ShopSite Tip: Universal Analytics Tracking and Shared SSL

Are you currently using or planning to use Universal Analytics to track e-commerce transactions in your ShopSite store?  Is your store also configured to use a shared SSL certificate during checkout?  If you have answered yes to both, you’ll want to keep reading.

If you are unsure on the SSL question, here is a quick method for verifying whether your store is configured to use a shared or private SSL certificate.

In any web browser, go to your site and add an item to your cart.  Next, proceed to checkout and note the web address in the address bar of the browser (the web address should begin with “https://”).

  • If your store is using a shared SSL certificate, the domain in the address bar (on the checkout page) will not match your domain name. For LexiConn hosted clients, the shared SSL domain is
  • If your store is using a private SSL certificate,  the domain in the address bar will match your domain name.  In this case, the issues we’ll be discussing below do not apply to your store :)


A Little Background

3542294246_0f5de61b48_oUniversal Analytics uses sessions and cookies to track visitors on your site.  Session data includes referer, location, user-agent, etc… and is stored on Google’s servers.  This session data is associated with a client ID, which is contained in the users cookie (stored locally on their device).  When everything is working correctly, activity for each visitor on your site is tracked in a single session.  In this way, merchants are able to research visitor behavior from the point of entry through conversion (or bounce/exit).


The Problem Areas

The first issue is related to cookies.  By default, cookies are not permitted to share information across domains.   In other words, the cookie associated with is not automatically available to the cookie created for the shared SSL domain (e.g.  To allow the data to be shared, Google provides a mechanism in their tracking code, referred to as linker.  The linker code is necessary in order for Google to obtain the ClientID when a customer accesses a secure page on the site (e.g. checkout. customer registration, etc…).

For ShopSite merchants using the built-in Universal Analytics feature, linker is automatically included in the tracking snippet :)

If you are not using the built-in Universal Analytics feature, it is necessary to include the linker code manually.  We have a tutorial available in our forum to assist merchants with adding the necessary tracking code:

The second and third issues are related to sessions.  When a visitor reaches the checkout page (or any secure page), a new cookie is created for the shared SSL domain (e.g.  If Universal Analytics is not properly configured, Google will see the store domain (e.g. as the referer and start a new tracking session.  When this happens, the original referral information (along with other critical user data) is left in the original session.  If the visitor completes a transaction on the site, there will not be any data associated to that transaction prior to the visitor accessing checkout.  This will have a direct impact on analytics reporting, especially referral data on acquisition reports.

Here is an example showing a visitor split between two analytics sessions.  As you can see, the traffic source for the transaction is reported as direct (none), even though the visitor was referred to the site via an organic Google Search.   Obviously, this leaves merchants with limited means to analyze traffic sources for conversions.

(click to enlarge)

(click to enlarge)

When configured properly, the e-commerce transaction is associated to the original referer and reflected as such in traffic acquisition reports (Acquisition -> All Traffic):

(click to enlarge)

(click to enlarge)


For ShopSite merchants, there may be two culprits in play…

1.  Missing entries in Google’s Referral Exclusion list.

Google uses the Referral Exclusion list to determine which domains should be ignored as referrers.  Excluding your own domain, shared SSL domain and any external payment gateway domains ensures a new ClientID is not created when customers access a secure URL or temporarily leave the site to make a payment.

When a Universal Analytics account is created, Google automatically adds your domain to the Referral Exclusion list.  The same is not always true for accounts which have been upgraded to Universal Analytics.  It is best to review the entries to ensure all necessary domains are included.

ShopSite merchants hosted with LexiConn should have the following domains listed in the referral exclusion list:

  • (this is the shared SSL domain)
  • (if using PayPal Express)

This article from Google provides instructions for updating the Referral Exclusion list:

2.  A bug in ShopSite v12 which prevents the session from tracking correctly across domains.

This has been fixed in the latest release (12 sp1) which is now available.


photo credit

Leave a Reply