If your GA4 Acquisition reports look suspicious — an implausibly large slice of Direct traffic, paid campaigns mysteriously merging with Organic, or email newsletters showing up as (not set) — you're not alone. Traffic source misattribution is one of the most common GA4 data quality problems, and it quietly corrupts every channel-level decision you make.

The root causes are well understood. This guide covers each one, how to diagnose it, and the exact fix.

Identify your symptom first

GA4 traffic attribution errors tend to fall into a handful of recognisable patterns. Find yours in the table below, then jump to the relevant fix.

What you're seeing Likely cause Jump to
Direct traffic is 40%+ of all sessions Missing UTMs, HTTPS→HTTP drops, or referral exclusions too broad Fix 1
Email clicks show as Direct or (none) Email links have no UTM parameters Fix 2
Paid Google Ads traffic appears as Organic Google Ads account not linked to GA4, or auto-tagging disabled Fix 3
Your own payment gateway (Stripe, PayPal) appears as a referral source Payment domain missing from referral exclusion list Fix 4
Cross-domain traffic shows as Direct Cross-domain measurement not configured in GA4 Fix 5

How GA4 attribution actually works

Before fixing anything, it helps to understand what GA4 does when a user arrives on your site. GA4 looks for a source in this order:

  1. gclid / UTM parameters in the URL — if present, these win.
  2. HTTP Referrer header — the domain the user came from.
  3. Nothing — if there's no referrer and no UTM, the session is attributed to Direct.

Most attribution problems come from one of two things: either the signal that should be there is missing (no UTM on an email link, no gclid because auto-tagging is off), or a signal is present but wrong (your payment gateway's domain sending a referrer header back to your site mid-session).

GA4 vs Universal Analytics: GA4 uses a different default attribution model than UA. GA4 defaults to data-driven attribution for conversions, but the Acquisition reports use last-click session attribution. If you're comparing GA4 numbers to old UA reports, the models are not directly comparable.

Fix 1 — Too much Direct traffic

Some Direct traffic is legitimate — people who type your URL directly or use a bookmark. But if Direct is above 20–25% for a content or ecommerce site, something is broken. The three most common culprits:

HTTPS to HTTP redirects dropping the referrer

When a user clicks a link on an HTTPS page and lands on an HTTP page, browsers don't pass the referrer header for security reasons. The session appears as Direct. The fix is straightforward: ensure your entire site runs on HTTPS and that all inbound links point to HTTPS URLs.

Dark social and untagged links

Links shared in messaging apps (WhatsApp, Slack, iMessage), PDFs, and native mobile apps don't carry referrer headers. These are genuinely hard to attribute. The mitigation is to tag any links you control — from your own newsletters, social bio links, and documents — with UTM parameters so they don't fall into the Direct bucket.

Referral exclusion list too aggressive

If you've added too many domains to your referral exclusion list, legitimate referrers get stripped and fall back to Direct. Go to Admin → Data Streams → Configure tag settings → List unwanted referrals and audit what's there. The only domains that should be excluded are your own subdomains (handled better via cross-domain measurement) and payment processors.

Fix 2 — Email traffic showing as Direct

Email clients don't pass a referrer header. Every link in every email you send will show as Direct unless you add UTM parameters. This is the single most common cause of inflated Direct traffic for B2B and newsletter-driven sites.

The UTM parameters GA4 recognises for email are:

  • utm_source — the sender (e.g. newsletter, mailchimp)
  • utm_medium — always email for GA4 to categorise it correctly
  • utm_campaign — the specific send (e.g. june-product-update)

Correctly tagged email link

https://www.webanalyticsdriven.com/blog/fix-duplicate-conversions-ga4
  ?utm_source=newsletter
  &utm_medium=email
  &utm_campaign=june-2026-digest

Case sensitivity matters. GA4 treats utm_medium=Email and utm_medium=email as different values. Use lowercase consistently, or GA4 will split your email traffic across multiple rows in reports. The default channel grouping rule for "Email" only matches the lowercase version.

Most email platforms (Mailchimp, Klaviyo, HubSpot) have built-in UTM tagging — enable it in your campaign settings and override the defaults with consistent naming conventions you control.

Fix 3 — Google Ads traffic appearing as Organic

If paid clicks are being credited to Organic Search, one of two things is wrong:

Auto-tagging is disabled in Google Ads

Auto-tagging appends a gclid parameter to every ad click URL, which GA4 uses to identify paid traffic. If it's off, clicks arrive without any paid signal and fall back to whatever the referrer says — usually google / organic.

