Tracking user behavior via funnels

Just a bit more ‘building’…

I started with SSL certificate expiration in mind, but there’s another problem I’ve seen (not experienced first-hand) where domain registrations expire without being renewed, causing their owners unnecessary headache. So I thought about stretching my non-existent brand, and chose to go after ‘keep you from facepalm-inducing expirations of things you knew would expire’ rather than just ‘SSL certificate expiration monitor’. A few hours of work, and my site now provides domain expiration information alongside the SSL certificate details.

Screenshot of, showing the SSL cert expiration and the domain expiration details.
That’s what you get on today
  • Logging. I’m using Papertrail as a Heroku addon, and dump a single line of log for every request served by my app. Making note of the User-Agent string, the URL that was requested, and some data on the response being sent — all goes in the log. This is a very blunt way to see what the app is handling, but I fully control the detail resolution, noticing whatever errors occur and so on.
  • Uptime. I’m signing up with and have their service poke my app once a minute so I can rest assured it is up and running. I expose a specific endpoint for this check, so that it doesn’t mess up my logging, and doesn’t masquerade as a user trying to get some value from my app. The free tier of can suffice for several apps at a high monitoring frequency, check them out!
  • Security. I’m adding helmet to my app to gain a bunch of security best-practices for a web app. CSP is driving me up the wall a bit, but I get around it with some more time. Security is table-stakes, and gets harder to do well the longer you wait!

Enough building, let’s see what the users think

So you already know I used a bunch of popular websites to provide some ~light shaming~ advance warning to major brands running the risk of having an expired SSL certificate in production. I also started a tiny AdWords campaign, spending just a few dollars a day promoting my website. All this noise-making has brought around 20–30 unique visitors per day, each stepping through 1 to 5 pages before continuing with their Internet browsing plans.

Paying tribute to the SEO gods

I mentioned SEO in the previous post, so here come the details of what I’ve done. While my app is very simple, and basically has a single page, it also has a point of strength — it can be seen as an app with as many pages as the amount of websites out there! After all, each public website served over SSL can be used to generate a unique page on my website. I tweak the app a bit to support URL-path-based browsing (as opposed to query params), so /? results in the same as /ssl/ This is based on my obscure hunch that search engines would score URL-path based pages slightly higher than query-params based pages.

A graph of pages on my site indexed by Google
Crawling sitemap pages

Analytics and funnels

Google Analytics stop working for some reason. Maybe I messed something up with CSP, maybe I just clicked a button I didn’t mean to click. But a day or two go by with Google Analytics telling me I have 0 users, while my logging shows me contradicting data. I decide to go after an alternative, and end up with HeapAnalytics instead. They offer a much more product-management oriented solution, tracking user engagement with specific features. This is better for me right now, as I don’t have a clear ‘conversion’ metric just yet.

Funnels rendered by HeapAnalytics, tracking user behavior on my site
Tracking user behavior on a site with basically one page
  • A user landing on the homepage is 55% likely to check on a specific hostname
  • A user landing on a specific hostname check is 32% likely to check on another hostname
  • Both types of users are almost equally likely to ‘click through’ 4 additional hostname pages — 9% of the users go that far
  • The means I took to make it easier to stay on the site (present users with popular or somehow related hostnames for single-click navigation) are very negligible in contribution — between 2% and 5% of users actually click on those

Automating the reach-out function

Alerting major brands to the imminent expiration of their SSL certificate or domain registration is bringing in some traffic. I also hope it helps somewhat with my SEO rating (external links pointing towards my website), while being more helpful than irritating :)

What did I learn?

  • Going wide to offer domain expiration monitoring was an interesting decision. It definitely increased the app’s ‘addressable audience’, but probably cost me a bit in diluting the message of what the app is about.
  • Setting up the tech bits that give me peace of mind (monitoring, security) was a nice touch to leave the building stage aside for now. It helped me ‘turn the page’ in my mind to seeking user value with the existing offering. Don’t be afraid to ‘build just one more thing’ as long as you can see how it allows you to move forward to the next goal.
  • Seek out actions in how your users interact with your app! Finding that bit where someone used a URL in the field where I expected hostnames has gained me a few more points, instead of users giving up because the app didn’t understand what they wanted.
  • Analytics is a big deal! Many solutions, many different use-cases. Comparing the different alternatives out there was educational — I learnt what I can expect from analytics solutions. Having a reliable comparison benchmark in my own logs helped validate the analytics data I was seeing. Still a lot of ground for me to cover here, I’m sure I’m making rookie mistakes.

 by the author.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anton Drukh

Tech Executive Mentor. Previously VP Engineering and GM Israel at Snyk.