Why anyone would do this is beyond me. The thought occurred while I was upgrading State Supply’s legacy Analytics JS implementation with Google’s newer Universal Analytics. I immediately got a weird feeling about the issue and turned to a tool that I rarely use in Google Analytics, filters.
Typically when filtering data In Google Analytics I use segments. Almost everything that you can accomplish with a filter can be done with a segment… almost. The difference between filters and segments is that filters are destructive and segments are non-destructive. Filters are used when the objective is to prevent data from ever entering Google Analytics (to “filter” it), while segments are used to slice and dice data that exists within Google Analytics (to “segment” it).
Segments are generally the way to go when analyzing data in Google Analytics. However, there are circumstances where you could should use filters. The most common use case for filters is preventing visits to your website from specific IP addresses (your home, work, etc). A filter in this case makes sense because you don’t want your own traffic polluting the data pool.
You probably have an idea now where I am going with this. Because filters are destructive, we can use them to remedy the aforementioned problem. One of the ways to do this is to create an Include only filter for your site’s hostname. Yes, someone could easily get around this. But since they have no idea that the filter exists, I think it’s a pretty good solution.
To my amazement I have yet to come across this solution in any Google Analytics training. I have not even heard the problem addressed! While a lot of training covers how to use and implement filters, no training (that I know of) explores the security opportunities that filters provide. So, let’s plug this [potential] data threat by creating a filter to only include data from our site’s hostname.
window.location.hostnamein to the console and it will return your hostname.
Click the Filters link in the Google Analytics admin for the specific view that you wish to create the filter on.
Note: If you only have a single view for your web property, you should create a new view. You should always retain a raw view without any filters applied — remember, filters are destructive!
You will now see a table with all of the filters for the view. Click the New Filter button.
Specify a Filter Name and update filter options as follows:
- Include Only
- traffic to the hostname
- that are equal to
Click Save and be protected.