Payment Gateway Referral Exclusions in Google Analytics

One of the most frequently visited reports in Analytics is the Source / Medium report. This is a primary reason why it’s targeted by referrer spammers, as we discussed in a recent article. There is, however, a much more trivial, yet common issue with the source / medium report that we see during audits and setups.

It’s the issue of proper attribution of conversions/ecommerce transactions towards a traffic source in the presence of payment gateway referral traffic. In many cases the implementation of a payment gateway requires that some traffic is sent to the payment gateway site and back to your site. This results in a visit with source “your payment gateway domain” and medium “referral” to be recorded in Google Analytics.

PayPal Referrer

In the example above we see a very common scenario: being recorded as the source for all or some of the transactions.

Why does it happen?

Google Analytics starts a new session whenever a user comes to the site from a traffic source different than the previous one (and when it’s not a direct visit), even if the previous session hasn’t expired. The user browses your site and decides to purchase. You send them to the payment gateway one way or another and then he’s sent back after a successful transaction. When the user arrives at the site from the gateway the HTTP headers contain referrer information saying that the visitor is coming from your payment gateway hostname, in the example above: Many of the other popular payment gateways like Shopify, Authorize, WorldPay, Gate2Shop, etc. also employ a similar solution which results in referrer traffic from them getting credit for your ecommerce transactions.

What’s the harm?

The harm is rather obvious: it prevents you from seeing the original traffic source that was responsible for bringing the transaction. Instead of seeing you got 50 transactions from Google / Organic and 100 more from Google / CPC you now see 150 transactions coming from / Referral.

Sure, you can extract the data with some work using the MCF reports or the Attribution Modeling tool, but why? The payment gateway as referrer tells you nothing you didn’t know and is in this sense a data pollution that should be avoided.

How to determine if you are affected?

You should check for sessions, coming from your payment gateway’s domain name (or in some cases names). You can do that by navigating to the Acquisition > All Traffic > Source/Medium report in Google Analytics.

If you are using our Google Analytics Health Checker tool you now have an in-built function that automatically performs this for you. When you run the health report, you’ll get a FAIL and a short description of the issue if we detect such traffic from a list of over 20 popular payment gateways. A table showing the traffic source/medium that the tool identified as wrongly attributed payment gateway traffic is shown as well, containing data about the number of sessions, number of transactions and the transactions per session for each source.

Payment Gateway Referrer Example

See this in action
Try itGoogle Analytics Health Checker
Identify potential issues with your analytics setup.

How to exclude payment gateway referrers?

There are two methods to accomplish this.

First method: the Referral Exclusion List

If you are using Universal Analytics, the recommended way to do this is to use the Referral Exclusions feature. It’s accessible via the Google Analytics interface under Admin > (Property) Tracking Info > Referral Exclusion List. You need to add the hostname – either the domain name or a specific subdomain only, to the list. This assures that a visit with a referrer field set to a URL under that hostname will not start a new session if there is already an active session.

Here is what our Referral Exclusion List looks like:

Referral Exclusion List

The important line here is, since this is our shopping gateway hostname. This way we don’t see visits from our gateway when you sign up for a paid plan with us.

Second method – utm_nooverride=1

This was the only method before Universal Analytics. However, prior to UA there was also much less need for it, since for a very long time Google Analytics wouldn’t start a new session for the same visitor if an old one has not yet expired. Then, when they made the change the need to use utm_novverride=1 suddenly jumped and that’s why they added the Referral Exclusion List as a feature.

utm_nooverride=1 is a parameter that you attach to your payment gateway return pages. Say your return page is /checkout/payment/success. You need to provide this URL to your payment gateway: /checkout/payment/success?utm_nooverride=1 . This way Google will ignore the referrer information for this session if there is already another session in progress. This is not what this parameter was originally intented for, but it does the job nicely as I can confirm through my deployment of such solutions.

Remember, you need to do this for all links from the payment gateway to your site and this is not a recommended solution if you are on Universal Analytics.

About the author

Georgi Georgiev

Managing owner of Web Focus and creator of, Georgi has over eighteen years of experience in online marketing, web analytics, statistics, and design of business experiments for hundreds of websites.

He is the author of the book "Statistical Methods in Online A/B Testing" and white papers on statistical analysis of A/B tests, as well as a lecturer on dozens of conferences, seminars, and courses, including as a Google Regional Trainer.

This entry was posted in Google Analytics and tagged , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.

Take your user testing program to the next level with the most comprehensive book on A/B testing statistics.

Learn more

Discussion (25 comments)

  1. WebMatthieuJuly 3, 2015

    Very good article !
    I’ve got a question :
    we’ve migrated recently to universal anlytics and we use a lot payment gateways. Since migration, all the transactions come from referrals and not ppc or organic search.
    If we use referral exclusion, can we link transactions with ppc and organic search ?

    • Georgi GeorgievJuly 3, 2015

      Hi Matthieu,

      Yes, if the transactions are coming from your payment gateways as referrals, then using referral exclusions is the way to go.


      • YLP TeamJanuary 13, 2016

        Hi Georgi Georgiev,

        We have added the payment gateway domain name in exclusion list but now google analytic showing payment gateway name in “Direct Traffic”.
        Before that its showing “Referral Traffic”.
        How you please help in this issue. We have magento community edition store.

  2. CostinJuly 27, 2015

    For Google Universal Analytics, is that the only way to fix this problem? I am looking for a workaround that doesn’t require changing settings in the admin page.

