Cross-Domain Tracking: Six Misconceptions

Looker Studio Masterclass, my advanced & premium course, is now publicly available. 100% for free!

No signups, upsell funnels, order bumps, or nonsense!

Access here >>

Ahmad Kanani


In this article, first, I describe what cross-domain tracking is and why we need it. Then I will reveal six misconceptions about it. 

In today's online marketing world, we need to track what users do on our websites, from which channel do they arrive, and what the results are. Imagine users who visit a site called They come to it from a variety of sources such as a Google search, a Facebook ad, or a Google Ad, which is called its Acquisition Channel.

They interact with the site (e.g., view pages, interact with different features), which are called User Behavior. Finally, there are outcomes for the business such as submission of a lead form, or performing a transaction.

Websites exist to attract users and help them convert. In Google Analytics, we would like to monitor end-to-end user journeys, from acquisition, to user behavior, and to the outcome. 

Cross-domain Tracking

To describe cross-domain tracking, we should first know how Google Analytics tracking works. Users come to a website and interact with it, pages load, and Google Analytics tracking script -which is a piece of JavaScript- runs on the pages and collects data about the user, the page, and how they interact with it. 

Google Analytics tracking script drops a cookie on the browser to remember the user on their subsequent visit(s). 

A cookie is a small packet of information that is used to store data about users, their behaviors, and their interactions with the website. 

When Google Analytics tracking script loads for the first time and doesn't find a pre-existing cookie, it creates a new cookie, and in that process, it assigns the user a Client ID.  

Client ID doesn't mean that the user is a client of that business. It refers to the concept of client-server in a computer network. On the Internet, servers serve content such as web pages, and clients, like browsers, request web pages. 

In short, a user uses a browser (AKA Client) to request information; the server provides the demanded information. That is why Google Analytics calls the value that it uses to identify users a Client ID because it recognizes a Browser (Client) and not the actual user who is using the browser. 

What if cookies are disabled?

As long as the cookie stays on the browser, Google Analytics can read the Client ID within the cookie, and it can recognize the user as the one who had interactions with the website before, and that's the same user who is accessing the website multiple times. 

What if a user blocks cookies? There will be no way for Google Analytics to know them on their subsequent visit(s). If someone disables the usage of cookies and visits a website multiple times, Google Analytics will believe there were different users because it cannot link the visits together as one entity. 


Everything connects through the Client ID. By linking multiple visits and interactions from the same user using cookies and Client IDs, Google Analytics can link goal conversions and transactions to the marketing activities used to acquire the user. This process results in an end-to-end view of the user journey, from acquisition to the outcome.

The Problem

The problem emerges when a business uses multiple TLDs (Top-level Domains) across user navigation. 

Imagine the scenario that a business uses as their primary domain and as a domain on which they host their order form to process payments and take users’ orders.

In this situation, Google Analytics creates a new cookie and assigns a new Client ID when a user first visits The tracking will be all fine until that user goes to another page, which is hosted on a different TLD ( to make a purchase. On the new page, Google Analytics scripts run again, but it cannot access the cookie that was placed on the browser by Why? 

In the concept of cookies, this is called a third-party cookie. Websites can only access the cookies that have been placed on the browser by the same TLD, and most times by its sub-domains. A website cannot access cookies placed by third-party domains.

Security Breach

Imagine you have an outbound link from your website ( to your friend's blog ( and a user clicks on that link to navigate to your friend's blog. What happens if the Google Analytics script or another script on can access the cookies placed on the user's browser by your website and the information stored in those cookies? It would be a severe security breach. 

If websites could access the cookies placed by other websites, whenever a user travelled from a website to another, the other website could read all the information the first websites stored about the user. 

A New Cookie, a New Client ID

When users move between websites, on the second website Google Analytics neither has access to the cookie placed by the first website, nor it sees any pre-existing cookie. Thus, what it needs is to create a new cookie and to allot the user a new Client ID. Google Analytics only knows that the user has arrived from another website. It knows nothing else, and thus, it cannot link the two visits (to the referrer and destination websites) as being performed by the same user.

To fix that, when the users move between  domains, we need to send the Client ID from the referrer website to the destination website and to instruct the Google Analytics script on the destination website to use the same Client ID. And thus be able to distinguish the interactions on both websites as being performed by the same user.

This process is called cross-domain tracking.

There are different ways of setting up cross-domain tracking, and to preserve Client IDs across domains.

Link Decoration

The simplest way of setting up cross-domain tracking is link decoration, which is when Google Analytics script appends the Client ID to the URL of the target pages hosted on another domain. The Google Analytics tracking script on the destination website still needs to create a new cookie, but this way, it can use the Client ID found in the page URL and link those two visits together and understand they are both being performed by the same user.

