Documentation / Getting Started

Getting Started

Add GhostlyX to your site in under two minutes. One script tag. No cookies. No personal data collected.

Privacy-first by design

GhostlyX sets no cookies and stores no personal data. Visitors are identified by a daily-rotating anonymous hash IP addresses are never written to the database. GPC and DNT signals are honoured automatically. Your visitors' privacy is protected the moment the script loads, with no configuration required.

What you'll do

1

Create an account

Sign up and add your first site. GhostlyX generates a unique tracking ID for it.

2

Install the snippet

Paste one script tag before </head> or use the WordPress plugin if you prefer.

3

View your data

Pageviews, visitors, and sources appear in your dashboard within seconds of the first hit.

1

Create an account and add your site

Sign up for a free GhostlyX account. After registering, click Add site from your dashboard and enter your domain (e.g. example.com). GhostlyX will generate a unique data-site-id for you.

Create free account
2

Install the tracking snippet

Choose the method that suits your stack. The HTML snippet works on any site; the WordPress plugin handles the insertion automatically.

HTML Paste the script tag Works on any site or framework

Copy the snippet below and paste it before the closing </head> tag on every page you want to track. Replace the placeholder values with your own domain and site ID, both of which are shown in your dashboard after adding a site. 

<!-- Add before </head> -->
<script
  defer
  data-domain="your-domain.com"
  data-site-id="gx_xxxxxxxxxxxx"
  src="https://ghostlyx.com/js/script.min.js"
></script>

Your exact snippet with your real domain and site ID pre-filled is always available on the setup page and the snippet panel in your site's analytics dashboard.

WP WordPress plugin No code required

Download the WordPress plugin from the integrations page in your dashboard. It is pre-configured with your domain and site ID no settings page to fill in.

  1. 1 Download the plugin zip from your site's setup page in the dashboard.
  2. 2 In WordPress admin, go to Plugins → Add New Plugin → Upload Plugin.
  3. 3 Upload the .zip file, click Install Now, then Activate.
  4. 4 The tracking snippet is now live on every page of your site.
Using a Content Security Policy? Add https://ghostlyx.com to your script-src and connect-src directives, otherwise the browser will block the script and the beacon requests.
3

Verify and view your data

After installing the snippet, open your site in a browser tab. Within a few seconds you should see your first pageview appear. You can also use the Verify installation button on the setup page it polls your site for the tracking script and redirects you to your dashboard automatically once it detects a hit.

What you'll see in your dashboard

Unique visitors Counted by a daily-rotating anonymous hash. Resets each day no persistent tracking.
Pageviews Every page load or SPA navigation fired by the script.
Traffic sources Referrer domains and UTM parameters, automatically parsed.
Top pages Ranked by hit count for the selected time period.
Locations Country resolved from IP at collection time. IP is never stored.
Devices / Browsers / OS Parsed from the user-agent string. The raw string is never stored.
Realtime Live visitor count and a 30-minute activity chart, updated every 30 seconds.

Single-page app support

The tracking script wraps history.pushState and listens for popstate events, so client-side navigation in React, Vue, Svelte, Next.js, Nuxt, and similar frameworks is tracked automatically. No extra configuration is needed.

What is tracked automatically
Initial page load Always tracked on script load.
history.pushState Tracked on every programmatic navigation (e.g. React Router, Vue Router).
popstate Tracked on browser back/forward navigation.
replaceState Not wrapped avoids duplicate pageviews from URL clean-up calls made by WordPress and similar platforms.

Privacy behaviour

The script silently stops all tracking and exposes a no-op window.ghostlyx() function when any of the following conditions are true. These checks happen on the client before any network request is made, and are also enforced on the server.

Global Privacy Control navigator.globalPrivacyControl === true The visitor's browser or extension has set the GPC signal. No data is sent.
Do Not Track navigator.doNotTrack === "1" The visitor has enabled the legacy DNT preference. No data is sent.
Explicit opt-out ghostlyx('opt-out') The visitor called the opt-out API. A flag is set in localStorage and persists across sessions.

What is and is not stored

IP address Never written to the database. Used only within the request to derive the anonymous visitor hash and resolve country, region, and city via a local geo database, then discarded.
Visitor hash SHA-256(IP + user-agent + site ID + calendar day). Resets every day. Cannot be reversed to an IP address.
User-agent Parsed server-side into browser name, OS, and device type. The raw string is never stored.
Page URL The full URL of the page is stored, including query parameters. Avoid including personal data in URLs.
Referrer The referring URL is stored. Only the hostname is displayed in the dashboard.
Cookies None set. The script uses localStorage only for the opt-out flag.

Next steps

Custom events

Track button clicks, form submissions, and any interaction that matters.

JavaScript API

Opt-out controls, event tracking, and SPA helpers.

REST API

Query your analytics data programmatically.