When it comes to direct traffic in Analytics, there are two deeply entrenched misconceptions.
The first is that it’s caused almost exclusively by users typing an address into their browser (or clicking on a bookmark). The second is that it’s a Bad Thing, not because it has any overt negative impact on your site’s performance, but rather because it’s somehow immune to further analysis. The prevailing attitude amongst digital marketers is that direct traffic is an unavoidable inconvenience; as a result, discussion of direct is typically limited to ways of attributing it to other channels, or side-stepping the issues associated with it.
In this article, we’ll be taking a fresh look at direct traffic in modern Google Analytics. As well as exploring the myriad ways in which referrer data can be lost, we’ll look at some tools and tactics you can start using immediately to reduce levels of direct traffic in your reports. Finally, we’ll discover how advanced analysis and segmentation can unlock the mysteries of direct traffic and shed light on what might actually be your most valuable users.
What is direct traffic?
In short, Google Analytics will report a traffic source of "direct" when it has no data on how the session arrived at your website, or when the referring source has been configured to be ignored. You can think of direct as GA’s fall-back option for when its processing logic has failed to attribute a session to a particular source.
To properly understand the causes and fixes for direct traffic, it’s important to understand exactly how GA processes traffic sources. The following flow-chart illustrates how sessions are bucketed — note that direct sits right at the end as a final "catch-all" group.
Broadly speaking, and disregarding user-configured overrides, GA’s processing follows this sequence of checks:
AdWords parameters > Campaign overrides > UTM campaign parameters > Referred by a search engine > Referred by another website > Previous campaign within timeout period > Direct
Note the penultimate processing step (previous campaign within timeout), which has a significant impact on the direct channel. Consider a user who discovers your site via organic search, then returns via direct a week later. Both sessions would be attributed to organic search. In fact, campaign data persists for up to six months by default. The key point here is that Google Analytics is already trying to minimize the impact of direct traffic for you.
What causes direct traffic?
Contrary to popular belief, there are actually many reasons why a session might be missing campaign and traffic source data. Here we will run through some of the most common.
1. Manual address entry and bookmarks
The classic direct-traffic scenario, this one is largely unavoidable. If a user types a URL into their browser’s address bar or clicks on a browser bookmark, that session will appear as direct traffic.
Simple as that.
2. HTTPS > HTTP
When a user follows a link on a secure (HTTPS) page to a non-secure (HTTP) page, no referrer data is passed, meaning the session appears as direct traffic instead of as a referral. Note that this is intended behavior. It’s part of how the secure protocol was designed, and it does not affect other scenarios: HTTP to HTTP, HTTPS to HTTPS, and even HTTP to HTTPS all pass referrer data.
So, if your referral traffic has tanked but direct has spiked, it could be that one of your major referrers has migrated to HTTPS. The inverse is also true: If you’ve migrated to HTTPS and are linking to HTTP websites, the traffic you’re driving to them will appear in their Analytics as direct.
If your referrers have moved to HTTPS and you’re stuck on HTTP, you really ought to consider migrating to HTTPS. Doing so (and updating your backlinks to point to HTTPS URLs) will bring back any referrer data which is being stripped from cross-protocol traffic. SSL certificates can now be obtained for free thanks to automated authorities like LetsEncrypt, but that’s not to say you should neglect to explore the potentially-significant SEO implications of site migrations. Remember, HTTPS and HTTP/2 are the future of the web.
If, on the other hand, you’ve already migrated to HTTPS and are concerned about your users appearing to partner websites as direct traffic, you can implement the meta referrer tag. Cyrus Shepard has written about this on Moz before, so I won’t delve into it now. Suffice to say, it’s a way of telling browsers to pass some referrer data to non-secure sites, and can be implemented as a <meta> element or HTTP header.
3. Missing or broken tracking code
Let’s say you’ve launched a new landing page template and forgotten to include the GA tracking code. Or, to use a scenario I’m encountering more and more frequently, imagine your GTM container is a horrible mess of poorly configured triggers, and your tracking code is simply failing to fire.
