Web Analytics: Identifying referral traffic from sites on HTTPS


As Google, Facebook, Twitter, and other sites implement https the referral data in analytics tools is becoming less accurate, e.g. HTTPS traffic comes with a blank referer and appears as direct traffic.

How big of an issue is this for you as a business owner or marketer and how do you work around this issue? Does anyone have any insight into how companies in analytics space are dealing with this issue and if there is any hope?

p.s. I got a spike in "direct" traffic the other day against seasonal pattern and it's really annoying to not be able to tell where the extra clicks came from.

EDIT: Yes, I understand that HTTP_REFERER is what's missing and understand the technical limitations. Since we (site owners) can't make big sites pass extra info to us via URL parameters I was wondering how others are dealing with this.


asked Mar 29 '12 at 07:27
2,835 points
  • I didn't know about this! I'm glad you said something, or it may have been a long time before I even realized what was going on. Have you ever considered switching to HTTPS yourself? It appears, from what I've seen, that if you do this, you'd get the referring URL again, though I'm not certain... – rbwhitaker 12 years ago
  • Yes, switching to https would actually make the http_referer info available (just tested and confirmed), not a bad idea for those sites that already have ssl and run a part of the site on https. – Webbie 12 years ago

4 Answers


The analytics and statistics package look at something called the HTTP_REFERRER, and that is passed from page to page as you click around a site or to other websites. Every page loaded there is a field passed HTTP_REFERRER of the page prior.

However, this field is not passed when the user is on a secure https site and goes to another website or goes to a page on the same site that is not https.

It's a big pain in the but in the analytics industry right now and has some of my custom 'conversion' metrics all messed up.

The only solution to this is if Google passes some new field in the URL in the future when they pass the visitor to your site like they do with Adwords. I'm not sure if Google will do that though.

answered Mar 29 '12 at 10:54
Ryan Doom
5,472 points
  • I looked at my data closer and noticed a page in top visited list that had a parameter with facebook reference, so it seems there might be a way to detect it, it's just Google wouldn't act on it. Google Analytics is still a free product, so they have no pressure to improve analytics, especially if it helps validate traffic from sites like Facebook. – Webbie 12 years ago


A simple solution--depending on how much say you have over the site--is to start using SSL on the site you're tracking. HTTPS -> HTTPS referrals do get properly attributed. SSL certs cost as low as $10 a year, so it's a cheap solution.

answered Mar 22 '14 at 03:28
11 points


The issue is not HTTPS, the issue is referral URL.
There's no way around it, because you only have HTTP_REFERER when the user gets to your page and that's what Analytics packages use.
Cookies will also not work here since it's a different domain.

answered Mar 29 '12 at 10:06
970 points


This is somewhat outside the control of the receiving website. Your best bet is to go https on your website and then the referrer header will be passed along as normal from both http and https websites.

If you're running on https and want your outbound links to include a referrer on http sites then it gets tricky.

Facebook is using https and is getting around the issue by using some sort of redirect via a server running http. From a zdnet.com article :

"Although Facebook are allowing https, they are also now running
referrals through a non-https redirect which allows us to track all
the referrals," a StatCounter spokesperson said in a statement.
"Essentially instead of a user clicking a link and going from
https://facebook.com to a third party site, the user goes from
https://facebook.com to http://facebook.com to the third party site. As the
user is NOT going directly from a https site to a third party, the
referral can be tracked."

I'm not exactly sure how they are implementing this but I'm keen to find out for my own https site.

It might also be possible to add utm_source, utm_medium and utm_campaign parameters to all outbound links from your https website so that receiving website can use google analytics to extract the referrer from these values.

answered Apr 17 '13 at 14:03
101 points

Your Answer

  • Bold
  • Italic
  • • Bullets
  • 1. Numbers
  • Quote
Not the answer you're looking for? Ask your own question or browse other questions in these topics: