatch*