Google Global Site Tag: how to override page referrer

Question

I set up Google Global Site Tag for an Angular SPA. I'd like to override the page referrer that is passed to Google.

Use case: after logging in (using oAuth2), the user is redirected to the app. At this point, the url contains sensitive auth data (auth code). This url then gets logged to Google Analytics, which of course should be avoided.

I use the Angulartics2 lib with the GST provider, which internally uses the following code to send page track events to Google (according to Google's documentation on SPA route tracking):

gtag('config', trackingId, params);

By including the following line, I'm able to override the referrer (dr) in the query parameters:

params.page_referrer = 'https://my-custom-referrer.com';

index.html:

<script async src="https://www.googletagmanager.com/gtag/js"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag() {
    dataLayer.push(arguments);
  }
  gtag('js', new Date());
</script>

Code for tracking the page view event:

gtag('config', 'G-XXXXXXXXXX', {
  page_location: 'http://localhost:4200',
  page_path: '',
  page_referrer: 'https://my-custom-referrer.com',
});

This leads to the following request being sent to google (note the dr properties, which hold the referrer):

As you can see:

• The query string uses the correct referrer
• However, the request payload still contains the original referrer containing sensitive data

I've tried setting the page referrer with the following line of code:

gtag('set', { page_referrer: 'https://my-custom-referrer.com' });

but this results in the same behaviour.

How can I make sure the request body also uses the overridden referrer? There used to be a setting within the Analytics dashboard to exclude certain referrers, but in the new version (Google Analytics for properties) it has disappeared.

Answer 1

Not a solution, but a workaround. It pushes the current page (without paths or query parameters) to the history, which is then used by Google as the page referrer. At least it allows you to keep sensitive information out of Google Analytics.

history.pushState({ page: 1 }, '', window.location.origin);

Answer 2

Have you checked out the referral exclusion list?

Generally, if it redirects off your domain for authentication, you don't really want to count it as a referral, because then it will replace the true acquisition data for your users. You want to exclude it so the session is kept intact.

Also, you stated that you're using google tag manager (GTM), but your code and links to the documentation are for gtag.js, which is NOT GTM.

To set the referrer field in GTM, you need to locate the GA tag OR GA Settings tag and under the "fields to set" area, set the referrer field to your liking. Like so:

Though careful that if you override this for everything there could be issues with data accuracy, so you want to conditionally override this based on where it is coming from.