Your 404 Page Is One of Your Top Pages in Google Analytics — Now What?
A client called us not long ago with a question that stopped them in their tracks. They'd been reviewing their Google Analytics dashboard — something most business owners do infrequently and usually with a vague sense of unease — and noticed something strange. Sitting right there in their top pages report, somewhere between the homepage and the services page, was /404. Their error page. Their "page not found" page. A page that isn't supposed to exist was one of the most-visited pages on their entire site.
They asked the natural follow-up question: what were people clicking on to get there?
And the honest answer we had to give them was: we don't know. Not from Google Analytics alone.
That gap — between knowing that something went wrong and knowing exactly what and why — is one of the most common and most instructive blind spots in website analytics. And it turns out that understanding it fully opens up a much bigger conversation about how websites actually track visitor behavior, what different tools can and can't tell you, and what the difference is between a cookie and an IP address as a tracking mechanism.
Let's start with why the 404 problem is more common than anyone expects — and then build out from there.
Why Your 404 Is a Top Page (And Why It Matters More Than You Think)
A 404 page showing up as a top destination in your analytics is not a fluke. It happens constantly, and there are several common causes, most of which are invisible until you go looking.
The most frequent culprit is an internal link that broke at some point — a page was renamed, a URL was restructured, a menu item was updated — and the old link was never redirected. Anyone clicking that link from any page on the site gets sent straight to the 404. If that broken link is on a high-traffic page like the homepage or a main service page, the 404 volume accumulates quickly.
The second common cause is an external link pointing to a page that no longer exists. This could be an old blog post, a press mention, a backlink from another website, or a social media post that linked to a URL that's since been deleted or changed. Every time someone clicks that external link, they land on the 404.
The third is a direct URL someone typed or bookmarked incorrectly — a forgotten hyphen, a capitalization error, an outdated link saved in someone's browser from two years ago.
73.72% of people who reach a 404 error page will leave your website and not return. And only 23% of visitors that have met with a 404 page make a second attempt to find the missing page. Capturly Blog
That's the real cost of the 404 problem. It's not just a technical annoyance. It's a leak in your funnel — qualified visitors who found you through search, a backlink, or a social post, landed on a dead end, and left. Permanently. And without the right tools, you never knew they were there or where they came from.
What Google Analytics Can and Can't Tell You
Google Analytics tells you that the 404 page received X visits in a given time period. It can tell you the source of those visits — organic search, direct, referral, social — in aggregate. It can show you the previous page in the session for some of those visits.
What it cannot reliably show you is the complete session-level path of every individual user who hit the 404. You can see traffic flow in aggregate, but reconstructing the exact journey of a specific visitor — what they clicked, where they came from, what they were trying to reach — requires something Google Analytics was not designed to provide.
The tool most people already have installed that gets somewhat closer is the HubSpot tracking code. If your website has HubSpot's tracking script running, HubSpot logs page views at the contact level for any known contact — meaning anyone who has previously filled out a form, clicked an email link, or otherwise identified themselves to your system. For those contacts, you can go into their contact record and see a full list of pages visited, including the 404, and the session in which it occurred.
But here's the important caveat: HubSpot's page view tracking only works for known contacts. For anonymous visitors — which is the vast majority of your traffic — HubSpot knows they visited, but not who they are or what their full session looked like before they hit the 404. You know a session happened. You don't know what produced it.
This is where a different category of tools becomes important.
Session Recording Tools: The Full Replay
The most direct answer to the "what did they click to get there" question is a session recording tool. These tools install a JavaScript snippet on your website — similar to how Google Analytics works — and record every session as a visual replay. You can watch, like a video, exactly what a specific visitor did: what pages they visited, in what order, where they moved their mouse, what they clicked, how far they scrolled, and where they got stuck or left.
For the 404 problem specifically, session recording tools are transformative. Rather than looking at aggregate data and trying to infer what happened, you can filter for every session that included a 404 page view, pull up those sessions, and watch exactly what path led each visitor to the error.
Using custom tagging, you can tag sessions where users encounter 404 pages and set up a notification to alert yourself via email or Slack once a session with a 404 has been recorded. By watching session replays, you can understand where the 404 happened and also the user journey that leads to it — uncovering potential patterns or issues causing the 404 errors, whether broken links, malfunctioning buttons, or something else. Mouseflow
The major tools in this category are well-established and widely used:
Hotjar is probably the most common entry point for small and mid-sized businesses. It offers session recordings, heatmaps, and user feedback tools. The free tier is genuinely useful for getting started. It automatically captures sessions and lets you filter by page visited, device type, and behavioral signals like rage clicks — when someone clicks the same element repeatedly in frustration — and u-turns, when someone navigates back immediately after landing on a page.
