PriviMetrics Div

This script is the client-side tracking engine of PriviMetrics.
It runs on every page where it is embedded and sends a lightweight tracking request to the PriviMetrics backend.

The script is intentionally minimal, privacy-friendly, and resilient to blockers.

Purpose

The tracker collects:

  • Page URL

  • Page title

  • Referrer

  • Site key

  • JavaScript availability

  • IP-tracking preference

It sends this data to privimetrics.php, where it is processed and stored by the PriviMetrics backend.

No cookies, no local storage, and no browser fingerprinting are used.

How the script starts

The entire script runs inside an Immediately Invoked Function Expression (IIFE):

;(() => { ... })()

This ensures:

  • No global variables are created

  • No conflicts with other scripts

  • The tracker runs as soon as it loads

Script auto-identification

The tracker detects the <script> tag that loaded it:

var s = document.currentScript

From that element it reads:

  • data-privimetrics-code → the site key

  • data-not-track-ip → whether IP addresses should be collected

If the script element or site key is missing, the tracker exits silently.

This prevents broken or misconfigured installations from sending invalid data.

Hidden data container

The script creates (once per page) a hidden <div>:

id = "privimetrics-analytics-system-data"

This element stores:

  • data-k → site key

  • data-e → API endpoint (privimetrics.php)

The endpoint is derived automatically from the script URL, ensuring that the tracker always talks to the correct server without manual configuration.

This design allows multiple scripts or reloads to reuse the same tracking configuration safely.

Tracking transport mechanism

Tracking is sent using a tracking pixel:

A hidden <img> element (1×1 px) is dynamically created and appended to the page.

When its src attribute is set, the browser sends a standard HTTP GET request to the PriviMetrics backend.

This method:

  • Works in all browsers

  • Is extremely fast

  • Bypasses CORS issues

  • Survives most script blockers

Data sent to the server

Each request includes the following query parameters:

Parameter Meaning
t Site key
p Current page URL
title Page title
r Referrer URL
js Always 1 (JavaScript enabled)
track-ip Whether IP tracking is allowed
z Random number (prevents caching)

All values are URL-encoded before transmission.

When tracking is sent

If the document is already loaded:

interactive or complete

the tracking request is sent immediately.

Otherwise, the script waits for:

DOMContentLoaded

and then sends the tracking request.

This ensures:

  • The page URL and title are correct

  • The request is not sent too early

  • Rendering is not blocked

Privacy and compliance design

The tracker is designed to be compliant with modern privacy requirements:

  • No cookies

  • No localStorage

  • No fingerprinting

  • No persistent identifiers in the browser

All identification is handled server-side using anonymous hashes.

The optional data-not-track-ip flag allows full IP anonymization when required.