Users land on this page without tracking code. They click on a link to a deeper page which does have tracking code. From GA’s perspective, the first hit of the session is the second page visited, meaning that the referrer appears as your own website (i.e. a self-referral). If your domain is on the referral exclusion list (as per default configuration), the session is bucketed as direct. This will happen even if the first URL is tagged with UTM campaign parameters.
As a short-term fix, you can try to repair the damage by simply adding the missing tracking code. To prevent it happening again, carry out a thorough Analytics audit, move to a GTM-based tracking implementation, and promote a culture of data-driven marketing.
4. Improper redirection
This is an easy one. Don’t use meta refreshes or JavaScript-based redirects — these can wipe or replace referrer data, leading to direct traffic in Analytics. You should also be meticulous with your server-side redirects, and — as is often recommended by SEOs — audit your redirect file frequently. Complex chains are more likely to result in a loss of referrer data, and you run the risk of UTM parameters getting stripped out.
Once again, control what you can: use carefully mapped (i.e. non-chained) code 301 server-side redirects to preserve referrer data wherever possible.
5. Non-web documents
Links in Microsoft Word documents, slide decks, or PDFs do not pass referrer information. By default, users who click these links will appear in your reports as direct traffic. Clicks from native mobile apps (particularly those with embedded "in-app" browsers) are similarly prone to stripping out referrer data.
To a degree, this is unavoidable. Much like so-called “dark social” visits (discussed in detail below), non-web links will inevitably result in some quantity of direct traffic. However, you also have an opportunity here to control the controllables.
If you publish whitepapers or offer downloadable PDF guides, for example, you should be tagging the embedded hyperlinks with UTM campaign parameters. You’d never even contemplate launching an email marketing campaign without campaign tracking (I hope), so why would you distribute any other kind of freebie without similarly tracking its success? In some ways this is even more important, since these kinds of downloadables often have a longevity not seen in a single email campaign. Here’s an example of a properly tagged URL which we would embed as a link:
https://builtvisible.com/embedded-whitepaper-url/?utm_source=whitepaper&utm
The same goes for URLs in your offline marketing materials. For major campaigns it’s common practice to select a short, memorable URL (e.g. moz.com/tv/) and design an entirely new landing page. It’s possible to bypass page creation altogether: simply redirect the vanity URL to an existing page URL which is properly tagged with UTM parameters.
So, whether you tag your URLs directly, use redirected vanity URLs, or — if you think UTM parameters are ugly — opt for some crazy-ass hash-fragment solution with GTM (read more here), the takeaway is the same: use campaign parameters wherever it’s appropriate to do so.
6. “Dark social”
This is a big one, and probably the least well understood by marketers.
The term “dark social” was first coined back in 2012 by Alexis Madrigal in an article for The Atlantic. Essentially it refers to methods of social sharing which cannot easily be attributed to a particular source, like email, instant messaging, Skype, WhatsApp, and Facebook Messenger.
Recent studies have found that upwards of 80% of consumers’ outbound sharing from publishers’ and marketers’ websites now occurs via these private channels. In terms of numbers of active users, messaging apps are outpacing social networking apps. All the activity driven by these thriving platforms is typically bucketed as direct traffic by web analytics software.
People who use the ambiguous phrase “social media marketing” are typically referring to advertising: you broadcast your message and hope people will listen. Even if you overcome consumer indifference with a well-targeted campaign, any subsequent interactions are affected by their very public nature. The privacy of dark social, by contrast, represents a potential goldmine of intimate, targeted, and relevant interactions with high conversion potential. Nebulous and difficult-to-track though it may be, dark social has the potential to let marketers tap into elusive power of word of mouth.
So, how can we minimize the amount of dark social traffic which is bucketed under direct? The unfortunate truth is that there is no magic bullet: proper attribution of dark social requires rigorous campaign tracking. The optimal approach will vary greatly based on your industry, audience, proposition, and so on. For many websites, however, a good first step is to provide convenient and properly configured sharing buttons for private platforms like email, WhatsApp, and Slack, thereby ensuring that users share URLs appended with UTM parameters (or vanity/shortened URLs which redirect to the same). This will go some way towards shining a light on part of your dark social traffic.
