online web analytics by

user and administrator manual


This document presents information for both users and administrators of web analytics accounts. Most of the operations described in this handbook are performed from the administration control panel.

This guide is divided into sections according to audience focus. Some sections apply to all users. The sections are:

It is recommended that new users print this document for reference while using the system. It is also recommended that all users read the entire document to better understand the full capabilities of the system. The printout normally fits on ten sheets of letter/A4 size paper.

Additional Help
Help is available in three forms while using the system. This manual covers operational topics in general, instructions are provided on individual pages where appropriate, and expandable help is available for reports and charts. The expandable help is accessed by clicking on the [+] sign appearing near the top of the page. Clicking the [-] sign when the help is visible will hide the expandable help. The expandable help covers information that is specific to the associated report or chart, such as the definition of columns, method of calculation, or interpretation of results.


Browser Requirements
The administration site requires javascript, session cookies and flash to be enabled on your browser. Many users can use the site without any changes to their browser settings. If you do not normally have these turned on, you can enable these features only for the administration site using the customisation features of your browser. The login page will warn you if these features are not detected during login.

User Security
The basis of the security features built into the system is the session cookie created when the user logs in. The session cookie will continue to exist until either the browser is completely closed down or the user explicitly logs out. If the user only closes the particular browser window, the session cookie will remain available to anyone using the browser.

While it may be acceptable for the user to only close the window in a trusted environment, it is absolutely necessary to log out explicitly when using the system in an insecure environment such as an internet cafe. Also remember to clear out the browser cache when in an insecure environment.

User Login
To login, a user should go to the home page of the administration site where the user will be redirected to the login page. Attempts to access any other page on the site while not logged in will also be redirected to this page. A first time user should bookmark this page for convenience.

User Logout
To logout a user should use the logout selection in the main menu.

User Lockout
Automatic system access protection has been implemented to prevent password guessing. Any user who fails to login correctly within three attempts will be refused further login attempts for a period of sixty minutes.

The user account is automatically enabled again after the delay period and the user will be able to login again if the proper credentials are supplied. There is no need to contact support for manual intervention. The procedure is entirely automatic.

There is no feedback to the user as to which element of the supplied credentials are incorrect or invalid.

Password Recovery
If a user forgets their password, the user can request a password reminder be sent by email to their email account by supplying the registered email account.

A reminder will only be sent if the account exists on the system. To avoid account probing, there is no indication to a user whether the account exists or not. These reminders are created automatically by the system and sent immediately.

If a user account needs to be completely reset because the user has lost access to the email account, it will be done only upon proof of authority that is acceptable to the system administrators.

This method of recovery is considered to be an exceptional circumstance and will be subject to significant delay due to the nature of the request.

Menu Navigation
The main menu is structured as a number of trees similar to a windows explorer interface. The menu panel consists of two main trees. The settings tree allows the user to select the site which will be presented in the report windows. The analytics tree allows the user to select the reports to be viewed, select administration tasks, and access useful information.

Login Information
Any user can change their email address and password using this menu selection. When changes are made, they are recorded by the system as pending changes and one or more confirmation emails are sent by the system. The changes become effective when confirmed by following the instructions contained in the email.

A password change will only require one email. An email address change will result in two emails requiring confirmation by both the old email address and the new email address. These measures protect the accounts from unauthorised changes by requiring the party requesting the change to prove access to the email accounts and that the new email address is valid.

Viewing Reports
The first step to viewing reports is to select the site which the reports should be based on. This is done from the site tree in the main menu.

On selecting a site the site dashboard is shown in the main work area. This is a graphical representation of a selection of visitor, traffic and sales statistics which highlight site performance at that point in time.

The dials contain a wealth of information through the use of colors, numbers and text in addition to the main indicator.

Some dials feature a smaller needle representing an estimate of full day performance based on the accumulated information.

The information includes current values, historical maximums, historical minimums, averages, normative ranges, units, and projections.

Once a site has been selected, the individual reports may be selected from the main menu.

Every report features expandable topical help which can be activated by clicking on the [+] symbol near the top of the report.

Most main reports are presented as daily summaries which have clickable daily links which drilldown to a more detailed report format. Some reports have other clickable links which make further information available. The specifics are detailed in the topical help made available by clicking on the [+] symbol on the report page.

Most reports include graphs. There are some exceptions where the amount or type of information precludes the use of graphs.

Report Categories
The reports section of the main menu groups reports according to interest area. The categories and subcategories are:

Additional Reports
Requests for additional reports should be submitted directly by email or telephone. Including details such as purpose, layout, relevant definitions and calculation methods will make it easier to determine whether it is possible to create the requested reports.