Check it in Google Ads: Account Settings → Auto-tagging → Tag the URL that people click through from my ad. Make sure this is enabled.

Google Ads account not linked to GA4

Even with auto-tagging on, you need the accounts linked for the data to flow correctly.

  1. 1
    Open GA4 Admin Go to Admin → Product Links → Google Ads Links.
  2. 2
    Link your Ads account Click Link, select your Google Ads account, and enable personalised advertising if relevant.
  3. 3
    Verify in Realtime Click a live ad, then check GA4 Realtime — the session source should show as google / cpc, not google / organic.

Also check: if you're running campaigns on other platforms (Meta, LinkedIn, Microsoft Ads), those don't use gclid — you must manually add UTM parameters to every ad destination URL, as auto-tagging is a Google-only mechanism.

Fix 4 — Payment gateway appearing as a referral source

This is a very common e-commerce problem. When a user clicks "Pay with Stripe" or "Checkout with PayPal", they leave your domain. When they return to your thank-you page, the browser sends a referrer header from stripe.com or paypal.com — and GA4 starts a new session attributed to that domain.

The result: purchases appear to come from Stripe or PayPal as a referral source, and your actual acquisition source (the Google Ad or email that originally brought the customer) loses the conversion credit.

The fix is to add your payment processor domains to GA4's referral exclusion list.

Admin → Data Streams → Configure tag settings → List unwanted referrals

Domains to add:
  stripe.com
  paypal.com
  pay.google.com
  checkout.square.site
  secure.sagepaymentsolutions.com
  worldpay.com

Add only the domains that apply to your setup. Once excluded, returning users from these domains will have their session continue under the original source rather than starting a new one attributed to the payment provider.

Fix 5 — Cross-domain traffic showing as Direct

If your web presence spans multiple domains — a main site on yourcompany.com and a shop on shop.yourcompany.com, or a separate checkout domain — users crossing between them will appear as Direct unless you configure cross-domain measurement.

GA4 handles cross-domain tracking by appending a _gl parameter to links between your domains, which carries the session context across the domain boundary.

  1. 1
    Go to your GA4 Data Stream settings Admin → Data Streams → [your stream] → Configure tag settings → Configure your domains.
  2. 2
    Add all your domains Add every domain and subdomain that should be treated as part of the same user journey. Use "contains" matching — e.g. yourcompany.com will match both www and subdomains.
  3. 3
    Verify the _gl parameter is appending Click a link between your domains and check the URL — you should see ?_gl=... appended. If not, check that the GA4 tag is loading on both domains before the link is clicked.

Don't confuse subdomains with cross-domain. By default, GA4 treats all subdomains of the same root domain (e.g. blog.yourcompany.com and www.yourcompany.com) as the same site — no cross-domain setup needed. Cross-domain is only required when you have entirely different root domains.

Run a quick attribution audit

Once you've made your fixes, spend 10 minutes in GA4 to confirm the changes are working:

  • Go to Reports → Acquisition → Traffic Acquisition. Check whether Direct has dropped to a plausible level (under 20% for most sites).
  • Filter by Session default channel group = Direct and look at the landing pages. If you see campaign landing pages or blog posts showing as Direct, those links still need UTMs.
  • Check Session source / medium and look for your payment processor domains — they should be gone.
  • In Realtime, click through a test paid ad and verify the session appears as google / cpc.

Build a UTM naming convention doc. The biggest long-term cause of messy traffic sources isn't a technical misconfiguration — it's inconsistent UTM tagging across team members. A shared Google Sheet with approved source, medium, and campaign values prevents half of these problems from ever appearing.

Traffic source accuracy underpins every channel-level decision: where to increase budget, which campaigns are actually driving revenue, what your true organic search performance looks like. Getting it right is worth the hour it takes to audit and fix.

Want us to audit your GA4 attribution setup?

We'll review your channel groupings, UTM consistency, referral exclusions, and cross-domain configuration — and give you a clear list of what's wrong and how to fix it. Free, 30 minutes, no obligation.

More from the blog

GA4 Troubleshooting

How to Fix Duplicate Conversions in GA4
GTM

Server-Side Tagging in GTM: Is It Worth the Setup Cost?