Mouseflow is a strong alternative with particularly robust friction detection. Mouseflow automatically detects 7+ friction signals including rage clicks, dead clicks, click errors, JavaScript errors, 404 errors, and speed browsing, with a friction score per session and visual friction heatmaps. Mouseflow It automatically tags sessions containing 404 errors so you don't have to hunt for them manually — you can set up an alert and get notified the moment a session with a 404 is recorded.
Microsoft Clarity is free, has no session limits, and integrates directly with Google Analytics. It's a remarkably capable tool for the price — which is zero. The session replay quality is solid and the automatic detection of rage clicks and quick backs makes it easy to surface problem sessions without watching hours of footage.
FullStory and LogRocket are enterprise-grade options used primarily by software companies and larger e-commerce operations, with more sophisticated data analysis capabilities, funnel tracking, and developer tools.
For most small and mid-sized businesses, installing Hotjar or Microsoft Clarity — both have free tiers — is a straightforward, immediate fix to the "I can see the 404 in analytics but I don't know what caused it" problem. Within a few weeks of installation you'd have enough session data to identify exactly which links are broken and exactly what visitor journeys are hitting the dead ends.
IP Tracking vs. Cookie Tracking: What's Actually Different
The 404 problem naturally leads to a broader question that most businesses haven't thought through: how does website tracking actually work? When a tool "knows" someone visited a page, what mechanism did it use to figure that out?
There are two primary mechanisms — and they work very differently, have very different capabilities, and carry very different privacy implications.
Cookie-based tracking is what most consumer-facing analytics and session recording tools use. When a visitor arrives at your website, the tracking script places a small text file — a cookie — in their browser. That cookie contains a unique identifier. Every time the same browser visits the same site, the cookie is read, and the tool knows it's the same person. This is how GA4 builds sessions, how Hotjar creates individual session replays, how HubSpot knows that the same anonymous visitor has been to your site three times.
The power of cookie-based tracking is session-level detail: you can see exactly what a specific visitor did within a session and across multiple sessions over time, because the cookie creates a persistent identifier for that browser. The limitation is that cookies are browser-specific, device-specific, and increasingly blocked. Safari and Firefox block third-party cookies by default. Many users run ad blockers that strip tracking cookies. And critically, cookies require consent under GDPR and similar privacy regulations — which is why you see cookie consent banners on nearly every website you visit.
IP-based tracking works differently. Every device that connects to the internet does so through an IP address — a unique numerical identifier assigned by the internet service provider. When someone visits your website, their IP address is visible in your server logs. IP tracking tools take that address and compare it against large databases that map IP ranges to companies and locations.
IP-based identification matches visitor IP addresses to company databases with 70–80% accuracy rates, revealing which organizations browse your site. Cookie-based tracking provides deeper insights into repeat visits and engagement patterns. The most advanced solutions combine multiple data sources and cross-reference databases to provide higher accuracy and richer company insights. Landbase
The key distinction is what each mechanism can actually tell you. Cookie tracking tells you about individual behavior over time — what a specific browser did, page by page, session by session. IP tracking tells you about organizational identity — which company's network a visitor is coming from — but not about the individual within that organization.
This is why IP tracking is primarily a B2B tool. If a visitor hits your website from an IP address registered to a company like a mid-sized manufacturer or a regional law firm, an IP tracking tool can tell you "someone from that company visited your pricing page three times this week." It cannot tell you which person at that company it was, what else they did on the web, or what their name is. But for B2B sales teams, knowing that a target account has been actively researching your services — before any form fill, before any email, before any conversation — is enormously valuable.
Up to 98% of B2B website visitors leave without filling out a form. Website visitor tracking tools identify those companies using IP matching, cookies, and identity resolution, turning anonymous traffic into actionable sales intelligence. Salesmotion
The practical implication for the 404 problem: IP tracking tells you which company hit the 404 (useful for B2B businesses trying to identify damaged prospect experiences). Cookie-based session recording tells you exactly what path that visitor took to get there (useful for everyone trying to fix the technical problem). These are complementary tools solving different parts of the same question.
The IP Tracking Caveat That Everyone Needs to Know
IP tracking has a fundamental limitation that's gotten more significant as the workforce has changed. The mechanism assumes that the IP address resolves to a company network — which was reliably true when most knowledge workers sat in corporate offices and browsed from company-managed networks with fixed, registered IP addresses.