Extracting Value
It is entirely possible to make startling discoveries in the first few uses of the reporting modules. However, most insights are earned the hard way. Usually users will learn to recognise anomalies in their site reports only after reviewing the reports over a period of time. This time is used to build a background canvas against which reports are compared.

It should be recognised that the measurements at any given moment are imperfect. Due to the nature of the internet it is not possible to make exact measurements. However, it is possible to come very close.

Provided that users recognise the limitations, it is possible to make valid value judgements based on the available data.

The key element to making valid judgements is to understand and recognise that the measurements should be evaluated in terms of proportions and trends rather than as absolutes.

For example, it is foolish to say that there were exactly 50,201 visitors on a particular day. It would be more correct to surmise that there were significantly more visitors on a particular day than usual, or that there is an upward trend in the number of visitors.

Audit Statements
Independent audit statements are sometimes requested by third parties for various reasons. Once the client and the third party have reached agreement on the contents of the audit statement the statement will be compiled and posted on the measurment site with an access code.

The access code is then sent to all stipulated parties so that the statement can be accessed.

This method of delivery has been selected to ensure that the report is not tampered with.


System Concepts
The administration and security system is built around the concepts of accounts, sites and users. The relationships between the three are created by the account holder and authorised delegates.

An account is the primary administrative unit that is responsible for all sites administered within the account. Billing is always done at the account level.

A site is normally a domain for which statistics are being collected. However, it is possible and common for a number of related domains to be grouped together as one site for data aggregation purposes.

A user is simply a person who has login privileges on the system. The privileges held by a user are granted by the account holder or their delegates. A specific user can be granted rights in multiple accounts. User identifiers must always be a valid email address. This requirement is enforced by the system through validation emails sent to the submitted user name.

New Accounts
A new account has only one user assigned at the time of creation and no sites associated with it. The user is the default account administrator who has the privileges required to create other users, grant privileges to users, and create sites.

Account Administration
The account administration area is used by an authorised user to edit the account contact details, account payment details, add sites to the account, and designate additional administrators.

Site Administration
The site administration are is used by an authorised user to create html tracking code for insertion into site pages, create a html page for setting a cookie to block tracking information from a specific browser, create additional authorised user logins, and manage rights for existing user logins.

User Administration
Authorised administrators can grant and revoke the specific permissions to which they have permissions to perform on user accounts.

For example, a site administrator might grant visitor privileges to a user that is already an account administrator on another account. In doing so, the administrator is not shown or given any access to privileges that the visiting user might hold in their own or other accounts.

This feature allows users to login and use the system across all sites where they hold privleges using a single identity without exposing information that should not be shown to other parties.


Tracking Code
The only requirement for a successful implementation of the measurement system is the insertion of the supplied html tracking code into the pages to be tracked.

However experienced administrators and developers have opportunities to greatly enhance the value of the information if consideration is given to the factors governing the full capabilities of the system.

Sites Using Session Identifiers
Some sites use session identifiers inserted into url query parameters as a means of session tracking. This technique is usually implemented by means of dynamic pages generated by a scripting environment such as php, coldfusion, asp or For example, coldfusion uses the two query variables CFID and CFTOKEN.

These session variables will prevent reports from grouping pages that vary only by the session variable as a single url.

To treat this type of url as a single url the tracking code must be used with a special parameter to cause the grouping to take place.

If a site uses session identifiers in query parameters, please contact support for assistance in modifying the tracking code before implementation. There is no charge for this assistance.

Creating Tracking Codes
Tracking codes are created using the site administration page. Both http and https versions can be created depending on the requirements of the hosting page. The generated tracking code is presented in a text box which the user can select and copy in preparation for a paste operation into an editor.

It is suggested that a copy is made into a plain text file for convenient reuse or distribution.

If the tracking code is emailed, it should be sent as a text attachment to avoid corruption due to line wrapping performed by the email client.

Inserting Tracking Codes
The tracking code is sensitive to line breaks and format. It is important that they be inserted into web pages in the designated format.

The best method is to use a plain text editor such as notepad.

If a html editing tool such as dreamweaver is used, it is the responsibility of the administrator to ensure that the code is inserted in the proper manner.

Privacy Policies
The measuring ability of the tracking code is at its best when browser cookies are available. One of the factors affecting the ability of the tracking code to set cookies is the existence of a compact privacy policy. Administrators should ensure that a suitable compact privacy policy is made available to browsers on their sites.

Some jurisdictions also require the publication of a privacy policy as a matter of law.

Library Files
Note that the library files referenced in the tracking codes are served by the measurement servers. This is done to ensure that the correct version is delivered to the client at all times, and to ensure that the delivery is as fast as possible. Compression and caching is used whenever permitted by client browser settings.


