5

Over the past few weeks I've realised that the conversion tracking in Google Analytics of a website we built and maintain has been off by about 20% - 40% each day.

When testing in any browser but Firefox, everything works fine and you can see conversions pushing into Analytics straight away.

However, in Firefox, when you have Enhanced Privacy Protection turned ON, (it comes switched on as default now) you get the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.googleadservices.com/pagead/conversion/957837126/wcm?cc=ZZ&dn=01858439338&cl=ITVOCP2S_34Qxt7dyAM&ct_eid=2. (Reason: CORS request did not succeed).

As soon as you switch off Enhanced Privacy Protection it works perfectly.

The code I am using to push to datalayer, if its of any relevance is: 

<script type="text/javascript">
  document.addEventListener( 'wpcf7mailsent', function( event ) {
   window.dataLayer.push({
      "event" : "cf7submission",
      "eventAction": "FormSubmission",
      "eventCategory": "Contact Form Submission",
      "eventCallback" : function() {
        // Firefox never gets to run this callback to redirect page - which is what triggered further investigation.
        window.location.href = "https://www.domain.co.uk/thank-you/"; 
        return false;
      },
      "eventTimeout" : 2000 // I had to add this in so that it still redirects to thank you when datalayer push fails.
    });    
  }, false );
</script>

The event listener is just to check when the email has been sent by the site, and then the rest is to push into Data Layer for tracking and then redirect to thank you page upon completion.

In my opinion this is definitely not a CORS related error in the sense that the request is coming from our local script with the correct headers. Code works in all other browsers with no issue.

Firefox has this page https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed to try to explain why we're getting the error:

Reason 1:

Its Certificate error : Its Google, it's not a cert error

Reason 2:

HTTP to HTTPS request : HTTPS on site with Let's Encrypt SSL

Reason 3:

Not permitted to access localhost : This isn't localhost and is live site

Reason 4:

Server didn't respond : Again, it's Google, it responds to everything.

TLDR: Firefox is blocking datalayer push when Enhanced Privacy is turned on, but should be allowing a standard conversion tracking script to run in line with their own docs. Why is it blocking us and what code do I need to get around it?

UPDATE

I've found this link https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Tracking_Protection which says:

How does Firefox choose what to block?

Content is blocked based on the domain from which it is to be loaded.

Firefox ships with a list of sites which have been identified as engaging in cross-site tracking of users. When tracking protection is enabled, Firefox blocks content from sites in the list.

Sites that track users are most commonly third-party advertising and analytics sites.

Is Firefox seriously blocking Google Analytics on standard conversion tracking now?

Unbranded Manchester
  • 980
  • 16
  • 30
  • 1
    There’s a possibly-related issue at https://bugzilla.mozilla.org/show_bug.cgi?id=1628170. So you might want to either comment there or else consider filing a bug at https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Privacy%3A%20Anti-Tracking&format=__default__ – sideshowbarker Jun 19 '20 at 22:11
  • 1
    @sideshowbarker I'm beginning to think that this whole GA block is intentional with no workaround. The question I'm asking myself is do we have to respect user privacy/options when its set as **default** in a browser for a user not to be tracked without them opting into it - or is there a workaround where you can store the action and push it to analytics via a custom function that's triggered when GA fails, to subvert Firefox entirely. Thinking its shakey ground so looking into it now. – Unbranded Manchester Jun 19 '20 at 22:17

1 Answers1

4

It looks like I was correct with my original assumptions, to a certain degree. Firefox isn't blocking all analytics access by default now, but it is blocking anything ad related that tries to send conversion or tracking code related to ads.

So, if you're trying to fire a goal upon completion of an ad related activity, it's going to get blocked, whilst other tracking related scripts will get run.

Firefox has chosen its own list of what it believes to be third party tracking scripts and by default, its blocking them all now.

Interesting Points

Google obviously relies on this tracking conversion data and as such Chrome is quite far behind in implementing anything to block ad related traffic, its where they make their money so it wouldn't make sense to block themselves. They currently have over 60% market share in regard to usage (https://en.wikipedia.org/wiki/Usage_share_of_web_browsers) so your tracking is going to be ok for now.

However, both Safari and Firefox, neither of which rely upon ad revenue have implemented strict measures for tracking.

Safari & Firefox

Firefox goes all out and blocks tracking scripts related to third party sources. Take note of the 'third party', its when an advertiser is embedding their script on your site.

Safari, on the other hand has gone a step further and will auto delete ALL tracking related cookies after 7 days of not being on the site. This is going to knock your data way off as although it will still show visitors, they'll show as new visitors instead of returning visitors.

Conclusion

Right now, I feel like this is the beginning of the end of traditional conversion and ad tracking for website owners and something is due to change in the near future as these browser changes start to bite.

I don't know of any way to get around this for now. I explored trying to use a proxy to get around the tracking embeds, but without knowing how and what Google tracks on each script call, it was impossible to spoof the submissions to analytics.

Unbranded Manchester
  • 980
  • 16
  • 30
  • Hey mate, I am running into the same issues as you. Based on this article (https://www.simoahava.com/gtm-tips/use-eventtimeout-eventcallback/), it seems like the issue is that "Firefox’s latest update to its Tracking Protection in Private Browsing now blocks Google Tag Manager, too." Thus, I don't think blocking is based on whether it is ad-related or not? Have you found any workarounds to share for Firefox users? Thanks! – xojijog684 Aug 30 '20 at 06:07
  • 1
    @xojijog684 Sorry for late reply, had a baby! Anyhoo, we couldn't find a solution, reported it to our account manager at Google and apparently they couldn't replicate it on their side!?! I've not experienced it blocking tag manager yet, but then again, we made our own "tag manager" that sits in the site and replicates its functionality. – Unbranded Manchester Sep 14 '20 at 13:35
  • Hey congrats on the kid! Appreciate the reply :) – xojijog684 Sep 14 '20 at 16:16
  • 1
    Looks like I was right all along! https://www.bbc.co.uk/news/technology-56267425 – Unbranded Manchester Mar 03 '21 at 18:18
  • Hey thanks for the update! Looks like I need to start looking for fingerprint-based tracking software. – xojijog684 Mar 11 '21 at 16:17