Before 2020, most B2B website visitors browsed from corporate office networks with static IP addresses mapped to company names. Identification was straightforward. In 2026, over 60% of knowledge workers are remote or hybrid. They browse from home networks, coffee shops, and coworking spaces. These IP addresses map to ISPs like Comcast or AT&T — not their employer. MarketBetter Blog
This means that if a decision-maker at a company you're trying to reach visits your website from home, a pure IP tracking tool probably won't identify them as that company. The IP resolves to their residential internet provider. They show up as anonymous traffic. This is why modern B2B visitor identification tools layer multiple mechanisms — IP matching, cookie graphs, identity resolution, enrichment data — on top of each other rather than relying on any single method.
The other caveat is VPNs. A visitor using a VPN may appear to be coming from a completely different city, country, or even a corporate network they don't belong to. IP data should always be treated as directional intelligence rather than ground truth.
The Practical Takeaway: Three Tools Every Business Website Should Have Running
If the story of the 404 page resonates — if you've looked at your analytics and seen something you couldn't explain, or noticed traffic patterns that suggested something was broken without being able to find what — the fix is simpler than it sounds.
First, install a session recording tool. Microsoft Clarity is free and requires nothing more than adding a small script to your site, the same way you added your Google Analytics code. Hotjar has a free tier that covers most small business traffic volumes. Either one, installed today, starts building a library of session replays that will give you the context your analytics currently can't.
Second, set up a 404 alert. Once session recording is running, configure a filter or alert for sessions that include a 404 page view. Some tools do this automatically. This turns the 404 from a lagging indicator you discover by accident in a quarterly analytics review into an active notification that fires the moment a visitor hits a dead end.
Third, if you operate in B2B, consider adding an IP-based visitor identification tool. Leadfeeder, Leadinfo, Visitor Queue, and RB2B are all accessible at the small business level. These won't solve the 404 diagnostic question — session recording tools do that — but they add a completely different layer of intelligence: knowing which companies are researching you, what they looked at, and when they're showing signals of active interest, all before they've said a word to you.
The fundamental insight is that Google Analytics tells you what happened. Session recording tools tell you why. IP identification tools tell you who. You need all three perspectives to have a complete picture of what's actually happening on your website — and right now, most businesses are operating on just the first.
At Ritner Digital, we help businesses understand not just how much traffic they're getting, but what that traffic is actually doing — and what it's telling you about your site, your funnel, and your pipeline. If your analytics are showing you numbers without context, let's talk about what tools would actually close that gap.
Frequently Asked Questions
Why would a 404 page show up as a top page in Google Analytics? Isn't that a bug?
Not a bug — a real problem worth taking seriously. When a 404 appears as a top page in your analytics it means a meaningful volume of visitors is hitting a dead end somewhere on your site, and the volume is high enough to rank alongside your actual content pages. The most common causes are an internal link that broke when a page was renamed or restructured, an external link from another website or social media pointing to a URL that no longer exists, or an old bookmarked or mistyped URL that a recurring visitor keeps landing on. None of these show up as obvious errors until you look at the data — which is why most businesses discover this problem long after it started. 73.72% of people who reach a 404 error page will leave your website and not return, and only 23% make a second attempt to find the missing page. Capturly Blog Every session that ends on that page is a visitor who found you through some channel and then hit a wall.
Can Google Analytics tell me which specific link a visitor clicked to reach my 404 page?
Not reliably, and not at the individual session level. GA4 can show you the source of traffic that landed on the 404 page in aggregate — organic search, direct, a specific referring domain — and it can show you the previous page in a session for some visits. But it can't show you the exact link within a page that was clicked, and it can't reconstruct the full step-by-step journey of an individual visitor in a way that's easy to act on. That gap is exactly why session recording tools exist. A tool like Hotjar, Mouseflow, or Microsoft Clarity records individual sessions as visual replays, and you can filter for every session that included a 404 page view and watch exactly what path led there — including the specific link that was clicked.
What's the difference between a session recording tool and Google Analytics? Don't they do the same thing?
They answer fundamentally different questions. Google Analytics tells you what happened in aggregate — how many people visited a page, where they came from, how long they stayed, what percentage bounced. It's a numbers tool. Session recording tools tell you why individual visitors behaved the way they did — what they clicked, where they hesitated, what they were trying to do when they ran into a problem. Friction detection in tools like Mouseflow automatically captures signals including rage clicks, dead clicks, JavaScript errors, and 404 errors, with a friction score per session. MouseflowThe mental model is: analytics tells you your checkout page has a high drop-off rate. Session recording shows you the specific broken button everyone keeps clicking before they leave. You need both to diagnose and fix problems rather than just observe them.
What's the difference between IP tracking and cookie tracking in plain terms?
