You connected Stripe, PayPal or Klarna, or your bank switched on 3D Secure. Since that day GA4 reports purchases with session source stripe.com, paypal.com or (direct) / (none), and your ad campaigns look like they stopped selling. They did not. The buyer leaves your site to pay, returns with the gateway as the browser referrer, and GA4 overwrites the session source with the last domain the visitor came from.
The gateway-referral flavor takes one setting in GA4 Admin called List unwanted referrals. The (direct) / (none) flavor has different causes - session timeout at the gateway, blocked cookies - and different fixes, covered further down. Below: the mechanism, the setting, when cross-domain linking is the right tool instead, and how to verify the fix with real traffic.
First, what does not happen: GA4 does not restart the session. Sessions only end on inactivity past the session timeout, 30 minutes by default - Google documents that new campaign parameters or a new referrer never restart a session. What actually happens is quieter. The return page fires a hit whose document referrer is the gateway domain. GA4 reads that as new traffic-source information for the ongoing session, and under its last-non-direct-click session attribution the gateway overwrites the source that brought the buyer. Same session, new owner. The purchase then reports under stripe.com instead of the Google Ads click or the email that did the work.
The symptom comes in two flavors, and they have different causes:
Either way the money consequence is the same: your paid campaigns under-report revenue, ROAS looks worse than it is, and budget gets cut from ads that were converting.
In GA4: Admin > Data collection and modification > Data streams, open your web data stream, click Configure tag settings, expand the settings list with Show all, then open List unwanted referrals.
Add one condition per domain, match type Referral domain contains:
To find the offenders, open Reports > Acquisition > Traffic acquisition, set the dimension to session source, and look for payment or bank domains that carry revenue. Those are the ones to list. Do not add domains that send you real customers.
Two things to know. The setting is per data stream, so repeat it if you run more than one. And it applies from the moment you save it forward - GA4 never reprocesses historical data, so past purchases stay misattributed.
Cross-domain measurement is for a second domain you own and can tag: a separate checkout domain, an SSO portal, a landing-page domain on a different TLD. It lives on the same screen: Configure tag settings > Configure your domains. Add both domains and the Google tag decorates links between them with the _gl linker parameter, which carries the client ID across so the visitor stays one user in one session.
It does not apply to payment gateways, because you cannot run your Google tag on stripe.com. For gateways, unwanted referrals is the whole fix.
Here is why that is enough. The _ga cookie is set on your domain and never leaves it. When the buyer goes yoursite.com > gateway > yoursite.com, the cookie is still sitting there on return, so GA4 already knows it is the same person. The only thing the round trip breaks is the session source, and unwanted referrals repairs that. Subdomains share the _ga cookie too, so shop.example.com and www.example.com need no cross-domain setup.
Do not trust the setting, watch the hits. Run a test order in the gateway's test mode and check each layer:
Three cases survive the exclusion list:
(direct) / (none) means GA4 had no traffic source to credit, and List unwanted referrals cannot fix it - when the gateway strips the referrer, the exclusion has nothing to match. The usual causes: the payment took longer than your session timeout, so the return started a genuinely new session with no source; analytics cookies were blocked or lost, so the buyer looks like a new direct user; or there was no non-direct source inside the attribution lookback. Start by raising the session timeout and checking your consent setup.
No. GA4 applies the setting from the moment you save it and never reprocesses old data. Past purchases stay attributed to the gateway or to direct, so judge campaign performance from the change date forward.
Start with stripe.com, paypal.com and klarna.com, then check Traffic acquisition for any other payment, bank or 3DS domains that appear as a session source with revenue attached. Only list domains that are part of your checkout flow, never domains that send you actual customers.
No. Cross-domain measurement requires your Google tag to run on both domains, and you cannot tag stripe.com or paypal.com. It is the right tool only for a second domain you own, such as a separate checkout or SSO domain. For gateways, List unwanted referrals is the correct fix.
I fix attribution problems like this for stores and agencies, usually server-side and always verified against real transactions. If you would rather have someone check your setup and confirm the numbers, email me at work@rytisbalys.com.
work@rytisbalys.com