I am sure you are all in the know of the new buzz, Google Analytics. You may not know, they used to be called Urchin, but all urls to the old site redirect to google now. So, yes, google bought them.

For my clients, Urchin worked well, it gave them the stats and data they need in regards to their website traffic. It seemed to handle the load of it’s users and
“just worked™”.

This is a small little bug report about Google’s new system. I happen to have a friend at a convention now, something to do with “search”, Google is there, we will see what they say.

Here is the breakdown:

Previous urchin code line:
<script src="/__utm.js" type="text/javascript"></script>

As you can see, we call the file and put it wherever we want. It also has smarts in it to know what port, ie: 80 or 443 for SSL.

The new way:
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>

As you can see, this explicitly calls the protocol as “http”.
This is bad, as when you hit an SSL page on Windows, it pops up an alert that tells you some items are secure, and others are not. If you read the details, it gets scary and tells you this tactic can be used to trick people etc etc.

Fine you say, just make the line smart to change the http to https as needed. Google is set up to handle it over both protocols. However, the certificate they use for SSL is not valid, as there is a host name mismatch. This of course, tosses up a more severe error depending on the users settings. It even freaks Safari out as well.

They are using the common name www.google.com for the cert, and they need to buy one for www.google-analytics.com

The only solution, would be to download the JS code they have, and run it locally, like we did with urchin. However, knowing how fast Google advances, that could be dangerous, as we may break the entire system of reports on our end.