What a crazy couple of days it's been for web site owners around the world.

Clicky was not affected by the "Heartbleed" security issue. The versions of OpenSSL running on our public servers and load balancers were not any of the ones that were vulnerable. To make doubly sure, we ran tests on all of our public IPs, and they were all reported safe.

If you're going through all of the web sites you have accounts with and changing passwords or something of that nature, you can cross Clicky off the list.

We have a new trend comparison option that lets you compare reports and graphs vs the same date or date range from the previous year. For example, April 6 2014 vs April 6 2013, or April 1-6 2014 vs April 1-6 2013.

You can see this new option in the date menu for any graph:




You can also set this as your default trend option in your dashboard preferences. In this case, "vs last year" will always be the default graph comparison, but "last year" will also be used in to calculate the trends we report (the red/green percentages next to each number in most reports).

We wanted to let you all know about some of the bigger things we've released in the last month that you may not have noticed, because we didn't post about any of them - until now!

HTML5 audio, and automatic HTML5 video/audio tracking

We've had support for HTML5 video tracking for a while, it simply required adding an additional javascript file to your code. This month we just added the ability to track audio as well. We combined video and audio together into their own report, now called "Media", since they are quite similar in terms of the metrics we track -- and it's unlikely that many sites will have a mix of both.

Even better, we made it so you no longer need to include the extra javascript file at all. When the tracking code detects any video or audio elements on your web site, it will now automatically inject the other javascript file into your page so we can track the video and audio files without you having to do anything. Don't worry, if you already had that file included manually, you don't need to delete it. It will work either way.

Embedded actions in the visitors report

This new preference, disabled by default, adds some additional detail into the standard visitors report. Now you will no longer need to click through to see the actions (page views, etc) of each visitor. The first five actions will be displayed right beneath each visitor, with a link below them to see full session details if there are more than five actions.

Note that this will slow down the loading of the visitors report by a somewhat noticeable measure since we have to query for a lot more data, but, it's pretty nice if that's what you're into.

Here's what it looks like:




Here's where you enable this new preference:

Tracking code verification

This is a nice feature to check out if you think you have the code or a plugin installed on your site but you're not getting any stats. There are multiple reasons why tracking may not be working, but this will help you narrow down the list at least. You can access this feature on your tracking code page:

Better cookies

The cookie system we have been using since October 2012 to authenticate yourself when you're on your own web site (which then auto-ignores your visits and loads the on-site analytics widget)... was a bit less than ideal.

The biggest problem was that we used a single cookie for two different features (widget and auto-ignore). On top of that, the cookie was always set, and it would stay set (for a year) even if you clicked the "logout" button. The reason we wanted it to stay set was so that your visits would always be auto-ignored, but it was a bit of a security issue in terms of the same cookie being used to authenticate on-site analytics. The chances of anyone ever seeing anything via the widget that they shouldn't have were microscopic (it would only happen on a shared machine and only if you logged into both Clicky and your web site, and someone after you looked at your history and also visited your web site), but that's no excuse.

So, we've changed several things here. There are now two unique cookies: one for the widget and one for auto-ignore. When you logout, the widget cookie is deleted, but the auto-ignore cookie stays set so your own visits will continue to be ignored. Last, the expiration time of the widget cookie was shortened to 90 days (from 1 year previously).


That about wraps it up for now, but there's plenty more in the pipeline!

We just launched our new mobile site, in development the last couple of months. The old one was built with iUI, hot for the time (2008) but crusty by today's standards.

jQuery mobile (JQM) was our framework of choice. Since it has all those fancy events, we wanted to track those too. Automatically, of course. With JQM growing in popularity, we decided we'd build a plugin that pairs with our tracking code to track these events automatically, and then release the plugin for everyone to use once we were done. And, we're done.

Instructions for the plugin are available here. Basically you just add a single line of javascript after the Clicky tracking code in your HTML, and that's it. See the link above for more info.

A screenshot of the new mobile site is below. It shows the main dashboard after selecting a site on the previous page. In the old site, you had to select a date range right after selecting a site, because of severe limitations of the framework we were using. Now there are actual menus (amazing, I know) which you can see in the top right: a shortcut to change the date, and the other ones brings up a side panel with more options.

You can graph trends just as you could before, although we're not showing trends here other than right on the main dashboard (we couldn't make trends fit in with the new style of reports). Instead, in a report such as "traffic sources", click on the number itself; that will popup a graph and there are options to change the date range.

Let us know what you think.

When you create alerts for something like a goal and configure them to be sent via email or twitter direct messages (RIP), what you get is a short URL that will take you right to the visitor session details on Clicky. A handy, but manual, process.

We had a request today to allow the alert IDs to be passed straight to the analytics API so that automated processes could get more data about these visitors. We thought this was a great idea so hopped right on it, and this is now available.

Full details and some example code are in the docs, but briefly, if you extract the alert ID from the end of the URL then pass that to the API as alert_id=XXX, then we'll look up the session ID (first verifying the session belongs to the site_id and sitekey you also pass in) and convert the request to be as if you had originally sent in a type=visitors-list&session_id=YYY request.

You need to know what you're doing to implement automatic parsing of emails, but for the people who have the ability to do this, we think you will like this new feature quite a lot.

Here's an example API request for an alert we have setup for our blog:

http://api.clicky.com/api/stats/4?site_id=32020&sitekey=71bf7c1681e22468&alert_id=18227240