Add-ons, and Opting out of Google Analytics Without Them

Recently, Google made available the “Google Analytics Opt-out Browser Add-on.” This add-on enables consumers to “indicate that information about the website visit should not be sent to Google Analytics.” We agree that making it easy for consumers to protect their privacy is good, and Internet Explorer offers a variety of features to help keep you in control of your information when visiting websites. In this post, we describe how to use some of these built in features to accomplish the same outcome without installing a Browser Helper Object and the Google Update Service.

Users of Internet Explorer 7 and 8 (and soon 9) who wish to prevent Google Analytics’ script from running can follow these steps:

  1. In Internet Explorer, open the Tools tool icon menu and click Internet Options.
  2. Click the Security tab and then click the Restricted Sites icon.
  3. Click the Sites button.
  4. In the box at the top, add * and push the Add button.
  5. Click the Close button, and then the OK button to dismiss Internet Options.

After this configuration change, script from the Google Analytics website will not run on any webpage, and cookies will never be sent to the Google Analytics server.

Internet Options Restricted Sites dialog

How does this simple procedure work?  In IE7, we made a minor change to the Restricted Sites zone. IE will not run scripts that originate from sites the user places in the Restricted zone.

To protect your privacy further, IE will not send cookies to sites in the Restricted Sites zone.  In general, you can block script from any other domains by also adding those domains to the Restricted Sites zone.

Add-ons are useful and important. They are also a key cause of performance, stability, and security issues for all browsers. A more trustworthy approach involves building more functionality into the core browser and relying more on data (in the form of declarative descriptions, like XML) than code to extend the browser. For example, Accelerators in IE are XML descriptions of how to get a map, rather than arbitrary script that can get a map and possibly do more (like slow down the browser, or share more information than you’d like). Webslices are XML descriptions of parts of a webpage to show on IE’s Favorites Bar, rather than arbitrary script that can modify IE’s user interface and possibly do more than that under the hood.

In this situation, rather than install and run a lot of additional software on the machine, people can just add a web site to the Restricted Sites zone. Similarly, InPrivate Filtering in IE8 (and IE9) supports Importing and Exporting lists of sites that the user doesn’t want to exchange information with. That’s a simpler, safer, faster and more reliable approach than running more code.

Eric Lawrence
Program Manager

Comments (42)

  1. Anonymous says:

    Ha. Great stuff. I quite like the way that you're sticking two fingers up to Google, god knows somebody needs to.

    I didn't realise what accelerators / webslices were or how they worked until reading this post – I'd previously just disabled them all by default.

  2. Jeffrey Gilbert says:


  3. Amtiskaw says:

    Interesting that according a recently published article (…/SB20001424052748703467304575383530439838568.html ), you were planning far more effective privacy measures in IE8, but got overruled because they would have harmed Microsoft's own ad revenue. I guess privacy is just a far more pressing issue when it's your competitors making cash, eh?

  4. Amtiskaw says:

    Oh, and can we expect a follow up article on blocking cookies from, and

  5. Brent says:

    Great info. Thanks!

  6. The IE zone model and InPrivate Filtering are UI-wise a bit complicated but otherwise a very powerful tool :) I would suggest to improve InPrivate Filtering to also support filtering for the element type (script, iframe, img, div etc)  and attributes (width, height, alt, style, class, id, classid etc) in future versions of IE. Maybe also a whitelist mechanism to exclude sites from InPrivate Filtering. Then we could realize a full featured ad blocker in IE without code.

  7. dave says:

    As interesting a topic as this is – I almost wish it wasn't published. :-)

    Using Google Analytics has been a lifesaver for developers trying to get decent stats on what users are accessing a site and how.  I certainly understand the privacy concerns etc. but as an Analytics user myself I use it for the purpose of determining what browser / version my users are accessing my site/apps with (e.g. IE6 vs IE7 vs IE8 breakdown) and where the users are coming from (e.g. if 30% are coming from South America… maybe I should be considering a Spanish version of my site? (or Portuguese)) how many users have javascript enabled? screen size? mobile devices? time of day? day of week?

