Firefox 增强的隐私保护正在阻止数据层推送到谷歌标签管理器

Question

Over the past few weeks I've realised that the conversion tracking in Google Analytics of a website we built and maintain has been off by about 20% - 40% each day.

When testing in any browser but Firefox, everything works fine and you can see conversions pushing into Analytics straight away.

However, in Firefox, when you have Enhanced Privacy Protection turned ON, (it comes switched on as default now) you get the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.googleadservices.com/pagead/conversion/957837126/wcm?cc=ZZ&dn=01858439338&cl=ITVOCP2S_34Qxt7dyAM&ct_eid=2 . (Reason: CORS request did not succeed).

As soon as you switch off Enhanced Privacy Protection it works perfectly.

The code I am using to push to datalayer, if its of any relevance is:

<script type="text/javascript">
  document.addEventListener( 'wpcf7mailsent', function( event ) {
   window.dataLayer.push({
      "event" : "cf7submission",
      "eventAction": "FormSubmission",
      "eventCategory": "Contact Form Submission",
      "eventCallback" : function() {
        // Firefox never gets to run this callback to redirect page - which is what triggered further investigation.
        window.location.href = "https://www.domain.co.uk/thank-you/"; 
        return false;
      },
      "eventTimeout" : 2000 // I had to add this in so that it still redirects to thank you when datalayer push fails.
    });    
  }, false );
</script>

The event listener is just to check when the email has been sent by the site, and then the rest is to push into Data Layer for tracking and then redirect to thank you page upon completion.

In my opinion this is definitely not a CORS related error in the sense that the request is coming from our local script with the correct headers. Code works in all other browsers with no issue.

Firefox has this page https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed to try to explain why we're getting the error:

Reason 1:

Its Certificate error: Its Google, it's not a cert error

Reason 2:

HTTP to HTTPS request: HTTPS on site with Let's Encrypt SSL

Reason 3:

Not permitted to access localhost: This isn't localhost and is live site

Reason 4:

Server didn't respond: Again, it's Google, it responds to everything.

TLDR: Firefox is blocking datalayer push when Enhanced Privacy is turned on, but should be allowing a standard conversion tracking script to run in line with their own docs. Why is it blocking us and what code do I need to get around it?

UPDATE

I've found this link https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Tracking_Protection which says:

How does Firefox choose what to block?

Content is blocked based on the domain from which it is to be loaded.

Firefox ships with a list of sites which have been identified as engaging in cross-site tracking of users. When tracking protection is enabled, Firefox blocks content from sites in the list.

Sites that track users are most commonly third-party advertising and analytics sites .

Is Firefox seriously blocking Google Analytics on standard conversion tracking now?

Answer 1

It looks like I was correct with my original assumptions, to a certain degree. Firefox isn't blocking all analytics access by default now, but it is blocking anything ad related that tries to send conversion or tracking code related to ads.

So, if you're trying to fire a goal upon completion of an ad related activity, it's going to get blocked, whilst other tracking related scripts will get run.

Firefox has chosen its own list of what it believes to be third party tracking scripts and by default, its blocking them all now.

Interesting Points

Google obviously relies on this tracking conversion data and as such Chrome is quite far behind in implementing anything to block ad related traffic, its where they make their money so it wouldn't make sense to block themselves. They currently have over 60% market share in regard to usage ( https://en.wikipedia.org/wiki/Usage_share_of_web_browsers ) so your tracking is going to be ok for now.

However, both Safari and Firefox, neither of which rely upon ad revenue have implemented strict measures for tracking.

Safari & Firefox

Firefox goes all out and blocks tracking scripts related to third party sources. Take note of the 'third party', its when an advertiser is embedding their script on your site.

Safari, on the other hand has gone a step further and will auto delete ALL tracking related cookies after 7 days of not being on the site. This is going to knock your data way off as although it will still show visitors, they'll show as new visitors instead of returning visitors .

Conclusion

Right now, I feel like this is the beginning of the end of traditional conversion and ad tracking for website owners and something is due to change in the near future as these browser changes start to bite.

I don't know of any way to get around this for now. I explored trying to use a proxy to get around the tracking embeds, but without knowing how and what Google tracks on each script call, it was impossible to spoof the submissions to analytics.