How does link decoration work?

If we use a decorated URL method, the client ID of the Google Analytics cookie of the referrer website ( will be appended to the end of the URL of the destination website, e.g.,, for instance. 

Hence, when the Google Analytics tracking script on executes for the first time, despite not having access to the cookies placed on, and despite not having access to any pre-existing cookies set by the same domain, it can access and use the Client ID found in the URL. 

This way, we can link back all the conversions, purchases, and revenues to the actual traffic sources. 

Listen to the tragedy. If cross-domain tracking is broken, and you invest in bringing 1k visitors through paid ads, and hundreds of them navigate to to make a purchase, all those transactions will be credited to as the traffic source! 

If cross-domain tracking is broken, the client IDs on website A and B will not be identical and we. If you do not set up cross-domain tracking, you will lose the ability to link back a conversion to the original traffic source. 

There are other ways of preserving the Client ID across different TLDs, which are more complicated and are outside of the current article. 

Now that we know what cross-domain tracking is and why it is crucial. Following, I would like to address six misconceptions about it.

Six Common Misconceptions about Cross-domain Tracking

Sometimes people have difficulty setting up cross-domain tracking; sometimes they think they need cross-domain tracking; However, they do not need it. In this section, I will demystify  six misconceptions about cross-domain tracking. 

Myth #1. You need cross-domain tracking to track users across subdomains

Some people might think we need to set up cross-domain tracking to track the flow of traffic across subdomains of a website. It is not valid. By default, if Google Analytics sets a cookie on a website (, any of its subdomains (e.g., can likewise access those cookies and the values that are stored in them.

If you are concerned about cross-domain tracking between different subdomains — not TLDs; you need not be. Google Analytics will do that automatically.

Myth #2. If there’s a linker parameter present in the URL, it has been implemented properly 

Some believe that if they go from the first domain to the second domain and see that the linker parameter (_ga=) is added to the URL, then they are done. WRONG! Other things need to be set up, too — like referral exclusion. Merely having a decorated URL only means that there is an attempt to set up cross-domain tracking. It would help if you verified by looking at the hits that are sent by Google Analytics tracking scripts to Google Analytics servers and verify that the Client ID is being preserved.

Myth #3. No link decoration = No cross-domain tracking

If you do not see the linker parameter in the URL of the destination page, it does NOT mean that there is no cross-domain tracking in place. It is a definite sign that something might be wrong, but decorating a link is just one way we can set up cross-domain tracking. The other ways of doing it are more complicated and need more set up.

Myth #4. It is needed for payment gateways

The next blunder about cross-domain tracking is that you need to set it up for payment gateways (e.g., 

Cross-domain tracking only is possible when you have control over both domains

Most times, payment gateways do not allow you to put your Google Analytics tracking code on their pages because of the security reasons. 

When there’s no tracking script installed on the payment gateway pages, the only thing that Google Analytics sees is that someone left your website, possibly did something, and then came back from another source, which also causes the previous session to end and a new session to begin. In these cases, we can instead add the domain of the payment gateway to the Referral Exclusion list — which is a setting that needs to be configured at a property level in Google Analytics. Once set up, it instructs Google Analytics to ignore the payment gateway domain as a referral source and instead credit any conversions or purchase to the original source of traffic for the session.

Myth #5. It is always needed when there are multiple domains 

The other misconception is that you need cross-domain tracking whenever you are using various domains. If you want to see the same user navigating across websites and to attribute conversions to the sources of traffic, you will need cross-domain tracking. 

Nonetheless, if you want to see website A as a traffic source to website B, and you do not care from which traffic sources people arrived at website A, then you will not need cross-domain tracking. 

You can see that users come from several traffic sources to website A, and then some of them go to website B and make a purchase. For any purchases on website B, you are only interested to know that they have arrived from website A. 

For example, this might be the case when you run a blog and an e-commerce website, and you would like to understand the conversion rate of the traffic coming from your blog to your eCommerce website.

Myth #6. It’s possible to set up cross-domain tracking between different Google Analytics properties

The last one will be, when you are using different Google Analytics properties for various websites, you can set up cross-domain tracking between these websites. Incorrect.

To set up cross-domain tracking between any two or more domains, you must track all of those domains into a single Google Analytics property.

Google Analytics properties are entirely separate from each other. If you want to set up cross-domain tracking between different websites that you own and you run as part of the same business, the first step for you is to consolidate all of your trackings to a single Google Analytics property and only then you can try to set up cross-domain tracking to retain the Client ID when the user navigates across different domains. 

Join Newsletter


Join Google Data Studio Community on Facebook: share ideas, ask questions, get help from experts, and help others!


Bring your data into Data Studio, Google Sheets, and BigQuery

Learn Analytics & CRO