    I'm only interested in the aggregated data… trying to track to a single user is almost pointless… e.g. if 1 user is accessing via IE4 I don't care… but if 40% are I've got some serious issues to address in my target demographics.

    That all said I really do like the privacy options in browsers these days.

  8. Murray says:

    Blocking the Google Analytics script entirely will cause script errors on sites which use it, possibly breaking other functionality.  That's the whole point of the opt-out add-on, it keeps the script working but stops it from sending any data.

  9. Bob says:

    Privacy apparently matters when it involves sticking it to Google.

  10. badger says:


    Since there is no equivalent add-on for Microsoft's analytic services, it's pretty obvious that the "bias" you are attributing to MSFT is not real. As this article describes, just add those domains to your restricted sites and it will block those as well.

    @Murray  The Google Analytics script is an isolated piece of code that is inserted on each page. Blocking it from running should have no affect on the page's normal user functionality. It simply, as dave mentions, would affect the data that the web site owner receives from the Google service.  As a Google Analytics user, I'm pretty sure that the script provides no functionality if it can't send/store data. So there's no reason to keep the script working but stop it from sending any data. An icon will appear in the status bar indicating a script error, but it should have no affect on the page's functionality. In fact, according to some reports (this is actively contested, however) Google Analytics may have a performance impact on some sites. If this is true, disabling it would have a performance boost in additional to the described privacy boost.

    @EricLaw   Doesn't Google-Analytics try to use 1st-Party cookies? If that's true, wouldn't your described method not be effective at blocking the Google Analytics cookies? See…/

  11. Joe R says:

    I'm surprised some people are in awe of this article. At Apple, Microsoft gets bashed with their bias and at Google I/O conference they bash Apple and (I believe) Microsoft.  Then, we get the whole suspicion that Google isn't going to let employers purchase computers with Microsoft OS installed on them… oh, noes!   Any rate, the whole point is.. if you think it's bias of Microsoft to post this article then so be it – but guess what? So is Google, Apple, IBM and just about every other company that's trying to stay in competition.

    I personally liked the article, it's nice to see them poke at Google a little since Microsoft is always getting poked.  So, give Microsoft some credit, at least their educating those who don't know how to use restrictions in IE. =)

  12. Matt says:

    @Amtiskaw: If you need an article explaining how to type one domain name instead of another, you probably shouldn't be surfing the internet at all.

    The WSJ article is full of lies from disgruntled ex-MS advertisers and clearly demonstrates that the author doesn't understand the technological limits (auto-blocking random sites is very different than surgically blocking selected sites). And implying that this blog post somehow "hurts" Google when it merely shows how to do something Google offers an add-on to do is a bit silly.

    Now, had they said "Here's how to block * and * to make those pesky adverts disappear, well, THAT would have been sticking it to Google.

    @Murray: Clearly, you haven't bothered to try it. I've blocked ALL scripts from Google for years with no broken pages or ill-effects. The way the Google scripts are included in pages ensures that if the Google servers are down or unreachable (or blocked) there are no ill-effects.

    @Badger: yes, GA uses 1st party cookies, but if the script never gets run, then those 1st party cookies never get set by the script. erik's point was that no cookies get sent to google-syndication servers if they're restricted (assuming that any cookies exist to be sent).

  13. wechrome says:


    "…got overruled because they would have harmed Microsoft's own ad revenue. I guess privacy is just a far more pressing issue when it's your competitors making cash, eh?"

    hmm… let's get the facts straight, first and foremost, Google Analytics has nothing to do with ads, and this article has not described anything about blocking ads from google, so your whole post is moot.

  14. Michael says:

    What a lame post! Sure, the addon is probably not worth installing, but I'm sure it doesn't have an impact on security and the performance hit would be minimal. Also if Google were to every change their analytics domain name I'm sure they would update their IE addon, whereas if you added the rule yourself you would be screwed.

