3

When Google Analytics sends data from an http page, it starts out as an http request like so:

http://www.google-analytics.com/collect?payload-data-goes-here

But this causes a 307 status code (Internal Redirect) due to HTTP Strict Transport Security (HSTS), and this redirect is the https version of the exact same URL.

How do I force Google Analytics to only send one https request from an http page?

budi
  • 6,351
  • 10
  • 55
  • 80

1 Answers1

9

The solution is to use ForceSSL. This forces Google Analytics to always send the data via https.

analytics.js

ga('set', 'forceSSL', true);

By default, tracking beacons sent from https pages will be sent using https while beacons sent from http pages will be sent using http. Setting forceSSL to true will force http pages to also send all beacons using https.

https://developers.google.com/analytics/devguides/collection/analyticsjs/field-reference#forceSSL

Example:

<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-XXXXX-Y', 'auto');
ga('set', 'forceSSL', true); // <---------------------------- add this!
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->

ga.js (legacy)

_gaq.push(['_gat._forceSSL']);

Configures Google Analytics to send all hits using SSL, even from insecure (HTTP) pages.

https://developers.google.com/analytics/devguides/collection/gajs/methods/gaJSApi_gat#_forcessl

Example (async):

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-XXXXX-X']);
  _gaq.push(['_gat._forceSSL']); // <------------------------ add this!
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

Example (traditional .js snippet):

var pageTracker = _gat._getTracker("UA-XXXXX-X");
_gat._forceSSL(); // <---------------------------------------- add this!
pageTracker._trackPageview();
budi
  • 6,351
  • 10
  • 55
  • 80