Script options
The tracking script accepts a small set of data-* attributes to customise its behaviour. Copy your snippet from Settings → Tracking code — it already includes the correct site key and endpoint.
Attributes
| Attribute | Required | Description |
|---|---|---|
data-site-key | Yes | Your unique site key from the dashboard. |
data-endpoint | Yes | Event ingest URL. Defaults to https://analytics.gitopen.dev/api/events in hosted deployments. |
data-domains | No | Comma-separated hostnames; tracking only runs on these hosts (e.g. example.com,www.example.com) |
data-do-not-track="true" | No | Skip tracking when the browser sends Do Not Track |
data-auto-track="false" | No | Disable automatic first pageview; call OpenAnalytics.trackPageview() manually |
data-use-cookies | No | "false" (default) — identify visitors with a browser fingerprint hash; no cookies are set. "true" — store visitor, session, and visit IDs in first-party cookies (oa_vid, oa_sid, oa_vst), similar to traditional analytics platforms. |
Visitor identification
Choose how returning visitors are recognized. In the dashboard, pick an option under Settings → Tracking code before copying your snippet — it adds the correct data-use-cookies attribute automatically.
Fingerprint mode (default)
No cookies are written. The tracker derives a stable visitor_id from browser signals (user agent, screen size, timezone, canvas hash, etc.). Session and visit IDs are kept in sessionStorage for the current tab only.
<script async src="https://analytics.gitopen.dev/tracker.js?v=1.0.8" data-site-key="YOUR_SITE_KEY" data-endpoint="https://analytics.gitopen.dev/api/events" data-use-cookies="false" ></script>
Cookie mode
First-party cookies persist the visitor ID for up to one year and session/visit IDs for 30 minutes of inactivity. Use this if you prefer the same model as Google Analytics or other cookie-based tools — you may need a cookie consent banner depending on your jurisdiction.
<script async src="https://analytics.gitopen.dev/tracker.js?v=1.0.8" data-site-key="YOUR_SITE_KEY" data-endpoint="https://analytics.gitopen.dev/api/events" data-use-cookies="true" ></script>
Tip
oa_vid, oa_sid, oa_vst, and optionally oa_did (via OpenAnalytics.identify()) on your domain with SameSite=Lax.Example with domain restriction
<script async src="https://analytics.gitopen.dev/tracker.js?v=1.0.8" data-site-key="YOUR_SITE_KEY" data-endpoint="https://analytics.gitopen.dev/api/events" data-domains="example.com,www.example.com" ></script>
Global configuration
You can set options on window.OpenAnalytics before loading the script:
<script>
window.OpenAnalytics = {
siteKey: "YOUR_SITE_KEY",
endpoint: "https://analytics.gitopen.dev/api/events",
domains: "example.com",
doNotTrack: false,
autoTrack: true,
useCookies: false,
};
</script>
<script src="https://analytics.gitopen.dev/tracker.js?v=1.0.8"></script>Excluding yourself
To avoid polluting your stats with your own visits, you have several options:
1. Browser extension (easiest)
Install any ad-blocker extension on your development browser (uBlock Origin, etc.). Ad-blockers typically block analytics scripts on localhost and often on your own domain.
2. Dashboard exclusions (recommended)
Go to Settings → Tracking exclusions in your project and add:
- IP addresses — your office or home IP to exclude all traffic from that network
- URL paths — paths like
/admin/*or/previewthat should never be counted
Tip
3. Localhost is filtered automatically
Events sent from localhost, 127.0.0.1, and *.local are automatically filtered out in the dashboard view.
SPA / Client-side routing
Open Analytics automatically tracks single-page application navigations by hooking into the browser's history.pushState and the popstate event.
This means you get automatic page tracking for:
- React Router / TanStack Router
- Vue Router
- Next.js client-side navigation
- Nuxt Router
- SvelteKit router
- Any router that wraps the History API
Tip
Automatic behaviour
- Pageview on load (unless auto-track is off)
- Page leave with duration on tab hide /
pagehide - UTM & click IDs —
utm_*,gclid,fbclid,msclkidfrom the URL - Visit — new visit after 30 minutes of inactivity
- Bot filter — skips tracking when User-Agent matches common crawlers
- Approximate geo — optional lat/lng from IP lookup (cached in
sessionStorage) - Visitor ID — fingerprint hash (default) or first-party cookies (
data-use-cookies)
See Custom events for the JavaScript API and Events API for server-side event collection.