  15. TrollMoreNoob says:

    Yes, totally lame. Except that it's not. When you make totally unsubstantiated claims like "the performance hit would be minimal" it's obvious that you have no clue what you're talking about. Loading multiple DLLs and creating new multiple COM objects on every new tab on every site you ever visit isn't going to be free.

    While it might be hard for you, most readers of this blog know how to type a different hostname in the Restricted Zone if ever needed. Except that they won't ever need to, because Google can't change their hostname without asking millions of websites to change. Which won't happen. Which is why adding * and *.google-syndication and * and * and * and * to the Restricted Zone is so much fun! 60+% of the ads on the Internet simply disappear. Poof. Magic.

    And no, I don't want an add-on that installs the Google Update service which can drop new privacy-impacting DLLs on my system just to block the Google Analytics spyware. It's hard to believe that anyone else would make that trade. Not that Google is ever going to update this add-on anyway– it's an obvious publicity stunt that they're only doing until they can sucker users over to Google Chrome, where the spyware is built into the browser itself.

  16. badger says:

    @Michael   Google can't change the domain name. Over 50% of the web's top sites now use Google Analytics [1] and most have hard-coded the script's domain in each page's source code. If Google changed the domain they would literally break over half of the web's most trafficked sites' ability to track usage statistics. Suddenly, the world would hate them. lol


  17. Xepol says:

    I use the restricted zones to filter out a lot of web content – it really is a useful tool.  Most of my internet ads are gone, and those stupid "keyword" popup scripts that making moving a mouse near impossible over some sites are all but gone for me.  Taking back control over what your browser shows you is deifnitely a huge benefit to the internet experience.

  18. Richard says:

    @EricLaw [MSFT] or another member of the IE Team: it would be nice if it were possible in IE9 to copy & paste a list of sites in the Restricted sites window, instead of having to type in one by one. Thanks!

  19. Paul says:

    Restricted Sites Zone is one of the most useful features ever! Thank you to whoever had the idea to introduce it and whoever implemented it!

  20. Amtiskaw says:


    Why did you put the word "hurt" in quotation marks when nobody else had said it? I'm not sure you understand quoting. Or facetiousness for that matter.


    The blog doesn't mention ads, but it does mention privacy, as in "We agree that making it easy for consumers to protect their privacy is good, and Internet Explorer offers a variety of features to help keep you in control of your information when visiting websites." The purpose of my post(s) was to point out that Microsoft use tracking technologies themselves, and removed stronger privacy protection mechanisms from IE8. So they only agree to making it easy for consumers to protect their privacy to a certain extent, but not to the extent that it threatens their own revenue (from ads).

  21. Sander says:

    So where does it say how we block Microsofts ad services? Pathetic and childish post if you ask me

  22. James says:

    @Sander: Analytics do not equal ad services. They are different things.

  23. Shaw says:

    Sander: The entire post is how to block anything you want. Blocking Microsoft's ads (which are 1/10th as common as Google's) is trivial using this example. But as James points out, this isn't about blocking ads (although you can use the same technique) it's about making IE faster by doing something that Google **provides and add-on to do already** by doing it in a smarter way.

    Richard: You can use a simple registry script to import/export sites from Zones. Just don't go crazy and do tons of sites 'cuz more than a hundred will start to make IE slow.

    Amtiskaw: I read your post as very clearly implying that Microsoft was trying to hurt google. Hurt was prolly in quotes because corporations, despite their name, are non-corporeal. Microsoft did NOT "remove" stronger privacy protection mechanisms from IE8– it simply has them off by default. The reason is alluded to by Matt above– if they had turned it on by default, CDN-shared script libraries would all be broken and the user would have no idea why.

  24. badger says:

    @Shaw    While I agree with most of what you said, it's not correct to say they didn't ""remove"" stronger prviacy mechanisms from IE8. They removed InPrivate Subscriptions. However, IE8 still offers more privacy protection features than any other browser. So I don't understand what the big deal is about that WSJ article.

