HOW IT GETS THE PARENT URL WHEN THE GA CALL IS FROM WITHIN AN IFRAME?
Normally when javascript tries to access anything outside its frame browser throws the SAME ORIGIN POLICY Error. Especially for parent.document, parent.location etc. However, when you inspect the analytics data send going back to the server it is clear that the call carries the URL of window.top. It is nearly impossible to do this and I believe they are doing either a clever hack or are getting preferential treatment.
Example: Page : http://delhincr.kidzania.com/en-in/pages/virtual-tour IFRAME SRC : http://walkinto.in/tour/W1vLiH5CbG-yePUsrc0WM (clearly not sameorigin)
GA Call from IFRAME :
https://www.google-analytics.com/r/collect?v=1&_v=j71&a=944377214&t=pageview&_s=1&dl=http%3A%2F%2Fwalkinto.in%2Ftour%2FW1vLiH5CbG-yePUsrc0WM&dr=http%3A%2F%2Fdelhincr.kidzania.com%2Fen-in%2Fpages%2Fvirtual-tour&ul=en-us&de=UTF-8&dt=KidZania%20Delhi%20NCR&sd=24-bit&sr=1366x768&vp=1140x641&je=0&_u=CBCAAEAB~&jid=1584760177&gjid=1030794988&cid=770600375.1539312411&tid=UA-50632293-1&_gid=1805256933.1539654946&_r=1&z=1389492630
How does Google bypass this? Could it be using postMessage from the GA within IFRAME to the GA on parent page?
The (parent) URL is accessible inside an iframe with "document.referrer" if there is no constraint from the main page (like CSP).