How good/bad the exit intent pop-ups? What is Google’s perspective?

Hi all,

We have launched the exit intent pop-ups on our website where a pop-up will appear when the visitor is about to leave the website. This will trigger when the mouse is moved to the top window section; as an attempt by the visitor to close the window. We see a slight ranking drop post this pop-up launch. As the pop-up is appearing just before someone leaves the website; does this making Google to see as if the user left because of the pop-up and penalizing us? What is your thoughts and suggestions on this?


Traffic dropped to nothing after Google’s change to canonical URL… what can I do?

Hello SEO experts,

Please, forgive me for how naive my question that will sound to professionals :)

I've been blogging for 15 years. Traffic was always steady or increasing, but it dropped to almost nothing in August 2018. This aligns with the following:

Google Search Update
An event has occurred in Google Search that might affect your site's data."

And when I look up the event, I get to:

All metrics are now assigned to the Google-selected canonical URL of the page linked to in…

Traffic dropped to nothing after Google's change to canonical URL… what can I do?

Google’s recommendation of server-side authentication over client-side

I’m currently building an Android application that utilises some Google APIs. I have also created a back-end using Flask, to which my Android application makes calls to.

One main problem I encountered was getting the user to authorise the app to access their Google account data (such as access to their Google Calendar) via logging in to their Google account.

Whilst looking at possibly handling this within the Android application (client-side), I encountered this page, where at the top it states:

Although it is recommended that G Suite APIs are called from a server using server-side authentication, these APIs can also be called using the Android SDK.

Note: It is highly recommended to call G Suite APIs from a server environment rather than a mobile environment.

Why is this the case? What are the advantages and disadvantages of handling authentication on the client-side?

How to stop Google’s “Google prevented suspicious attempt…”

I tried login in to my Gmail account from another city…

A week has passed, and everytime I do a google search or use a google product, I keep getting this message at the top: “Google prevented suspicious attempt…”

I do NOT know what they want me to do? But I am seriously getting tired of dismissing it.

I realize that I can turn off the alert all together…

But is there a way I can just confirm that the activity was by me, and make it stop alerting me…

Btw, I have already clicked the “review activity” button several times…

Like I said I know how to turn this feature off altogether – that’s not what I’m after…

How to get into Google’s Tops Stories?

Hi All,

I have been doing research for a few weeks and I cannot for the life of me figure out why I cannot get my website (Racenet) into the top stories in Google.

We are in Google News, have "news article" schema, have AMP pages. Our news articles also perform quite well organically and we typically dominate the Google News section.

We have two main competitors (Punters and Just Horse Racing) who are both in top stories and I cannot find anything that we are doing that they aren't….

How to get into Google's Tops Stories?

Can you specify an accout to use with Google’s “.new” doc creation URL?

I am usually logged in to multiple Google accounts, and I have been using links like these to create sheets (docs, etc.) in the respective accounts:


There is now a fancy new way to create Google docs with .new:

  • Docs:,,
  • Forms:,
  • Sheets:,,
  • Sites:,,
  • Slides:,,

I’d like to use those shorter URLs, but I need to be able to specify an account. I’ve tried a few variations, but they haven’t worked:


So is there any way to use the .new shortcut URLs to create new Google docs, and specify which account to create them with?

Root domain missing description in Google’s index after redirecting to subdomain

I have set up my site at www.mysite.example.
Google did index it and I can search it, find it and view the site description and title.

I have created a redirect rule from mysite.example to www.mysite.example,
but when I search for mysite.example, Google shows the no description box.

How can I set mysite.example to display www.mysite.example, or even better,
to hide mysite.example completely and display only www.mysite.example?

My site is served using nginx.

Is there a way of disabling Google’s password recovery feature?

I have a YouTube channel which is under a different Google account to my normal one. I have a secure password with it, and an alternate e-mail address set up, but I thought I’d see how secure the password recovery feature was and whether I could gain access with hardly any information.

It took me 10 minutes and I had full access. They sent a password reset link to an e-mail address I entered that has never been associated with my account in any way. They also never sent me an e-mail at the actual address associated with the account to tell me that the password had been changed by someone else, so if someone else had gained control of the account I wouldn’t even have been notified of it!

This is all I had to do to get access:

  • Enter the YouTube username.
  • Click Verify identity.

Google password help options

  • Enter an e-mail address that they would later send a reset link to if they liked my answers.
  • Answer about 20 questions.

The first one was this:

Form prompting for last password you remember and last time you were able to log in

I entered a completely random word.

Most of the rest of the questions are optional and can be figured out really easily by actually viewing the info on the YouTube channel. For example,

  • What date (roughly) did you join Google?
  • Select from this list the Google products you use and when you started using them.

At the end it said that it could take a day for someone to review the answers, but the e-mail with the reset link came through in the next few minutes.

In my opinion this is appalling and I don’t understand how they could have made such a mess of it. I don’t use two-factor authentication but I would hope that this would make some difference.

When you change your password they force it to be of a certain standard, and they even block you from using previous passwords. This is all good but completely pointless if it can be bypassed by anyone so easily.

On the subject of the ‘last password you remember’

Does this mean that Google is storing account passwords in clear text? If they were creating hashes then don’t understand how an answer to this question would be of any use to them as they’d have no idea how similar the one entered was to the actual one in the database.

Here’s my actual question!

Is there a way of either disabling the whole password recovery system altogether? Or is there a way of just disabling the ‘Verify your identity’ bit, which in my opinion shouldn’t even exist in the first place? It should at least be an opt-in feature.

I also think they should allow you to disable the option ‘Receive via: an automated phone call’ because anyone can answer the phone and get the confirmation code really easily. If the number you’ve got set is your mobile you will probably have a lock screen so random people can’t read your messages, but anyone could answer a phone call even if it is locked. I know that some phones show a preview of new texts so you have to be careful of that as well (but that’s not Google’s problem).

I realise as well that they might have used the fact that the requests were from the usual IP address, but I still don’t think this is anywhere near enough info to unlock the account for someone.