Worldpay Referer And Google Analytics
Regardless of the fundamental problems of 3D Secure (3DS) which often makes it highly criticized there are often cold hard cash reasons when e-tailers must implement it. Other times it is implemented by default by 3rd party hosted payment pages. Some implementation may create a bit of a mess of your Google Analytics account. Worldpay, I’m looking at you! This is how to fix it.
Google Analytics (GA) treats each request with a referer not matching the current site as been a new session (for simplicities sake I will pretend that is the case). As a new session starts the source of the session is recored. Having your payment provider as the source of a transaction is not really helpful.
Ideally you want to retain the original referer in situations like this. With a 3rd party posted payment page you normally remove the domain by specifying it in the excluded referer list. Looking at Worldpay You would expect this to be secure.worldpay.com however for the reason outlined below this is not the case.
Worldpay - Last 3 HTTP(S) requests
The table shows the last 3 HTTP(s) requests made by a browser when completing a 3D Secure transaction with worldpay. The 302 on the second request means the referer for the request to host example.com is www.securesuite.co.uk not secure.worldpay.com.
| HTTP Response Code | Host | Comment |
|---|---|---|
| 200 | www.securesuite.co.uk | This part of 3d secure/vbv. The domain changes depending on your bank and which vendor it picked. Most likely a meta redirect occurred to trigger the next request. |
| 302 | secure.worldpay.com | A redirect issues by Worldpay to take you back to the shop |
| 200 | example.com | The thank you page (when will look at the referrer) |
The Fix
As the first request depends on the card issuer we need to add multiple domains to our exclusion list. There however is not an extensive list of possible domains. I’ve had to take a wait and watch approach to this problem. After a number of transactions I have put together the list below of domains which should be added to Google Analytics. Keep in mind this list is from a UK based e-tailer. **Your milage may vary but if you have any additions let me know in the comments below. **
| Domain | Comment |
|---|---|
worldpay.com |
Included for when no 3DS is used |
securesuite.co.uk |
|
arcot.com |
A number of subdomains are used |
verifiedbyvisa.barclays.co.uk |
|
secure.barclaycard.co.uk |
|
thinkmoney.cardinalcommerce.com |
|
clicksafe.lloydstsb.com |
|
cap.securecode.com |
|
wlp-acs.com |