  25. badger says:

    @"MSDN Blog People"  Thanks for fixing the blog comments posting…..that was driving me nuts!

  26. hAl says:

    If you want to block ads use an ad-blocker like Simple-adblock. That is more effective than having to update the restricted zones list (or even the hosts file) as it uses an internet based list (easylist) that is frequently updated) and has more effective blocking methods.

    An addon like this Google addon example that has the same valuue as only one single entry is the restricted zone 's list however isn't worth downloading especially if you get some unwanted updater software included with it.

  27. Huskey says:

    Can someone write an article on what other restricted zones use in order  to filter other crap web content  as refered to above in another post.  "Most of my internet ads are gone, and those stupid "keyword" popup scripts that making moving a mouse near impossible over some sites are all but gone for me.  Taking back control over what your browser shows you is deifnitely a huge benefit to the internet experience."  how do we do this?

  28. 1. It's amazingly cool that Google writes a plug-in to opt-out of GA.

    2. @Murray raises a valid concern that the approach described here will cause errors. Luckily, this won't happen. If you use the old, slow snippet (…/gaTrackingOverview.html ) the code is wrapped in a try-catch. The new, fast snippet (…/asyncTracking.html ) only executes code if/when the script is loaded.

    3. Building more functionality into the browser is great. But browsers also need to do more work on reducing the security and performance issues of add-ons. Add-ons are critical to the growth and personalization of the Web. Browsers *are* working on making add-ons more robust, but we still need more work here.

  29. Prior Semblance says:

    If everybody blocked all ads, non-commercial sites wouldn't be able to afford hosting.  Some sites completely overdo advertising and deserve to have theirs blocked (or maybe just complain and then stop using their site?), but many other sites just have one or two well placed ads that help them pay for everything.  If you just block all advertising sites then you're hurting a lot of innocent websites =/  The restricted zone should let you block certain websites from accessing other websites.

  30. Anon says:

    Yay Steve Souders for making our websites faster!  

    Drafted and re-drafted this but then I realized IETeam is listening, but not listening *that* closely, so I should just spit it out:

    IE should really have an alternate extension model someday.  Not all Chrome and Safari extensions have access to every page, and they don't all run blocking code on tab creation.  Not native code.  Easy to write.  Portable between browsers with similar extension models.  Even a binary extension model with more asynchrony and sandboxing (out-of-process add-ons?) would be a step up.

    You wouldn't have to can the existing model (or you could can it in the distant future).  You'd just have to give the user the right tools to manage *all* their add-ons, like warnings about the permissions they're giving to extensions, an offer to uninstall really slow ones, and so forth.  Developers would naturally gravitate to the new model because there'd (rightly) be less-dire warnings up front and less chance the extension gets uninstalled later.  

    EricLaw's suggestion that the antidote to extensions is avoiding code leaves out a lot; not all code is blocking, un-sandboxed, native code.  It wouldn't surprise me if there are great debaters at internally Microsoft who have convinced folks that Apple and Google just don't know how to design software and that the way forward is minor tweaks to IE's existing model.  I don't agree; I think Apple/Google's extension ecosystem clearly isn't done yet but they're on to something.

  31. Stu says:

    The Restricted Sites zone is a great feature and I use it to block certain types of pop-ups and "Active adverts" (any generated using an ActiveX plug-in) myself.

    However I wish this feature allowed syntax like " *advert*.com " to block any website that has the word "advert" in any part of it's domain name structure (but not in a the page part of the URL).

