Tracker Script

The antics tracker is a ~650 byte JavaScript snippet that runs in the browser. It collects pageviews, custom events, scroll depth, and Core Web Vitals without any cookies, localStorage, or fingerprinting.

How It Works

  1. On page load, sends a POST /api/event with the page URL, referrer, and viewport width

  2. On page navigation (SPA), intercepts pushState/replaceState and sends another event

  3. On page exit (visibilitychange hidden), sends time spent on the page and max scroll depth

  4. Core Web Vitals (LCP, INP, CLS) are measured via PerformanceObserver and sent on page exit

Privacy

  • No cookies: visitor identity is a SHA256 hash of date + site_id + user_agent + ip, rotated daily. Cross-day tracking is mathematically impossible.

  • No IP storage: the IP is used for the hash and GeoIP lookup, then immediately discarded.

  • No localStorage or sessionStorage: zero client-side state.

  • No fingerprinting: only viewport width is collected (for device classification).

Payload Format

Each event is a JSON POST to /api/event:

{
  "n": null,           // event name (null = pageview)
  "u": "https://...",  // page URL
  "r": "https://...",  // referrer
  "w": 1920,           // viewport width
  "t": 5,              // seconds on previous page
  "p": {}              // custom event properties
}

Script Attributes

<script defer src="https://your-antics-instance/antics.js"
        data-api="https://your-antics-instance/api/event">
</script>

  • data-api: override the event collection endpoint (default: same origin as the script)

Ad Blocker Bypass

About 30-40% of visitors use ad blockers that block analytics scripts. Antics has two approaches:

  1. Self-host the script: serve antics.js from your own domain (e.g., /js/a.js) so ad blockers don’t recognize it

  2. Caddy log ingestion: enable ANTICS_LOG_PATH to tail your web server access logs. This catches every visitor, even those blocking JavaScript entirely.