How to triage a Direct Access spike?

When you notice Direct Access growing as a share of total traffic, several causes (referrer policies, tagging issues, third-party tools, exempt mode, bots, etc.) are all candidates. The fastest way to identify which is responsible is to break the data down along a small number of dimensions, in this order.

Step 1: Break down Direct Access by sub-type

The three Direct Access sub-types (out of site / continuity of visit / local) have very different causes. Look at the share of each in your data:

Step 2: Break down by device and browser

If the rise is in "out of site" Direct Access, the next question is which platforms are driving it. Pivot Direct Access traffic by device family and browser:

• Disproportionate iOS-Safari share → Safari/iOS referrer restrictions.

• Disproportionate Android Chrome share → in-app browser referrer stripping (typical of social apps opening links in their own browser).

• Disproportionate desktop share → less common; usually points to enterprise referrer policies, ad blockers, or browser extensions in a specific audience segment.

If the increase is evenly distributed across devices, the cause is probably content- or campaign-related rather than browser-related — continue to Step 3.

Step 3: Correlate against other traffic-source changes

Open a time-series view of Direct Access alongside other organic sources. Co-movement tells you which "real" source is being reclassified into Direct Access:

• Direct Access rises AND Search engines falls → the platforms in the Search engines category have started stripping referrers on some traffic (commonly seen with Google AMP, Chrome on Android, or Discover-style products).

• Direct Access rises AND Generative AI / Referrer sites falls → an AI tool that was being recognized has started stripping referrers, or a recognized referrer has changed its outbound link behavior.

• Direct Access rises AND Email-campaign visits fall (in src_medium) → email-distributed URLs are no longer carrying campaign parameters; check that your email-platform tagging is intact.

Step 4: Inspect landing-page URLs

If a sub-type / device / source breakdown hasn't isolated the cause, look at the landing-page URLs of Direct Access visits. Sort by visit count and inspect the top URLs.

• The same untagged campaign URL appears repeatedly → an active campaign isn't carrying utm_ / at_ parameters. Re-tag the campaign at its source.

• Specific URLs missing the Piano Analytics tag → a tagging gap. Use Tag Inspector to confirm the SDK fires on those pages.

• URLs include a redirect path → the redirect is stripping the referrer. Confirm the redirect chain preserves the referrer header.

Step 5: Correlate against recent changes on your side

If the breakdowns don't isolate an external cause, the spike may have been introduced by something you did:

• Front-end deployment. A change to the SPA navigation, the service-worker configuration, or the Piano Analytics SDK integration can affect how the first event of a visit fires and what referrer it carries.

• New third-party tool. A chat widget, consent management platform, A/B test framework, or other tool added to your pages can modify navigation or referrer behavior.

• Site migration. A domain change or URL-structure change without an updated Main URL in Piano Analytics can cause cross-site visits to misclassify.

Correlate the start date of the spike to your deployment history. If they line up, work with your front-end team to validate that page.display still fires correctly with the expected referrer on the new flow.

Step 6: Confirm bot or scraper activity

If the spike is large, sudden, and not explained by any of the above, check whether the underlying traffic looks like bot activity:

• Disproportionate single-page sessions (high bounce rate, sub-2- second visit duration)

• Concentration in specific geographies or IP ranges not typical for your audience

• Unusual user-agent strings in the visit data

If bots are responsible, use Piano Analytics' bot detection and exclusion to filter them out.