Checklist: Minimizing direct traffic
To summarize what we’ve already discussed, here are the steps you can take to minimize the level of unnecessary direct traffic in your reports:
- Migrate to HTTPS: Not only is the secure protocol your gateway to HTTP/2 and the future of the web, it will also have an enormously positive effect on your ability to track referral traffic.
- Manage your use of redirects: Avoid chains and eliminate client-side redirection in favour of carefully-mapped, single-hop, server-side 301s. If you use vanity URLs to redirect to pages with UTM parameters, be meticulous.
- Get really good at campaign tagging: Even amongst data-driven marketers I encounter the belief that UTM begins and ends with switching on automatic tagging in your email marketing software. Others go to the other extreme, doing silly things like tagging internal links. Control what you can, and your ability to carry out meaningful attribution will markedly improve.
- Conduct an Analytics audit: Data integrity is vital, so consider this essential when assessing the success of your marketing. It’s not simply a case of checking for missing track code: good audits involve a review of your measurement plan and rigorous testing at page and property-level.
Adhere to these principles, and it’s often possible to achieve a dramatic reduction in the level of direct traffic reported in Analytics. The following example involved an HTTPS migration, GTM migration (as part of an Analytics review), and an overhaul of internal campaign tracking processes over the course of about 6 months:
But the saga of direct traffic doesn’t end there! Once this channel is “clean” — that is, once you’ve minimized the number of avoidable pollutants — what remains might actually be one of your most valuable traffic segments.
Analyze! Or: why direct traffic can actually be pretty cool
For reasons we’ve already discussed, traffic from bookmarks and dark social is an enormously valuable segment to analyze. These are likely to be some of your most loyal and engaged users, and it’s not uncommon to see a notably higher conversion rate for a clean direct channel compared to the site average. You should make the effort to get to know them.
The number of potential avenues to explore is infinite, but here are some good starting points:
- Build meaningful custom segments, defining a subset of your direct traffic based on their landing page, location, device, repeat visit or purchase behavior, or even enhanced e-commerce interactions.
- Track meaningful engagement metrics using modern GTM triggers such as element visibility and native scroll tracking. Measure how your direct users are using and viewing your content.
- Watch for correlations with your other marketing activities, and use it as an opportunity to refine your tagging practices and segment definitions. Create a custom alert which watches for spikes in direct traffic.
- Familiarize yourself with flow reports to get an understanding of how your direct traffic is converting. By using Goal Flow and Behavior Flow reports with segmentation, it’s often possible to glean actionable insights which can be applied to the site as a whole.
- Ask your users for help! If you’ve isolated a valuable segment of traffic which eludes deeper analysis, add a button to the page offering visitors a free downloadable ebook if they tell you how they discovered your page.
- Start thinking about lifetime value, if you haven’t already — overhauling your attribution model or implementing User ID are good steps towards overcoming the indifference or frustration felt by marketers towards direct traffic.
I hope this guide has been useful. With any luck, you arrived looking for ways to reduce the level of direct traffic in your reports, and left with some new ideas for how to better analyze this valuable segment of users.
Thanks for reading!
Hello Tom, Great Guide on Analytics.
UTM parameters should be integrated in any offline marketing initiatives and is something that tends to be forgotten. I've seen many people create great offline content with high engagement potential with no UTM parameters. It is a shame to end up with only direct trafic after. Here are some of the stuff I've seen the most:
- Someone creates a great downloadable guide or whitepaper that gets shared massively and forgot to add UTMs.
- Clients that don't add UTM parameters to slides from conferences that they give.
- People that implement RSS Feed emails withtools like feedburner and forgot to set-up Analytics tracking.
- Worst of all: People that don't set-up Google Analytics, or only set it up on home page.
Also, for campaigns that are very expensive like TV Ads, tradeshows or magazine Ads. Make sure to buy a new domain name, a subdomain, or to create a easily memorable url to redirect to a URL with UTM parameters.
- domainname.com > URL with UTM parameters
- subdomain.domainname.com > URL with UTM parameters
- domainname.com/tv-ad > URL with UTM parameters
Anybody have seen other situations that should not be forgotten?
Nothing to add except good to see someone taking a pinch of old school direct marketing to digital. I guarantee that some folk wouldn't think twice about creating unique discount/promotional codes to track channels but it wouldn't even register with them to do similar for the humble link.
