Dark traffic in analytics
Dark traffic (or dark social) is genuine human traffic whose source is lost, so it falls into the Direct bucket. It comes from links opened inside apps and messaging clients, email programs, documents, and secure-to-insecure transitions that strip the Referer header. The result is an inflated Direct channel that hides real acquisition. This page explains the mechanisms that erase the referrer.
What this means
When a browser cannot supply a referrer, analytics has no source to attribute, so the session is bucketed as Direct. Many real journeys lose the referrer: links opened from native apps and messaging clients, links clicked in desktop email programs, links in PDFs and documents, and navigations from a secure (HTTPS) page to an insecure (HTTP) one, which the browser strips by default.
Referrer-Policy settings on the linking site can also reduce or remove the referrer entirely.
What it hides
Because dark traffic piles into Direct, it overstates Direct and understates social, email, and partner channels — the very sources marketing wants to measure. Tagging your own links with campaign parameters recovers attribution for sources you control; the rest can only be estimated by landing-page patterns.
- App and messaging links often carry no referrer
- HTTPS-to-HTTP hops strip the Referer header
- Referrer-Policy can remove the referrer
- Tagging your own links recovers what you control
How it appears in analytics and logs
Direct traffic to deep internal URLs that no one would type is a hallmark of dark traffic — the visit is real, but its referrer was stripped before analytics could read it.
Diagnostic use case
Recognize that a large Direct bucket is partly dark traffic with lost referrers, and use campaign tagging to recover the sources you control.
What WebmasterID can help detect
WebmasterID can show how much Direct lands on deep pages, helping you size dark traffic and tag the campaigns you control to shrink it.
Common mistakes
- Assuming all Direct traffic is type-in or bookmarks.
- Not tagging shared links, so they fall into dark traffic.
- Ignoring deep-URL Direct as a dark-traffic signal.
Privacy and accuracy notes
Referrer stripping is often a privacy or security feature (Referrer-Policy, HTTPS-to-HTTP). Dark traffic is a side effect of protecting users, not something to defeat by fingerprinting.
Related pages
- Direct traffic as a catch-all bucket
Direct traffic is often misread as 'people who typed the URL'. In practice it is a catch-all for any session with no usable referrer or campaign: untagged links, stripped referrers, app and messaging clicks, and redirects that lose data. When other attribution fails, direct swells. This page explains what really lands in the direct bucket and how to shrink it.
- Self-referrals and lost attribution
A self-referral is when your own site shows up as a referring source in your reports. It usually means a session was broken and a new one started attributed to your domain, often when a visitor crosses subdomains or returns from a payment provider. Self-referrals fragment sessions and steal credit from the real source. This page explains the causes and the fix.
- URL parameters splitting page reports
When URLs carry query parameters — campaign tags, ad-click IDs, session tokens, sort and filter state — analytics often treats each variant as a different page. One article scatters across dozens of rows, no single line shows its true total, and cardinality balloons. This page explains how URL parameter noise fragments page reports and how normalising paths fixes it.
- Campaign links
Tag shared links to shrink dark traffic.
Sources and verification notes
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.