Understanding bounce rate in Google Analytics

Understanding Bounce Rate in Google Analytics

What’s Bounce Rate?

Bounce rate is a metric that shows you how many visitors that do completely nothing on the page they entered. This means they don’t give any response to your internal links on the page. Internal link means a menu item, a ‘read more’ link, or any other internal links on the page. In the other words, Google analytics server doesn’t get any trigger from the visitor.

This will cause Google to think these three things:

  1. The quality of the page is low. There’s nothing inviting to engage with.
  2. Your audience doesn’t match the purpose of the page, as they won’t engage with your page.
  3. Visitors have found the information that they were looking for.

In SEO perspective, it is important to optimize every aspect of your site. By looking closely at your bounce rate, you can optimize your website even further. No wonder many SEO services attempt to keep their client’s page free from any bounce rate.

But bounce rate doesn’t mean bad all the time. In fact, it is okay to have bounce rates in some cases. As bounce rate really depends on the purpose of the page. Bounce rate isn’t a bad thing per se if the purpose of the page is to purely inform. For example, read a post or find an address.

So, the best solution is by creating a segment that contains “New visitors” only. If you discover that bounce rate of your new visitors is high, it’s time reevaluate user engagement with your site. To reduce the bounce rate, you can add a clear call-to-action, a ‘Subscribe to our newsletter’ button. Moreover, being clear from the start with what visitors could expect will also give good point to your bounce rate. There more things that you also need to consider when optimizing your page. For instance, internal links that point to related pages or posts. Having a menu that is easy to use will also prevent your site experience a high bounce rate.

From a conversion perspective, bounce rate can be used as a metric to measure success. Bear in mind changing the design of your page will shake your bounce rate. It will cause the bounce rate increase or oppositely decrease in bounces. This explains why you have low conversion rate.

Or you can also compare your site with other popular pages and learn from the pages with low bounces rates. Usually, an unnaturally low bounce rate is caused by an event that triggers the Google Analytics server. Think of pop-ups, auto-play of videos or an event you’ve implemented that fires after 1 second. Besides, you can also use a tool that can track scrolling counts. This count is helpful as you can know whether your visitors actually scroll down the page and read your content.

This makes bounce rate is different from exit rate. In general, exit rate is a metric that displays percentage of page views that were last in the session. So, it is about users deciding to end their session on your website on that particular page.

Introduction of Cross-Site Scripting (XSS) Vulnerability & How to Prevent It?

What is the Cross-site Scripting (XSS) Vulnerability & How to Prevent it

As a web developer, you may know XSS as Cross-site Scripting. It is a way of bypassing the SOP concept. An attacker could easily insert his own HTML code whenever HTML code is generated dynamically, and the user input is not sanitized and is reflected on the page. In this case, the web browser will still display the user’s code since it belongs to the website where it is injected.

The attacker could easily interject JavaScript code which would run under the site’s context. By this way, the attacker can access other pages on the same domain and read data like CSRF-Tokens or the set cookies.

The attacker can use the cookies which typically contain session identifier information, and use it in his own browser and login to the web application as the victim. Another way is by reading private information from the pages, such as read CSRF tokens and makes requests on behalf of the user.

Impacts of the Cross-site Scripting Vulnerability

There are many impacts of an exploited XSS vulnerability. It ranges from Session Hijacking to the disclosure of sensitive data, CSRF attacks and more. The attacker can impersonate the victim and take over the account by exploiting a cross-site scripting vulnerability. It might even lead to code execution on the server if the victim has administrative rights. But it will depend on the application and the privileges of the account. To get more information on how a XSS vulnerability was used in a successful attack can read about the apache.org jira incident .

Preventing XSS Vulnerabilities

The most important thing in preventing cross-site scripting vulnerabilities is to apply a context dependent output encoding. In some cases it might be enough to encode the HTML special characters, such as opening and closing tags. In other cases, URL encoding is necessary if it is correctly applied.

Moreover, your inbuilt XSS filter, even in your most modern web browsers should not be seen as an alternative to sanitization. However, they cannot catch all kinds of cross-site scripting attacks. As a result, this will prevent some pages from loading correctly. Since the idea is to minimize the impact of existing vulnerabilities, a web browser’s XSS filter should only be a “second line of defense”.

Find Out the Right Types of SSL Certificate for Your Website

Find out the right types of SLL certificate fo your website

Since, Google cybercrime gets bigger and bigger nowadays, the way Google assesses a website is change. In fact, Google is among the most proactive, they give better rewards to sites whose adding SSL certificates (or HTTPS). This makes many SEO engineers put a good attention on SSL certificate for their better SEO service. But, you need to be more careful in choosing the right SSL certificate, as there are many types of SSL certificate. Each SSL types use the same standard encryption methods but each option has their own requirements and distinct characteristics.

Option #1. Single Domain

Single domain (or single-name) SSL certificates protect a single domain. This SSL type really works well for simple and straightforward content-based sites. These sites include B2B sites, e-commerce ones where all transactions occur on a single domain. Someone has to get an authenticated domain ownership when she/he wants to get a “Domain-validated”.

Option #2. Multi-Domain (SAN)

Multi-domain SSL certificates are also what they sound like. Multi-domain SSL certificates are also referred to as “SAN” (for Subject Alternative Names). With SAN and one multi-domain SSL certificate, it will cover a suite of sites. So, they provide flexibility for covering sites that might go away or not yet exist.

Option #3 Wildcard

If you want to cover all subdomains on a single root domain or host name, wildcard SSL certificates will be suitable for you. It uses an unsecure, content-driven ‘marketing’ site on the primary domain. Fortunately, this SSL’s type can run all purchase-related through a secure subdomain. With this single wildcard SSL certificate, you can simplify the mess, and it also protects the main site.

Option #4 Organization

Organization SSL certificates works to authenticate a company’s identity and information, such as the company’s primary address, and etc. You may think that this is similar to single domain. But in organization SSL certificates, you will get more content-based sites. By this, you don’t need to secure an e-commerce or payments component.

Moreover, you also will be asked to confirm and authenticate the other organization-related details as well.

Option #5 Extended

The last option, called as extended is better known as the most secure option. They do the extra organization validation bit by verifying the domain. It also double checks the legal corporation. It will also show a green address bar on most modern browsers for your troubles. In Chrome, you’ll also get the company name like this Twitter example below:


Credibility is what you’re paying for here. But, the secure connection uses on your site are that different than any other reputable SSL connection.

Hence, by selecting the right SSL certificate types, you’ll get a single certificate to purchase and set up to protect multiple different sites.