MokoConsulting/MokoSuiteAnalytics
1
0
Fork 0
Code Issues 6 Pull Requests Packages Projects Releases 1 Wiki Activity

Tracking system plugin — privacy-first pageview collection #3

New Issue
Open
opened 2026-06-10 09:47:43 +00:00 by jmiller · 0 comments
jmiller commented 2026-06-10 09:47:43 +00:00
Owner
Copy Link
Copy Source

Summary

System plugin that injects a lightweight tracking script on frontend pages and records pageviews without cookies or personal data.

Tasks

  • plg_system_mokosuiteanalytics plugin scaffold
  • Inject tracking JS via onAfterRender (small inline script, no external dependencies)
  • JS collects: page URL, title, referrer, screen size, timestamp
  • Server endpoint receives beacon POST (lightweight, async)
  • Generate visitor_hash from IP + user agent + daily salt (never store IP)
  • GeoIP country lookup (MaxMind GeoLite2 or ip-api.com fallback)
  • Parse user agent for device type, browser, OS
  • UTM parameter capture (source, medium, campaign)
  • Respect Do Not Track header — skip tracking entirely
  • Respect component config: enabled/disabled per menu item
  • Exclude admin pages and API requests
  • Exclude bot traffic (common bot user agents)
  • Scheduled task: daily visitor_hash salt rotation
  • Scheduled task: purge old data per retention config

Performance

  • Tracking script < 1KB inline (no external JS file)
  • Beacon API for async, non-blocking submission
  • Batch inserts for high-traffic sites
  • Index on created_at for fast purge queries

Dependencies

## Summary System plugin that injects a lightweight tracking script on frontend pages and records pageviews without cookies or personal data. ## Tasks - [ ] `plg_system_mokosuiteanalytics` plugin scaffold - [ ] Inject tracking JS via `onAfterRender` (small inline script, no external dependencies) - [ ] JS collects: page URL, title, referrer, screen size, timestamp - [ ] Server endpoint receives beacon POST (lightweight, async) - [ ] Generate visitor_hash from IP + user agent + daily salt (never store IP) - [ ] GeoIP country lookup (MaxMind GeoLite2 or ip-api.com fallback) - [ ] Parse user agent for device type, browser, OS - [ ] UTM parameter capture (source, medium, campaign) - [ ] Respect `Do Not Track` header — skip tracking entirely - [ ] Respect component config: enabled/disabled per menu item - [ ] Exclude admin pages and API requests - [ ] Exclude bot traffic (common bot user agents) - [ ] Scheduled task: daily visitor_hash salt rotation - [ ] Scheduled task: purge old data per retention config ## Performance - Tracking script < 1KB inline (no external JS file) - Beacon API for async, non-blocking submission - Batch inserts for high-traffic sites - Index on created_at for fast purge queries ## Dependencies - #1, #2
Sign in to join this conversation.
Labels
No items
No labels
Priority Medium
Type Feature
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteAnalytics#3
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?