We use cookies. You have options. Cookies help us keep the site running smoothly and inform some of our advertising, but if you’d like to make adjustments, you can visit our Cookie Notice page for more information.
We’d like to use cookies on your device. Cookies help us keep the site running smoothly and inform some of our advertising, but how we use them is entirely up to you. Accept our recommended settings or customise them to your wishes.

What You Should Know About Cross Domain Iframes

Iframes act as windows within a webpage that display content located at a different URL. The content within the iframe can be located on a different website or domain, making it an ideal tool for many third-party solutions for ecommerce payments and application forms.

As Google Analytics specialists we often need to track these cross domain iframes. In this post I'll explain the data problems they can cause and what you can do to avoid them.

The tracking setup

Suppose you have an iframe on a page set up like so:

iframe box in a box

The parent page is hosted on www.TheBigBox.com and the iframe contains a webpage hosted on a different site - www.TheSmallBox.com. Tracking this kind of setup requires three steps:

  • Add a tracking tag to the parent page to track a pageview when it loads.
  • Add tracking tags to all pages in the iframe to track a pageview for each page when they load.
  • Tag the iframe source URL with query parameters so that visit data is preserved for all interactions and pageviews within the iframe.

The importance of the final point cannot be understated. Without preservation of visit data, all of that important traffic source information will be lost and any actions completed within the iframe cannot be attributed back to where the user came from, whether that be from an email campaign, Adwords campaign, referral, organic search or otherwise.

The three steps are quick and easy to implement. However, they lead us to the first of three problems with these cross domain iframes:

Problem 1 - Inflated pageviews

The double tagging means that two tracking beacons will be sent when a user loads the page – one for the parent page, and one for the iframe page. As a consequence, users will appear to have viewed one page more than they actually did - leading to an inflated pageviews metric. This isn’t much of an issue, as in our experience pageviews are a pretty poor KPI. However, it also leads to an inflated Pages/Visit metric and an inaccurate Page Depth report. This becomes even more of a problem if many of your high-traffic pages have iframes on them.

This problem can be solved by setting up a profile filter to filter out either the parent page or the first page of the iframe. Do be aware though that if you have any other things being tracked on the page, such as social button clicks or outbound link clicks, then this data will also removed if you filter out the page.

Without the filter, the double pageviews will also cause a massive problem when calculating one of the web industry’s most import metrics: the bounce rate.

Problem 2 - Unbelievably low bounce rate

A bounce is defined as a visit which only has one pageview, and the bounce rate for a page is the number of visits starting on that page that bounced. If two pageviews are fired off for a visit, then the visit will not be counted as a bounce.

Except for when there are problems with javascript or cookies, visits seeing the iframe and parent page setup will have two pageviews. The upside of this is that your apparent bounce rate for the page will be amazingly low! The downside is that it will be completely and utterly wrong. For such an important metric, this is a Very Bad Thing Indeed. It becomes a worse problem if the page has a high proportion of the entrances to the site - the very low bounce rate could actually make the bounce rate for the entire site appear significantly lower than it actually is.

As mentioned above, there are instances when there will be problems using cookies, which will mean that users won’t be tracked in the iframe. It turns out that there is a large number of these instances, which leads us to our third problem.

Problem 3 - Many of your users will be invisible to you

Google Analytics uses cookies to keep track of users, and cookie values are referenced with each and every pageview and data hit. When these cookies are set from within cross domain iframes, your browser classifies them as third party cookies. Therefore, any users blocking third party cookies will not be tracked as they move through the iframe. By default, Internet Explorer will only track third party cookies if the page setting them is P3P compliant (uh oh) and by default Safari blocks ALL third party cookies (eeek!). Most people don’t change the default settings on their browser, so that is A LOT of data that you could be missing out on.

What are the alternatives?

Cross domain iframes often host important website tools. Accurately tracking completions of these tools can be paramount to tracking site success. We’ve already explored how iframes can have a negative impact on this data, so what can be used instead of them?

One solution is to host the iframe tool on the same hostname. This means that only first party cookies will be used, so users who block third party cookies can still be tracked. Furthermore, cross domain tracking does not need to be set up and the standard tracking code can be used.

A second solution is to host the content on a different subdomain. This also means that users who block third party cookies can still be tracked, but you will also need to set up cross subdomain tracking.

The third solution is to remove the iframe and put the content directly on the page. This can be done using javascript methods such as Ajax. Where a new page would have loaded within the iframe, ajax can instead be used to load the new content asynchronously without the parent page needing to be reloaded. With this solution none of the problems mentioned above would be an issue.


Tracking users through cross domain iframes produces suboptimal data. If you use them, make sure you set up cross-domain tracking, tag the iframe source with Google Analytics cookies, and exclude either the parent page or the first iframe page if nothing else is being tracked on it. Otherwise, best practice from an analytics perspective is to avoid cross domain iframes as much as possible.

Image credit: edited box-in-a-box diagram: www.mason-uk.co.uk

Join the Discussion