Great Post! Somebody needs to get a post up on how to explain Dark Social to small business owners without causing them to become dizzy and in need of a desk fan
Hi Tom!
Great post to understand how analytics sometimes can be wrong with Direct Traffic. It's very important this segment to analyze a brand (well, we can see with other better tools) but it's a value to see how many people remember our website.
Only one thing to complete "infographic traffic sources & campaign processing", this is the order by default, but can be changed in analytics admin panel.
Great information. I did not know the HTTPS > HTTP was registered as direct traffic. this explains some anomalies i have experienced with data collection for my clients.
Hi Tom,
Nice article. I have not really heard of the term "Dark Social" before but now its something new to look into.
I recently learned about "Social Stacking" and how it's overlooked, myself included. After I invest the time required to improve my social stacking I'll dig deeper into your ideas about direct traffic.
Thank You Tom. I prefer access my own site by manually address entry and I've 1,3% direct traffic checked on analytics but it's no effect to my SEO and organic traffic. Should I minimize my direct traffic site ?
Hello Tom,
Thanks for the article. "Dark Social" was a new term for me. I would more about it on my own.
Once again, thanks for the article.
I usually recommend to make the change to HTTPS at the beginning of every project. One problem less. Now a days is something essential. Great contribution!
Fantastic post Tom! There's a lot of confusion on direct traffic to begin with. These are even more finer nuances that you have explained. I have a client whose top source of traffic is direct, and part of it is maybe due to the fact that they don't do any promotion, and it's mostly shared around internally within their team. But I just noticed that their URL is http and not https so this might be something for me to take back to the team. Thanks!
Nice guide for direct traffic in Google Analytics.
Voy a investigar más sobre el tema. Es interesante ver como analiar ese tráfico directo y saber si es relevante para el usuario el contenido que aporto. Saludos!
Direct traffic can encompass a wide range of sources, including those you would have liked to have tracked in analytics. A drop in traffic from a particular source does not necessarily mean a drop in traffic. It could indicate a case in which that source ended up being categorized under Direct traffic. The best advice is - proactively use tracking parameters in cases where you may be risking not properly seeing traffic. There is actually a nice infographic showing the main factors impacting traffic. I use it sometimes to solve the current issues. Taking the right steps to address potentially miscategorized traffic, as well as being upfront with clients about the causes, can help to mitigate problems.
may i know how to increase email traffic for a event blog.
Thanks for comprehensively explaining dark social traffic. And, checklist to minimise direct traffic is simply great!
Really awesome post Tom! TBH I did not know there were more than 2 causes of direct traffic, let alone 6! Great info and very well-written. Appreciate the tips on minimizing direct traffic, and your breakdown of "dark social" as well.
Very helpful post - I suspected https might be a factor but couldn't find a confirmation. One more reason to make sure you're using an ssl certificate
great article! cant wait to apply your suggestions on my GA account! thanks :)
This is a really great article, i would like to know a little bit more about this secotr in google analyrtics
Hi Tom,
Great article. I'd just like to add some other circumstances where traffic gets counted towards Direct:
1. Incognito browsing. In this mode, referral data is also stripped from the request. Also incognito browsing especially on iOS is getting more and more the default.
2. Social clicks on untagged shared links that happen from the mobile app (ex. Facebook, Google+, Twitter). So that doesn't just happen on Dark Social, but also Facebook, etc..
3. Depending on the users settings of their social app (whether or not to use the in-app browser or your default browser app), a lot of attribution can go wrong and extra Direct traffic will appear.
Another point which you did mention (between the lines: "and updating your backlinks to point to HTTPS URLs") but I actually didn't realize enough is that updating backlinks when your site switches from http to https is very important. Redirecting all http traffic to the https version of your site from the server (301) is necessary, but doesn't solve losing referral data. Only updating backlinks, especially those on httpS-sites, does. I'd like to emphasize that!
Hi, thanks for your comment. When you refer to incognito browsing, I think it's important to clarify that referrer data *is* passed between sites. Click on a link whilst in incognito, and the referrer header is passed as usual. The exception is if you're browsing normally, and then opt to open a specific link in incognito mode - this won't pass referrer data.
