Unwanted referrals and exclusions
Unwanted referrals are domains you do not want treated as a traffic source — payment gateways, single sign-on providers, and your own properties. Left unmanaged, a return from them starts a new, self-referred session and steals credit from the real source. A referral-exclusion list tells analytics to ignore those domains. This page explains unwanted referrals and how to configure the exclusion correctly.
Why some referrers are unwanted
When a checkout sends a visitor to a payment gateway and back, or an app hands off to an identity provider for login, the return visit carries that intermediary as its referrer. Analytics, taking the referrer at face value, may start a new session credited to the gateway or provider rather than the campaign or search that began the journey.
The symptom is a payment processor or login domain appearing among your top traffic sources, which it is not.
- Payment gateways appear as referrers on return
- Auth/SSO providers break the journey at login
- The real acquisition source loses credit
Configuring the exclusion
Add intermediary domains and your own properties to the unwanted-referrals (referral exclusion) list so a return from them does not reset the session source. In GA4 this is a configuration on the data stream. Keep the list current as you add providers, and be precise with domains so you exclude only what you intend.
Validate by confirming the excluded domains no longer appear as sources and that sessions are no longer fragmenting at those boundaries.
How it appears in analytics and logs
A payment gateway or auth domain ranking as a top source means it is not on the unwanted-referral list and is fragmenting sessions.
Diagnostic use case
List payment, auth, and own-domain referrers as unwanted so a return from them does not break the session or overwrite acquisition source.
What WebmasterID can help detect
WebmasterID keeps a journey within one first-party property, so a hop to a payment or auth domain does not manufacture a new referred session.
Common mistakes
- Leaving a new payment or auth provider off the list.
- Excluding a domain too broadly and hiding real referrals.
- Treating an intermediary referrer as a genuine source.
Privacy and accuracy notes
The exclusion list matches referrer hostnames, not visitor identity. Configuring it requires no personal data.
Related pages
- Self-referrals and lost attribution
A self-referral is when your own site shows up as a referring source in your reports. It usually means a session was broken and a new one started attributed to your domain, often when a visitor crosses subdomains or returns from a payment provider. Self-referrals fragment sessions and steal credit from the real source. This page explains the causes and the fix.
- Referrer exclusion list mistakes
GA4's unwanted-referrals (referrer exclusion) configuration tells analytics not to treat certain domains — payment gateways, SSO providers, your own domains — as new traffic sources. Get it wrong and you either fragment sessions (under-listing a gateway) or erase real referrers (over-listing). This page explains the mechanism and the two-sided error.
- Direct traffic as a catch-all bucket
Direct traffic is often misread as 'people who typed the URL'. In practice it is a catch-all for any session with no usable referrer or campaign: untagged links, stripped referrers, app and messaging clicks, and redirects that lose data. When other attribution fails, direct swells. This page explains what really lands in the direct bucket and how to shrink it.
- Attribution analytics
Keep credit with the source that began the journey.
Sources and verification notes
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.