Google Analytics and SSL Connections

February 28, 2006 · by Brian Getting

This was an interesting one that we ran across today. We had received a few communications from people saying that our subscription form was not secure. Of course, this worried me so I immediately began to see what could be causing this. The answer might help someone else having the same problem.

When it comes to a secure form, it always was. This refers to the personal information being sent between browser and server. But there is a problem if you run Windows. Since many vulnerabilities have been found in Windows where an image file (.jpg, .gif) can be used to send malicious code, the browser will tell someone that "this page contains both secure and non-secure items" if any images or resources for a web page are coming from an insecure source (http instead of https). At first I was baffled because all of the resources were coming from our secure server. Then I realized that Google Analytics was causing the problem.

It turned out that I had the same piece of Google Analytics code in the secure pages. Apparently Google has a different server that deals with handling Analytics data from secure sites. All I had to do was fix this, and here are the steps:

1. Log in to your Google Analytics account and select edit next to the website profile that you want to use.
2. Choose to edit the website URL at the top of the page. Replace it with the url to your secure site (usually just change http:// to https://).
3. Save the changes, and the select Check Status for that account to get the new Analytics code that needs to be put into your secure documents.

You will notice that instead of pulling a script from google-analytics.com it will pull from ssl.google-analytics.com, and it will be doing it over a secure connection. This solved our problem with alerts on Windows machines.

In case anyone cares, the alert "this page contains both secure and non-secure items" is displayed on Internet Explorer on Windows. Firefox will display a lock with a slash through it on Windows. Mac browsers will simply show the page as secure since they are not susceptible to attacks using images and such.

Category: Developers' Corner | Tags: google, analytics, Microsoft Windows

0 Comments

Sign in to leave a comment...

Share your opinion.

Username:*

Password*

Keep me logged in for 2 weeks.

Lost Your Password? | Don't Have An Account?

Facebook user?

You can sign in with
your Facebook account.