“For years we have followed our clients’ desires to secure their traffic or not, securing traffic for secure websites, and not for insecure ones. But with the increase in privacy related concerns we have made the decision to secure all communication to and from Google Analytics, protecting our clients, our client’s end users, and the broader internet,” the Analytics team wrote in an email to users.
In the help pages, Google notes that Analytics users might see some effects from this change. Because HTTPS-encrypted traffic can be slower than traffic that isn’t encrypted, Analytics may miss some short-visit traffic. The tracking pixel may have less of a chance to fire, “for example, if a user closes a page within 1 second of opening the page” when that traffic is encrypted. Another issue is that firewalls can block encrypted traffic, which means when users with a firewall visit your website, Analytics won’t be able to capture any of that visit information.
The change is effective immediately, and there is no way to opt out of the HTTPS encryption.