Follow

Initial Referrer and Force Identification

After enabling the Force Identification level of Distil protection, you may notice a drop in first-visit referrer information being passed to JavaScript trackers such as Google Analytics (GA). This is due to the Force Identification interstitial page that prevents a visitor from being able to access your website–and therefore your Google Analytics code–until they've completed the Distil JavaScript test.

In order to preserve the initial referrer (normally held within JavaScript's document.referrer), the Force Identification interstitial page must place initial referrer data into a web browser's sessionStorage. This allows the initial referrer data to be retrieved and placed back into GA or another JS-based analytic suite.

Integrating the Distil Force Identification Referrer with Google Tag Manager

Google’s Tag Manager (GTM) allows users to control the deployment of their analytics tools. For step-by-step instructions on configuring your GTM to preserve the initial referrer value and creating a tag to remove the distil_referrer object from sessionStorage, please refer to our article, Integrating with Google Tag Manager.

An example of code that would allow you to override when the Force Identification referrer is present follows:

function() {
if (typeof sessionStorage !== 'undefined'){
var distilReferrer = sessionStorage.getItem('distil_referrer');
if (distilReferrer) {
return distilReferrer;
}
// session variable 'distil_referrer' gets deleted on unload
}
var referrer = document.referrer;
// prevent self referrals
if (document.referrer) {
var regex = new URL(document.referrer).hostname;
if ("{{Page Hostname}}".match(regex)) {
referrer = null;
}
}
}

An example code that would allow you to remove the distil_referrer object from sessionStorage follows:

<script>
window.onbeforeunload = function(e) {
if (typeof sessionStorage !== 'undefined'){
sessionStorage.removeItem('distil_referrer');
}
};
</script>

Integrating the Distil Force Identification Referrer with Google Universal Analytics

Google's Universal Analytics allows for users to override the default document.referrer action when necessary using a custom function. An example of code that would allow you to override when the Force Identification referrer is present follows:

    ga('create', 'UA-GOOGLEUA-1');
    try {
        if (typeof sessionStorage !== 'undefined'){
            ga('set', 'referrer', (sessionStorage.getItem('distil_referrer') || document.referrer));
            sessionStorage.removeItem('distil_referrer');
        }
    } catch (e){ }
    ga('send', 'pageview');


This code will override the default referrer being passed to Google Universal Analytics, then remove the item from storage so that the proper referrer is then tracked throughout the website.
 

Integrating the Distil Force Identification Referrer with Google Classic Analytics

Like Google's Universal Analytics, Classic Analytics allows for users to override the default document.referrer action when necessary using a custom function. An example of code that would allow you to override when the Force Identification referrer is present follows:

    var _gaq = _gaq || [];
    _gaq.push(['_setAccount', 'UA-GOOGLEUA-1']);

    try {
        if (typeof sessionStorage !== 'undefined'){
              _gaq.push(['_setReferrerOverride', (sessionStorage.getItem('distil_referrer') || document.referrer) ]);           
            sessionStorage.removeItem('distil_referrer');
          }
      } catch (e){}

  _gaq.push(['_trackPageview']);


This code will override the default referrer being passed to Google Classic Analytics, then remove the item from storage so that the proper referrer is then tracked throughout the website.

Create Custom Pages

The JavaScript Validation and Unable to Identify pages provide users with a branded, customized experience. By default, GET requests are shown a blank interstitial page to test the browser’s ability to load JavaScript. For POST requests, the user sees the default Distil JavaScript validation page.

NOTE: The common workflow is GET before POST. If your subdomain switches from www.yourdomain.com to subdomain.yourdomain.com between a GET and POST request, the request may be served the JavaScript validation page.

We highly recommended implementing a custom page without the Distil logo. This helps the overall user experience and brands any page a user might visit with your own color scheme, images, and logos. Furthermore, if browser cannot complete the test, the user will see a page indicating their browser is unable to be identified. This page also shows a Distil logo and should be customized.  

For more information on creating custom pages, refer to our article on Creating Custom Threat Response Pages.

Was this article helpful?
4 out of 4 found this helpful
Have more questions? Submit a request

Comments