    Sadly, good as the Restricted Sites zone is it also doesn't filter out animated GIFs nor background music (MIDI or otherwise).  Would be good if the Zone settings were updated with the options "Allow images" and "Allow background music".  Or, alternatively, how about a new Zone called "Banned Sites" where no interaction is permitted whatsoever, instead of allowing interaction and just filtering specific parts.  (I know the HOSTS file can do this but as it doesn't accept wildcards you have to add a LOT of servers…)

    Also, my thumbs down for the dumping of the InPrivate Subscriptions.  It's still mentioned on Wikipedia as being an active feature, though, oddly.  One website does offer an XML-import version of all the websites the AddBlock add-on contains so you can block them using InPrivate Filtering.  Studying the format I was excited and wanted to move away from Restricted Sites and put the entries into InPrivate instead–though, sadly, InPrivate Filtering will only block *elements*, not entire domains it seems.

  32. InPrivate filter says:

    Why do you use the InPrivate filter?

  33. Olivier says:

    @dave: most of the informations you want can be found with a log analyzer, like awstats. And I think you can add a script on each page to get more informations in awstats (like screen size,…). Others log analyzers probably have the same features.

  34. Stu says:

    @InPrivate filter

    Because the InPrivate Filtering feature can block animated GIFs that appear on a certain number of websites, something the Restricted Sites zone can't do.  Sadly, as the Restricted Sites zone *can* block certain content on an entire domain (which InPrivate can't, only specific elements) a mixture of the two are required to achieve better ad-blocking.

  35. Senthil says:


    Google's tracking services are one of the most popular if not THE most. When you have an article related to that, it makes sense to use them as an example. If you want to write an article about searching the internet, would you prefer Google or Bing? THEN you wouldn't complain would ya? :P

    @Amtiskaw .. LOL.. If you want a follow up article like this for each domain, you better go and sit in a class and learn about redundancy. The articles clearly says you can add any domain to any zone. As to why Google's was used as an example, please see above.

  36. Why is this post about Google? says:

    Becaus Google posted an add-on about how to block stuff. Turns out that add-ons have issues. The post offers a way to do what Google offered but without running more code (like, the Google Update Service?? really? I need that?).

  37. Opt-Out Ollie says:

    And how do I opt out of having non-microsoft ads showing up on my live applications and GOSH even THIS PAGE????  Don't you realize this is a WORK computer and I don't want corporate ads showing up AT ALL.

  38. Ollie Ollie IQ Free says:

    Ollie, websites don't care if you visit them from work or home. Your boss does.

    @Souders, it's amazing that Google collects all this information, and no consumer or government agency has flipped out.

  39. HardToTell says:

    It's hard to tell whether Steve Souder's "amazingly cool" comment was tongue-in-cheek or not. For peeps who don't pay attention to such things, it may be worth keeping in mind that Souders works for Google.

  40. Dan says:

    @Eric Lawrence

    When a site/domain is added to the restricted zone, why do I still see Fiddler trying to connect to the site and get a response?  In this scenario we know that we are just going to throw the response away… thus it seems rather strange that we even attempt to get it?  Is this just to try and fool "evil" servers that naive users picked up malicious files even though they didn't?

    Performance Optimizing 101 would suggest to me that if the file isn't going to be used – don't bother doing anything once you discover the path of the file is in the restricted zone.

  41. EricLaw [MSFT] says:

    @Dan: Generally speaking, that's a reasonable optimization (and something you get out of the HOSTS or InPrivate Filtering features). However, it's more complicated than it looks– the Restricted Zone isn't a "blackhole zone" and certain types of content (e.g. plain images, CSS) can run when downloaded from that Zone.

    We could apply a specialization to attempt to abort the download for the case of the script tag.

    In the case of Google Analytics, it's not a significant optimization, insofar as ga.js is cached on the client for 24 hours and is only 10k and delivered via worldwide CDNs.

  42. Dan says:

    Thanks Eric – I was fairly sure there would be a reason for it but I couldn't put my finger on it.  Knowing that "restricted" doesn't mean "completely block" clarifies what is going on.

    That said, scripts normally block rendering when they are encountered I guess IE is smart enough in this case that since it isn't going to do anything with the content that it doesn't bother waiting and skips ahead? or is IE still going to wait for the HTTPResponse before continuing?