78

I'm building a web app and using Google Analytics (analytics.js) for analytics. I recently noticed that analytics aren't working properly in Chrome.

I'm loading analytics using the standard code snippet in a separate module and included via requirejs. I've verified that this script runs as expected and executes the analytics snippet.

When I inspect network traffic in Firefox, I can see that the analytics script is loaded from Google as expected (HTTP 200 response):

enter image description here

However, when I run the exact same page in Chrome, I get an HTTP 307 response pointing to about:blank, and analytics does not run:

enter image description here

However, if I paste the analytics URL directly into the Chrome address bar, the script is found. Any ideas what's going on here, or how to fix it?

Benj
  • 1,853
  • 4
  • 18
  • 27

3 Answers3

190

307 Internal Redirect with Non-Authorative-Reason: Delegate indicates that the request was intercepted and modified (redirected) by a Chrome extension via the webRequest or declarative webRequest extension APIs.

You can find out which extension triggered the redirect as follows:

  1. Visit chrome://net-internals/#events
  2. Trigger the request (google analytics, in your case).
  3. Go back to the chrome://net-internals/#events tab and look for a URL_REQUEST matching your request (you can use the searchbox to filter the search).
  4. Click on the entry to show the log at the right side. You will see the extension name, extension ID and other information about the request:
t=7910 [st=0] +REQUEST_ALIVE  [dt=6]
t=7910 [st=0]   +URL_REQUEST_DELEGATE  [dt=5]
t=7910 [st=0]      DELEGATE_INFO  [dt=5]
                   --> delegate_info = "extension [Name of extension]"
t=7915 [st=5]      CHROME_EXTENSION_REDIRECTED_REQUEST
                   --> extension_id = "ebmlimjkpnhckbaejoagnjlgcdhdnjlb"
t=7915 [st=5]   -URL_REQUEST_DELEGATE
t=7915 [st=5]   +URL_REQUEST_START_JOB  [dt=1]
                 --> load_flags = 339804160 (BYPASS_DATA_REDUCTION_PROXY | MAYBE_USER_GESTURE | REPORT_RAW_HEADERS | VERIFY_EV_CERT)
                 --> method = "GET"
                 --> priority = "LOW"
                 --> url = "https://www.google-analytics.com/analytics.js"
t=7915 [st=5]      URL_REQUEST_REDIRECT_JOB
                   --> reason = "Delegate"
t=7915 [st=5]      URL_REQUEST_FAKE_RESPONSE_HEADERS_CREATED
                   --> HTTP/1.1 307 Internal Redirect
                       Location: about:blank
                       Non-Authoritative-Reason: Delegate

In this log sample, an extension with name "[Name of extension]" and extension ID "ebmlimjkpnhckbaejoagnjlgcdhdnjlb" redirected the request. After finding the extension name and/or ID, you can visit chrome://extensions and disable or remove the extension that modified the request.

Rob W
  • 341,306
  • 83
  • 791
  • 678
  • 21
    Brillant. I had no idea this analysis was possible. Turned out to be an extension to (....drum roll, please...) block analytics. Which was doing exactly what it's supposed to... – Benj Jan 14 '15 at 18:46
  • This is incredible. Thank you rob! I see that Adblock is in a similar location to your posted snippet for me. What does it mean if I don't see any obvious signs in incognito mode? We go from `REQUEST ALIVE`, `URL_REQUEST_DELEGATE` (no + / details, dt=0), straight to the start job / redirect job. Either way, thanks for this heavy insight! – Yuji 'Tomita' Tomita Aug 26 '15 at 00:11
  • @Yuji Could you share a part of your log, explain what happens and state what you expected instead? – Rob W Aug 26 '15 at 06:52
  • 1
    @RobW https://gist.github.com/anonymous/4baaf62bcaff2360eb6d -- the expected behavior is not have a 307 redirect but a 200 code and direct download of the asset. It's an http site, and all assets from `cdn.shopify.com` are converting to HTTPS. I don't see any `DELEGATE_INFO` and such. Thank you sir! – Yuji 'Tomita' Tomita Aug 26 '15 at 19:52
  • 3
    @Yuji "Non-Authoritative-Reason: HSTS". The redirect is caused by HTTP Strict Transport Security. You're requesting a http page, but previously the website announced that all requests have to be made over https, so Chrome (internally) rewrites the http request to a https request. – Rob W Aug 26 '15 at 20:14
  • @RobW How does a website set such a parameter? Protocol relative URLs from the HTTP pages are returning 307s to HTTPS versions, on chrome only. I've disabled my extensions and used incognito - same issues. The site in question is `jackerwin.com`. Very interesting. Apologies - I think this is one too many comments that should be SO questions. – Yuji 'Tomita' Tomita Aug 26 '15 at 21:36
  • 1
    @Yuji'Tomita'Tomita See https://www.chromium.org/hsts and https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security. If you want to stop Chrome from redirecting, remove the site from the HSTS list at chrome://net-internals/#hsts (the redirect will happen again once you visit the site at least once over https and the https site replies with HSTS headers). – Rob W Aug 26 '15 at 21:47
  • Thanks for this. I has a plugin (unknowingly) auto installed from a DLP playing with my traffic and breaking some longer running http connections. – turtlemonvh Aug 31 '15 at 19:26
  • 1
    I had this problem and this post let me to realize that it was the Disconnect plugin in Chrome! Well, duh! Gotta love when you are your own worst enemy! – Arian Kulp Dec 16 '15 at 00:37
  • I am having the same problem and went as per the instructions and disabled the plugin but the problem still persists. Any leads ? – SANGEET MANGHNANI Mar 29 '16 at 13:21
  • Thank you. In my case it was the ScriptSafe Chrome extension and it was driving me nuts! – Gabriel Hautclocq Jun 06 '18 at 08:00
  • excellent answer - thank you as an update for 2022 - use chrome://net-export/ instead of the discontinued chrome://net-internals – Bernhard Riegler Nov 21 '22 at 11:10
8

In my case, the reason for the 307 redirect was more prosaic. Out of habit of using protocol-relative URLs, I've removed the protocol from the URL in the embedding script of the Google Universal Analytics, changing https://www.google-analytics.com/analytics.js to //www.google-analytics.com/analytics.js.

For example (don't try this at home):

(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

This is inadvisable since Google apparently serves the script and tracking requests only over https. So removing the protocol causes a redirect both when first embedding the script as well as in any(!) subsequent tracking request. In addition, as stated by Paul Irish in an update to his canonical post about protocol-relative URLs, this technique is no longer encouraged or indeed has merit:

Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.

Boaz
  • 19,892
  • 8
  • 62
  • 70
4

In my case, I have UBlock Origin activated on my browser. Once disconnected or site authorised, the internal redirections have stopped

John D.
  • 41
  • 1