Nearly all nonprofits would like their high-value donors and most prominent policy makers to be among the most loyal visitors to their sites. This is true in some instances. Yet it’s equally likely at least some of your most frequent users come from a more familiar place: your own payroll. 

Employees and contractors can drive a noteworthy proportion of a nonprofit’s web traffic. This is a good thing of course: you want employees to stay up to date on what’s happening with your organization. However, if you’re not excluding your staff’s traffic from Google Analytics, your data may be distorted by a small segment of users whose needs are fundamentally different than those of external stakeholders who are critical to your mission. This skew can lead to misguided decisions about where to invest precious time and resources.

For this reason, we strongly suggest exploring the capability to segment staff traffic within Google Analytics. Fortunately, there are many ways to set this up. In this post, we’ll cover the most common methods, as well as share our default recommendation for nonprofit clients who care about the integrity of their data.

Common methods for segmenting staff traffic

Option #1: IP Address

In principle, the easiest way to exclude employees from Google Analytics is by using their IP addresses. In terms of setup, this is simply a matter of inputting each of these IP addresses into GA, and creating a new user category called “Internal Staff.” That’s it! You’re done.

At least in theory.

In truth, this option is workable when 100% of your staff works from the office five days a week. But it isn’t so great when some employees work virtually at least part of the time – unless your organization requires its employees to use a corporate VPN when working from home or other remote locations. This is because, unlike your office’s IP address, residential IP addresses frequently change. In this new work-from-home world, it’s unlikely that you’ll want to spend the limited attention of your IT team on consistently pestering staff members to collect their IP addresses.

An organization-wide VPN gets around this issue by giving employees a static IP address, regardless of how and where they log on. However, VPNs through a third party can be expensive for your IT department to acquire and maintain over time. And they don’t necessarily solve the problem of employees accessing your organization’s public-facing site through their personal computers or mobile devices.

Moreover, even if your organization already uses an enterprise-wide VPN, your ability to use IP addresses to segment web traffic probably won’t hold up forever. A growing number of governments are preventing sites from collecting personally identifiable information (including IP addresses); this is already the law of the land in the European Union. Thus, if your organization does significant business in Europe, or sees a non-trivial amount of traffic from the EU, we don’t recommend using IP addresses to segment your web traffic.

Option #2: Cookies

To get around the issue of dynamic and anonymized IP addresses, organizations have the ability to set a cookie in the browsers of staff members. An obvious way to do this is to send an internal email that directs employees to a staff-only page on their site (one that the general public can’t access). As long as the cookie remains on their device, people who visit this secret page can be tagged as staff and excluded from Google Analytics reporting.

However, there’s a major problem with cookies: they disappear quickly. Indeed, some users automatically set their cookies to clear every time they close their browsers. In order for cookies to be a workable solution, staff would need a new one installed on their machine all the time – as often as once a day. This is not feasible for most organizations. 

Fortunately, there’s another option that can be implemented in almost exactly the same manner as cookies, yet requires less ongoing maintenance and yields more reliable data.

Option #3: Local Storage

Instead of installing a cookie, your organization can set a value in the local storage of employees’ browsers when they visit a staff-only page of your site. Unlike cookies, local storage has no expiration date; users only need to take action once, and the data persists even when cookies are deleted. Local storage also doesn’t depend on users maintaining a static IP address. This makes it an effective approach for tagging employees for Google to exclude from your reports.

Like with cookies, local storage does have the drawback of requiring users to take a specific action on each of the browsers they use to access your site (i.e., visiting the secret page that installs the local storage value). Nevertheless, the increased data reliability that comes from this one-time effort makes this approach the one we typically recommend to clients – particularly because it doesn’t require constant monitoring by IT departments.

How to Implement the Local Storage Option

In general, there are three steps to implementing the local storage option and creating an Internal Staff audience segment in Google Analytics (which you can then use to exclude staff traffic from your reporting).

Step #1: Installing Code on Your Site

The first step is to create or designate a specific page on your public-facing website that all employees will be directed to visit. When visited, this page sets the value on users’ local storage identifying them as staff members. 

To avoid the possibility of a random user compromising the integrity of your analytics (regardless of whether their intentions are malicious), it is important this page isn’t indexable or discoverable by a search engine. One of the easiest ways to do this is to add a query parameter to the URL that triggers the tagging. You can add such a parameter to any existing page on your website. Or, if you prefer, you can create a new webpage, and prompt users to take a specific action on the page (such as clicking a button) that notifies them that their browser has been successfully tagged as belonging to an employee (e.g. “Congratulations! You have successfully opted out of Google Analytics reporting for your organization’s site.”).  

Step #2: Directing All Staff and Contractors to the Designated Page

 Next, your task is to get all employees and contractors to visit the designated page. The most effective strategy to accomplish this will depend on the size and culture of your organization. If internal emails from IT or Communications are trusted and widely opened, a mass email telling users to click the link will work just fine. To simplify the process of analyzing who has visited the webpage, and who hasn’t, you can consider personalizing the link that each user receives – perhaps making the value of the query parameter their individual email address (or a hash the email address to avoid any accidental capture of the address in analytics tooling). All recipients will be directed to the same staff-only page via their own unique link. This approach has the benefit of making it easy to see which employees have already taken the desired action, and who may require a follow-up reminder.

 If your organization controls the default homepage on employees’ work computers, you can set it to the designated staff-only page. Also, all-staff meetings can be useful for commanding everyone’s attention, particularly in a virtual environment. Staff members can be directed to take the same action at the same time, on any device on which they use your site. For organizations with strong remote work cultures, posting a link in the company Slack channel can be an easy and effective move.

Step #3: Setting up Google Analytics to Exclude Users Tagged as Staff

 Once staff members have been tagged across their relevant devices, it’s time to create a custom dimension in Google Analytics that captures these site visitors. In particular, you or a member of your IT team will direct Google Tag Manager, which collects the local storage value, to interface with Google Analytics to identify these users and put them into a new dimension (perhaps called “Internal Staff”). Once this is done, you can then create a new view in GA to exclude all staff traffic.



 No effort to remove staff traffic from your analytics is 100% guaranteed. If an overly devoted manager insists on using a hotel’s computer during their honeymoon to check your website, you can’t stop them! However, staff traffic can significantly skew your data when it lurks undercover. Not only can misleading data keep you from unlocking the most value from your analytics, it can also damage the integrity of metrics that influence key budgeting and business decisions. While it sometimes takes a bit of upfront effort to exclude staff from your GA reporting, we recommend it to any nonprofit that’s making a significant investment in its data and analytics.