Social app links are indeed prone to being reported as direct traffic, as you say.
I'd absolutely agree that link realignment following protocol migration is potentially valuable, since it can bring back referral data, not to mention eliminating any equity which (could in theory) be lost through a insecure-to-secure redirect hop.
Great article, I'm not a master in GA, I think is one those points that I need to improve. Read the manual is not an option . . . too boring. So this article makes my life a little bit easy.
Thanks for share
Great article. I'd wondered about the different ways traffic gets segmented as direct, and this answered several of the questions I'd had about this.
There was a report I'd read earlier this month about Direct Traffic being one of the most influential ranking factors for high volume organic keywords. With that in mind, it raised a few questions based on your article:
Would there ever be a scenario where you'd want certain segments of traffic being (mis)reported as direct? Does google keep track of the different ways people showed up to your site as direct? Would 5,000 bookmarked direct visits be better for your site than 5,000 mystery visits?
Hi Tom, thanks for the post.
I was wondering if you had any thoughts on this Twitter thread today from Yehoshua Coren - https://twitter.com/AnalyticsNinja/status/93581162...
Key quote - "When a browser session is started and it has the exact some acquisition parameters (UTMs, Document Referrer), it is counted as a Direct Session."
Hey Tom, thanks for reading + your comment.
Cheers for sharing that thread, I'd not read it. I think most of the confusion here arises because of how standard GA reports work on a last non-direct click basis - if there's a previous campaign within timeout, that user will be attributed to that campaign, even if they're technically returning via direct. MCF reports are the exception, of course, given that they show *actual* direct.
The "Direct Session" dimension, not to be confused with the default channel grouping or source dimension, is something different. It can tell you if a session was genuinely from its reported campaign (reported as No), or if it was simply bucketed there due to the last non-direct click attribution model (reported as Yes). I didn't mention this dimension in the article because it has some flaws which can cause brain bending complexities, plus it goes a little beyond the scope of this article, which I tried to gear more towards marketers and non-expert GA users. It's certainly an interesting one, though.
Hope that makes sense!
Hi Tom,
Such a great post, and I'm totally agree with you. You shared knowledge, which me and also many SEO folks wanted to know. But i have a question that " Source links and shorten links are counts as direct traffic ?".
Whoa! That's an awesome post Tom. Never thought about this aspect of direct traffic.
Great guide, I'm sure it will be very useful in my day to day.
Thanks!
Nowadays with the importance that Google is giving to SSL everbody is migrating to HTTPS.
So it's good to know that we have to take a look about the "direct traffic" consequence and how to resolve it.
Thank you Tom!
Great post. Thanks for sharing all the different ways traffic shows up in this bucket.
Hi Tom,
Great post, I have learned a lot with it.
Yesterday I finished the https migration with Let's encrypt, very easy, and now I studying the Analytics if there are any change related to https.
great post for common problem.
one question, if not properly set up, not found images return 404 html page. Does it activate analytics script? I mean, can the not found image count as visits?
Another scenario, not found images redirected to Home, for example in migration of site with many indexated images. is that visit considered as direct?
TIA
Nice Article, Tom!
I installed SSL for my website in September 2017, now, after 4 months, I have been ranking again for 30% of my keywords, I have 1050 posts. The direct traffic is helping me to increase the ranking again, but I have a question: why a lot of traffic in Google Analytics says that is "not provided"?
[Link removed by editor.]
Thanks so much for this post that brings some light to thisdark side of the analytics called Direct traffic ;-)
Jeepers - thanks for that. Refreshing to learn something when you least expect it. :)
Direct traffic from actual users can have fantastic conversion rates. I've seen that on both e-commerce sites and contact form/phone call driven sites. In our analytics experience the biggest caveat with direct traffic is bots. But, if you're mostly paying attention to conversion rates and location it's not that big of a headache.
Awesome stuff thanks for sharing!
Great article! SEM Rush's new ranking study of 600,000 search queries showed a positive correlation between direct traffic and top rankings. They indicated that Google prioritizes domains with authority and consequently more direct traffic when ranking websites in its search results. See their study here: https://www.semrush.com/ranking-factors/. So, direct traffic can be viewed as a positive ranking correlation.
