Follow

Initial Referrer and Force Identification

After enabling the Force Identification level of Distil protection, customers may notice a drop in first-visit referrer information being passed to JavaScript trackers such as Google Analytics. This is due to the Force Identification interstitial page that prevents a visitor from being able to access your website (and therefore your Google Analytics code) until they've completed the Distil JavaScript test.

In order to preserve the initial referrer (normally held within JavaScript's document.referrer), the Force Identification interstitial page will now place this initial referrer data into a web browser's sessionStorage, allowing it to be retrieved and placed back into Google Analytics or other JavaScript-based analytic suites.

Integrating the Distil Force Identification Referrer with Google Universal Analytics

Google's Universal Analytics allows for users to override the default document.referrer action when necessary using a custom function. An example of code that would allow you to override when the Force Identification referrer is present follows:

    ga('create', 'UA-GOOGLEUA-1');
    try {
        if (typeof sessionStorage !== 'undefined'){
            ga('set', 'referrer', (sessionStorage.getItem('distil_referrer') || document.referrer));
            sessionStorage.removeItem('distil_referrer');
        }
    } catch (e){ }
    ga('send', 'pageview');


This code will override the default referrer being passed to Google Universal Analytics, then remove the item from storage so that the proper referrer is then tracked throughout the website.
 

Integrating the Distil Force Identification Referrer with Google Classic Analytics

Like Google's Universal Analytics, Classic Analytics allows for users to override the default document.referrer action when necessary using a custom function. An example of code that would allow you to override when the Force Identification referrer is present follows:

    var _gaq = _gaq || [];
    _gaq.push(['_setAccount', 'UA-GOOGLEUA-1']);

    try {
        if (typeof sessionStorage !== 'undefined'){
              _gaq.push(['_setReferrerOverride', (sessionStorage.getItem('distil_referrer') || document.referrer) ]);           
            sessionStorage.removeItem('distil_referrer');
          }
      } catch (e){}

  _gaq.push(['_trackPageview']);


This code will override the default referrer being passed to Google Classic Analytics, then remove the item from storage so that the proper referrer is then tracked throughout the website.

Create Custom Pages

The JavaScript Validation and Unable to Identify pages provide users with a branded, customized experience. By default, GET requests are shown a blank interstitial page to test the browser’s ability to load JavaScript. For POST requests, the user sees the default Distil JavaScript validation page.

NOTE: The common workflow is GET before POST. If your subdomain switches from www.yourdomain.com to subdomain.yourdomain.com between a GET and POST request, the request may be served the JavaScript validation page.

We highly recommended implementing a custom page without the Distil logo. This helps the overall user experience and brands any page a user might visit with your own color scheme, images, and logos. Furthermore, if browser cannot complete the test, the user will see a page indicating their browser is unable to be identified. This page also shows a Distil logo and should be customized.  

For more information on creating custom pages, refer to our article on Creating Custom Threat Response Pages.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments