Can Someone Else Use My Google Analytics Tag to Corrupt My Data?
The answer: Yes. If you have your Google Analytics Tag pasted into the <head> of you’re your documents then your Google Analytics tag is publicly available to view (and use — hopefully no one would feel the need to though). When on a website, you can “right click” on the page and click “view page source.” From there, many times you will see the Google Analytics tag of the website in the beginning <head> tag (see image below). Notice that the Google Analytics Property ID of this website is marked out in red, but it is viewable to the public.
The next image is another example.
So what is stopping someone from using your Tag? Nothing really. Hopefully some common decency and the fact that our world is always pushing for better, cleaner, more reliable data. But why not safeguard you GA Account just to be safe? It will only take a few minutes and the next section will walk you through how to do it.
Step by Step Instructions: How to Protect Your GA Data From Getting Corrupted
Go to your Google analytics account and navigate to your “Admin” tab.
Click “All Filters” under you account section (image below). This will ensure your entire account is protected because we are going to set a filter to say we only want to accept data if it is coming from “our, my, your” domain.
Note: If you want to test this filter out before applying it at the Account level, you can follow these same steps but instead apply this filter to a “Testing View.” If you already have a View you can test, you can just select that view in our last step so just keep following along. If you do not have a “Testing View,” on the far right side of the screen/image below, you can see the “Views” section and you can create a testing view and click on “Filter” in the “View Section” and apply these same steps.
After clicking “All Filters” (or “Filter at the “View” level), you will see all of your filters if you have created any before. Below you can see that we have our filter highlighted in yellow that is already created with a “Filter Name,” Set to “Include” traffic from our website, and it is applied to “4 views” because we currently have 4 different views. Let’s walk through the steps to set that up (quick and easy).
- Click “Add Filter.”
- Give your filter a name
- Set “Filter Type” to “Custom”
- Where there is “Bubble Selectors” for “Exclude” and “Include — Select “Include”
- On the Filter Field, click the dropdown arrow and select “Hostname”
- For “Filter Pattern” — add your domain name “example\.com”
- NOTE: Be sure to include the “forward slash” “\'” before the period/dot on your “dot-com” etc.
Scroll to the bottom of the page/screen. You will see the “Views” that you can apply this filter to. Select each view you want to include and click “add.”
You will see your views move over into the “Selected Views” box and then click “Save.”
After that, you can test to make sure your filter is working by asking someone to use your tag to manipulate you data…. Just kidding. Although you really could. We suggest to at least go to your website, ensure that you turn off your Opt-Out Extension, and test your “Real Time” reports in Google Analytics. This will give you the assurance that you did not accidentally filter your web traffic out of GA and that the filter is set up correctly.
Near the top left of your screen, hover over the “clock icon,” click “Real Time” and then click on “Overview.”
Whatever page of your website you are on, you should see that page under the “Top Active Pages” section (highlighted yellow in the image below). You can navigate multiple pages to see the pages change in real time to ensure it is you that is showing in this report.
That’s all there is to it!
We hope you found this helpful and that you can put this to use to better ensure that you account’s data is safe.