Site Grouping
A site identifier is assigned when a site is created in the administration panel. This site identifier controls the grouping of data that is presented together when generating reports. Since the site identifier is independent of the site name multiple sites can be included in one grouping as long as the same identifier is used for the tracking code inserted into all sites in the group.

Secure Sockets Layer
The tracking mechanism works transparently with the secure sockets layer version of the http protocol, https. The difference is in the dns names of the script and measurement servers. The code generating function of the site administration page includes a setting for the use of the https protocol which causes the correct code to be generated for https pages containing the code. Using the non-https version of the code will still work, however users will be prompted by their browsers that the page contains insecure elements. These prompts are eliminated by using the proper versions of the html tracking code.

Sites and Session Identifiers
Some sites use session identifiers inserted into url query parameters as a means of session tracking. This technique is usually implemented by means of dynamic pages generated by a scripting environment such as php, coldfusion, asp or For example, coldfusion uses the two query variables CFID and CFTOKEN.

These session variables will prevent reports from grouping pages that vary only by the session variable as a single url.

To treat this type of url as a single url the tracking code must be used with a special parameter to cause the grouping to take place.

If a site uses session identifiers in query parameters, please contact support for assistance in modifying the tracking code before implementation. There is no charge for this assistance.

Variable Definitions
The tracking code uses a number of user settable parameters for maximum flexibility. Part of the tracking code reads as follows:


The parameters from left to right are:

site identifier
measurement server
sales amount

A static version of the tracking code is generated using the site administration page. All parameters are mandatory.

However it may be necessary to use dynamically generated tracking code on certain pages. The most frequent reason for this is to fill in the sales amount parameter.

Another situation where it is necessary to use dynamically generated tracking code is where the same page is used on both http and https pages. In this case, the proper server names must be filled in. The recommended procedure is to generate static http and https versions, then use these as include templates for the dynamic pages.

Ads and Affiliates
Inbound ads and affiliate links should be carefully planned. The capabilities of the measurement server present opportunities to identify,categorise and measure this traffic source.

As a minimum, the inbound links should contain a identifying parameter such as an affiliate id or campaign id.

Note that it is possible to include query parameters in links to static pages. The parameters will be ignored by the web server but the correct page will still be delivered to the client without error. However, the values of the query parameters remains available to the html tracking code and will be recorded as part of the measurement process.

Sales and Refund Tracking
The one difference between normal tracking and sales tracking is the substition of a non-zero value for the sales amount in the tracking code parameters. See the section on variable definitions for the location of the sales amount parameter.

For the most accurate tracking it is important that every sale page contain the correct value and that all other pages contain a zero for the sales amount parameter.

The measurement server filters duplicate sale values from a session to account for users who use the back or reload button to see a sale again. Developers may find it useful to filter the value using on page techniques as insurance to avoid duplicate sales measurements.

The most suitable location for tracking a valid sale is on the final sales confirmation page. This is sometimes called the thank-you page.

This will work even when using a third party web site to process the sale as long as the user is returned to the originating site and the site has access to the sales amount while generating the thank-you page.

If the value is not available or the customer is not returned to the originating site, then the only alternative is to set the amount just before the user is sent to the third party server.

It does not matter if the user is sent using a redirect, a get, or a post transaction as long as the sale amount is set in the required parameter in the tracking code.

If tracking refunds is desired, then negative amounts representing the value of the refund to be deducted from total sales can be used. The sales count numbers should then be interpreted as the number of transactions rather than the number of sales.

Shared Session Identifiers
It is possible to share session identifiers between the originating site and the measurement site. By sharing session identifiers the originating server is relieved of the need to create session identifiers since a unique session identifier is already generated by the tracking code. The session identifier is stored as a named session cookie value in "_c11b_", omitting the double quotation marks. It will be in the form of a unique cryptographic hash consisting of 40 hexadecimal characters.

Exempting Browsers
It is possible to exempt specific browsers from being included in the statistics measured by the tracking code. This is normally done to prevent internal users from skewing the measured results. The mechanism used is a permanent first party cookie that is set by visiting a specific page created for the purpose of setting the cookie value.

The usual policy is to create the page as an orphan page on the site with no links referencing it. The users that are to be exempted from tracking are then instructed to visit the page with their usual browser. This affects only the browser used to visit the page. Users using multiple computers, or using mutliple browsers will need to visit the cookie setting page with each browser.

The site management interface can generate the correct code to create a page on the originating site for this purpose.

An alternative is to use the code as a pattern for integration into some page that is regularly used by the exempted group such as a login page.

Tracking 404 Page Not Found Errors
Missing pages on a site can be tracked by using a custom error page containing the standard tracking code. Most popular servers will pass the requested url as a parameter when the custom error page is invoked. By including the parameter in the url of the custom error page, it will be inserted in the data returned and stored on the measurement server ready to be included in reports.