Force SSL on Google Analytics analytics.js load via Google Tag Manager - McMap

About

Force SSL on Google Analytics analytics.js load via Google Tag Manager

Asked 7/2, 2017 at 7:15 Answered 16/2, 2017 at 8:2

Solved google-analytics google-tag-manager universal-analytics

H

1

14

We load Google Analytics (Universal) via Google Tag Manager and I can't find any way to force it to load the analytics.js script itself over SSL; we set forceSSL via the fields to set options, but by the time it applies that it has already loaded the initial script over plain HTTP.

It looks like GTM checks whether it's on an HTTPS URL and then loads GA over HTTP if so, but I'd prefer to force it over HTTPS instead. Is there any way to do this?

Hoyos answered 7/2, 2017 at 7:15 Comment(7)

You can safely request HTTPS content from a page which is accessed over HTTP. That warning will show when accessing HTTP content from an HTTPS page. It's also not relevant to the problem; I'm not the one choosing to access an HTTP resource in this case, Tag Manager is and I'm looking to find a way to force it to do otherwise. – Hoyos 10/2, 2017 at 0:1

Have you tried "always use SSL" in the advanced configuration tab. – Shadrach 12/2, 2017 at 7:28

It doesn't seem exist any more; the current equivalent is setting forceSSL via the fields to set. – Hoyos 13/2, 2017 at 5:10

can we please see a sample of the code? – Did 15/2, 2017 at 22:55

Depending on your needs, one solution would be to use the Custom HTML tag instead and paste in the tracking code from Google Analytics. You can then modify the link directly in the code snippet if necessary. – Memorialize 16/2, 2017 at 0:25

I have many analytics tags for different purposes (page views and multiple types of event tracking, into multiple analytics accounts) so that's a painful option. I'm considering pulling the standard tracking of ours out of GTM and directly via GA instead, as that would make it more simple. – Hoyos 16/2, 2017 at 6:3

@MohammadAli there's no code involved, it's in Google Tag Manager. – Hoyos 16/2, 2017 at 6:3

P

3

Unfortunately, looking at the documentation available at the very bottom paragraph of Google Tag Manager - Dev Guide - Security, it reads:

While most of the tag templates in Google Tag Manager are also protocol relative, it's important to make sure that, when setting up custom tags to fire on secure pages, those tags are also either protocol relative or secure.

I flipped through a GTM profile to see if there were any configuration options exposed, but I didn't see any either. To your statement about using forceSSL, that wouldn't do anything (as you found) because it's setting a configuration in the already-loaded GA script to use for sending the future requests (e.g. pageview and events).

So, I loaded up a page with GTM installed on it with GA and took a look through the logic until I found where Google Analytics is loaded up from. If you'll take a look, we've got a function that's essentially determining whether to load GA up from either HTTP or HTTPS depending on the value of location.protocol as in the below screenshot:

That means that unless you load up the GA tag via a Custom HTML tag, you're not going to be able to change it to explicitly only load from HTTPS. You mention you're considering just hosting GA directly on the page - you're going to be pasting the exact same snippet there as you would in this Custom HTML tag (ensure that it's surrounded by tags or it won't do anything), and if you're already using GTM for something else, there's little reason to leave your vendor logic in multiple places.

So, in a long answer, no, you can't specify that you want to only load Google Analytics via SSL without resorting to using a Custom HTML tag (and then you unfortunately lose a lot of the mapping simplicity of using the GA tag itself).

Porcia answered 16/2, 2017 at 8:2 Comment(2)

Yeah, I looked at the code for loading myself, hence the "It looks like GTM checks whether it's on an HTTPS URL and then loads GA over HTTP if so" in my original question. Loading via a custom HTML tag is a pain but looks like the only way around something that should be very simple :-/ Awarding bounty for the thorough answer. – Hoyos 16/2, 2017 at 21:30

Thank you, but I agree, the solution is far less than ideal, especially for a scenario in which you might want other tags to be forced to be toggled to HTTPS-only as well. – Porcia 16/2, 2017 at 21:44

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.