Cookie tracking is about behavior over time. When you visit a website, a small text file is placed in your browser with a unique ID. Every time that same browser visits the same site, the tracking system recognizes the ID and knows it's the same visitor. This is how Google Analytics builds sessions, how Hotjar creates session replays, and how HubSpot knows a contact has visited certain pages. It tracks what a specific browser does, page by page and visit by visit. IP tracking is about organizational identity. Every device connecting to the internet has an IP address assigned by its internet provider. IP tracking tools match that address against databases that map IP ranges to companies and locations — so rather than knowing what a specific person did, you know what company's network a visitor was coming from. Cookie tracking answers "what did this visitor do?" IP tracking answers "which company was this visitor from?" They're solving different problems, which is why the most useful setups layer both.
Can IP tracking tell me which specific person from a company visited my site?
At the company level, generally yes. At the individual person level, usually not — and this distinction matters both practically and legally. Most IP tracking tools identify the organization behind a visit, not the individual employee. They can tell you that someone from a specific company visited your pricing page three times this week, but not which person at that company it was. Some tools like RB2B and Leadpipe attempt person-level identification using identity graphs and cross-site cookie matching, but this is primarily a US-focused capability, carries significant privacy compliance complexity in GDPR-regulated markets, and has real limitations. Most B2B teams find that company-level identification paired with enrichment data — firmographics, contacts, and intent signals — provides enough actionable intelligence without the regulatory risk. Salesmotion For most businesses, knowing which company is actively researching you is the valuable signal — figuring out who to call is a separate step.
Does IP tracking still work now that so many people work from home?
Less reliably than it used to, and this is a real limitation worth understanding before investing in an IP tracking tool. Before 2020, most B2B website visitors browsed from corporate office networks with static IP addresses mapped to company names. In 2026, over 60% of knowledge workers are remote or hybrid, browsing from home networks and coffee shops — and those IP addresses map to ISPs like Comcast or AT&T, not their employer. MarketBetter Blog This means a senior decision-maker at a target company visiting your site from home may show up as anonymous residential traffic rather than identified company traffic. Modern tools compensate for this by layering multiple signals — cookie graphs, identity resolution, enrichment data — on top of raw IP matching. But going in with realistic expectations matters: identification rates of 30–40% of B2B traffic are considered strong performance, not a gap to complain about. The 60–70% who remain anonymous are genuinely anonymous.
Does HubSpot's tracking code solve the session path problem?
Partially, and only for contacts your system already knows. If someone has previously filled out a form on your site, clicked a link in an email you sent them, or otherwise identified themselves, HubSpot logs their page views at the contact record level — so you can go into that contact's history and see which pages they visited, in what order, including if they hit a 404. That's genuinely useful for understanding the journey of known prospects. But for anonymous visitors — the large majority of your traffic — HubSpot knows a session occurred and can attribute it to a source, but doesn't give you the full visual session replay that shows exactly what was clicked. For that you need a dedicated session recording tool running alongside HubSpot, not instead of it.
What's the simplest way to fix the 404 problem once I've identified what's causing it?
Once you know which specific link or URL is producing the 404 traffic — which session recording and server logs will show you — the fix is almost always a 301 redirect. A 301 redirect tells any browser or search engine trying to reach the old URL to go to a new one instead, permanently. If a blog post was renamed, you redirect the old URL to the new one. If a service page was restructured, you redirect the old path to wherever that content now lives. If the page was deleted entirely with no equivalent, you redirect to the most relevant page on the site — the services page, the homepage, whatever makes most sense for what the visitor was likely trying to find. Most CMS platforms like WordPress make 301 redirects straightforward to implement without a developer. The redirect preserves any SEO value the old URL had accumulated, stops the 404 traffic instantly, and gives visitors who were hitting the dead end somewhere useful to land instead.
Should every small business be running a session recording tool?
Any business where website conversions matter — which is essentially every business with a website — benefits from session recording. The free tiers of Microsoft Clarity and Hotjar cover most small business traffic volumes without any cost, and installation takes about ten minutes. The value isn't just for diagnosing 404 problems. It's for understanding why your contact form has a high abandonment rate, why visitors aren't scrolling to your call to action, why mobile traffic converts at half the rate of desktop, and dozens of other questions that aggregate analytics shows you exist but can't explain. Most businesses that install session recording for the first time within the first month find at least one significant issue they didn't know was there — a broken element, a confusing navigation path, a form field that stops people cold. The cost of not knowing is almost always higher than the cost of the tool.
Website analytics should tell you more than what happened — they should tell you why, and who. At Ritner Digital, we help businesses set up the right tracking stack and actually use what it's telling them. Let's talk about what you're missing.