Hello Tom,
Wonderful little article, lovely detailing and the possible sources of direct traffic which could lead to various positives and negatives to your overall SEO strategies. Direct traffic could be the prime conversion getter for your eCommerce website or could be a flaw in your website as a whole which looks like direct traffic has a correlation with organic traffic as well. As organic traffic increases, your overall direct traffic increases along with it. Does some type of bot activities lead to direct traffic as well?s
Thank you Tom for providing such valuable contents and expecting more in days to come.
So just wanted to clarify... if I recently migrated my site to HTTPS and a blog post somewhere still links to me with https://mysite.com, does the referrer info get stripped off before the http to https redirection on my server, or does it carry through? Thanks in advance!
It will get stripped off, because when the user clicks the http link, the browser does not send referrer data to your server. After that, your server redirects to https and at that time the server already has no referrer data. So it's not your server's problem, but the browser's behaviour (which is by design by the way).
Hi, thanks for your comment. Yes, in that situation, referrer data would be stripped off - unless the linking site has implemented a referrer policy to bypass this behaviour. It's another argument for executing a link realignment project after carrying out a protocol migration.
Hi Tom
Excellent guide
Of all the points, I would say that the one with the most direct traffic problems is 3. The installation of the traking code should not be just to introduce it. You have to check that you have inserted correctly and haty people who do not even bother to check in real time if GA is working correctly.
Hi Lluis,
have to agree with you! I also do think that point 3 is the one that shows most of the direct traffic problems. It happens so fast that you are missing a tracking code - sometimes you do not even realize it if you do not constantly check your Google Analytics. This can be a huge problem.
Sir
I installed SSL for my blog after 6 months of creating blog. But both url's working with htttp and without https. so is this problem in SEO. How to overcome this, and is this comes under direct traffic as you explained in the above paragraph.
Hello Tom,
Thanks for this useful information about google analytics.
Before this article I don't know about "What is the proper meaning of Dark Social?" but after reading this article I totally agree with you.
Thanks
Great information. Personally prefer to work with google webmaster tools than with analytics. There you can find for few seconds the organic search keywords and the site position in SERP for that word.
Awesome post! I definitely fall in the "deeply entrenched misconceptions" group.
wow, such a thorough look at Direct Traffic. Didn't expect this. The part that you explained different reasons why it happens and also the part that you looked at the Analytics processing were both really educating.
I just want to add one major source for direct traffic, which is your own visits to your website. If you are running a business, you or your team will be visiting your website several times a day for many reasons, and guess what, every single visit you or your colleagues make to the website is tracked by google analytic as a direct source.
But there is a solution for that..
You can simply use the amazing Google Analytics Opt-Out Chrome Add-On that can prevent Google Analytics from collecting your data while you are browsing.
You can learn more about it by reading this SEO article that is talking about all the benefits of using such a tool like this, and the steps of installing and using it.
Hey Tom,
This is one of the finest blog have ever read on "Direct Traffic" by Analytics.
Just need to understand, does QR code / URL shortener somewhere are also a part of Direct Traffic?
It was great reading.
Thanks
Ankit
Great post. Do you know why Google Search Console data is different than Google Analytics?
Buen post Tom!
La verdad es que el tráfico directo es el "gran desconocido" para mí y hoy he agregado muchas cosas contigo.
Los tomaré en cuenta a partir de ahora cuando analice mis resultados.
¡Gracias por compartir!
Very good post, i think the direct traffic is a very good traffic for we websites. Thank you foour the post!!
If "lazy" user types in his browser moz instead of moz.com, it will give him SERP with moz.com probably the first option, he clicks and it is counted as Organic. But it is really no difference with 1. Manual address entry and bookmarks, i.e. Direct. Could be Direct underestimate?
I didn't knew about HTTPS to HTTP issue. Learned something new, again, thanks!
Great Guide about Direct Traffic Channel through Google Analytics. Many user use it but never try to know about Direct Traffic.
ThankYOu Sir for giving such a nice information.
Very good contribution. Direct traffic is a channel that we often forget about it.
Thank you
I agree with you, the main problem for me is the data that can not be evaluated for https pages, this is a serious problem since we can not analyze the real data of our websites