If your site is served or requested over the insecure HTTP protocol, targeting traffic based on where visitors came from won't work. This limitation is a standard browser security feature and cannot be disabled. This affects the following types of targeting rules:
- Traffic type
- Referring URL
- Initial traffic type
- Initial referring URL
This affects all tools that rely on reading referrer data. For example, if you run Google Analytics on a site served over insecure HTTP, your reports will attribute most traffic from Facebook as "direct" traffic. Traffic will be subject to referrer loss even if your site redirects from HTTP to HTTPS if other pages link to your site's HTTP version.
Resolution:
Serve your website securely over HTTPS to maximize your ability to track and target traffic based on where it came from.
Workarounds:
Instead of targeting traffic referred from Facebook.com (for example):
- post a link on Facebook containing UTM parameters, and
- target your displays based on the parameters or the entry page URL.
More background:
Privy's audience targeting depends in part on reading a browser's referrer data, which browsers voluntarily supply to websites to indicate what URL brought the user to the current page.
Browsers do not send this referrer information when following a link from a secure (HTTPS) site to an insecure (HTTP) website. All major social networks and search engines can only be accessed securely, so if your site is insecure, then you will not get referrer data from these secure sites.