    The reason is that I am managing 600+ Analytics accounts that need this fix, and manually updating the Referral Exclusion List for each account will take a lot of time. I need an alternative similar to option #2, where I can have a URL parameter or where I can send some kind of settings to analytics.js just before it tracks the pageview, telling it to keep the original referral / analytics session.

    • Georgi GeorgievJuly 27, 2015

      Hi Costin,

      I don’t think there is an easy way to update 600+ analytics accounts with referral exclusion settings as the API doesn’t support this atm (as far as I know). I think you can still use option #2, but you need to make sure you tag all links, otherwise some payment gateway traffic may override your original referral.


      • CostinJuly 28, 2015

        Ok, I will try, although I’ve seen other articles saying that this fix no longer works with Google Universal Analytics…

  3. SandraAugust 3, 2015

    We seem to have been upgraded to Universal Analytics when migrating our ecommerce website to a new platform. It is exactly doing as you described – counting all the paypal traffic as referral traffic when someone pays. Once I exclude the referral domain from paypal, will the cpc traffic that was originally routing via paypal reappear in my referral traffic reports? I have it set up so that I can see cost and revenue in a weekly report and really need to track this info.
    Thanks in advance.

    • Georgi GeorgievAugust 3, 2015

      Hi Sandra,

      Using the above solution isn’t removing PayPal traffic from your reports, rather it makes it so that PayPal doesn’t rewrite your original (true) referrer in Google Analytics. It has no bearings on revenue tracking per se. It also has no bearing on how your CPC traffic is tracked.


  4. ViSeptember 1, 2015

    Hi Georgie,

    Very useful article, thanks! I’ve tried the first method to filter out the payment referrals. However, the referrals still show instead of the original source.

    What am I missing here?

    Thanks in advance!

    • Georgi GeorgievSeptember 1, 2015

      Hi Vi,

      Looks OK, if the sources are these. You should check your reports in a few days and see if these sources disappear after the day you applied the exclusion rules (note that this is not applied retroactively).

      If you still have issues, we’d be happy to help via our consulting service. Reach us via our contact form if you want to know more.


      • ViSeptember 2, 2015

        Seems to work just fine. Thanks again for sharing, keep up the good work :-)!

  5. ArielSeptember 10, 2015

    Hi! great post.
    Have ever experienced a case were a domain is listed in the Referral Exclusion List but it keeps appearing in the results? I’m not saying past results, I mean when checking results from days after the domain being added to the list.

    • Georgi GeorgievSeptember 10, 2015

      Hi Ariel,

      Yes, it’s possible. If there is no prior active session (that has not yet expired) then there should be a session registered with that referral. “When you exclude a referral source, traffic that arrives to your site from the excluded domain doesn’t trigger a new session”. (from the Google docs)


  6. bhanuOctober 7, 2015

    I have tried excluding refferals in admin section, but still am seeing few refferals with the payment gateways.

    Our site is still http, and payment gateways are https, does this have any impact?

    i have added the exact subdomain of payment gateway too but still the problem exists.

    • Georgi GeorgievOctober 7, 2015

      Depending on your implementation a session might end while the users is at the payment gateway so when he returns he’ll still be counted as being referred from there.

  7. SureshOctober 23, 2015

    Dear Georgi Georgiev,
    We use First method: the Referral Exclusion List for our store, But now its showing Direct Traffic instead of Referral Traffic.
    We can’t edit the payment gateway pages for second method. Is there any solution for first method.
    Please advice.

    YLP Team.

    • RicardoNovember 12, 2015

      Dear Georgi,
      I seem to have the same issue as Suresh and the YLP Team with Direct traffic. Is there a way arround this?

      • Georgi GeorgievNovember 12, 2015


        This is not what usually happens. This should only happen if people come back from the payment gateway after their session has expired and even then it mostly shouldn’t happen.

        You can try increasing the session length if there is reasonable suspicion that that’s what’s happening.

        Otherwise it’s an issue for a 1 to 1 consultation, not a blog forum discussion…


  8. RandyNovember 11, 2015

    Hi Georgi,

    I dont have this with payment refferals but with confirmation emails. GA gives credit to the email (they get a confirmation email) as refferal channel. How can i change it so that it gives the refferal credit to the primary channel (organic, cpc, social etc)? I tried searching for data about utm_nooverride=1 but they dont seem to work with UA.
    Thanks in advanced.


    • Georgi GeorgievNovember 11, 2015

      Hi Randy,

      If you’re UTM tagging those links, don’t. If you’re not and you’re simply getting traffic from webmail services as referrals, then maybe you can add the webmail domains as referral exclusions? If this doesn’t help then the MCF and Attribution Modeling reports are your best friends.


  9. JakeFebruary 7, 2016

    Hi Georgi,

    Thanks for this great article.

    Just to clarify, if I use method 1, the revenue will be attributed to the original source (rather than the referral), correct? Or will it be attributed to Direct?


    • Georgi GeorgievFebruary 9, 2016

      Hi Jake,

      Revenue will be attributed to the original source in most cases.


  10. BorisMarch 21, 2016

    Hi Georgi,

    What would be alternative recommended method to utm_nooverride for GA Universal. I’m looking for a solution to exclude referrals from emails which function as customer’s account updates (password/personal info change).

    Thank you

  11. GabrielMay 25, 2017

    Hi Georgi,

    Could you please provide more info about how to do this “Sure, you can extract the data with some work using the MCF reports or the Attribution Modeling tool, ” ?


    • Georgi GeorgievMay 25, 2017

      Hello Gabriel,

      This would take way more time and space than a comment section allows. You can refer to the relevant GA documentation, online courses, etc.