Help » Tips 'n tricks » How Clicky is different from other trackers »

Domain validation

By default, Clicky validates all incoming traffic against the domain and any mirror domains you have registered (sub-domains are automatically supported). The main reason is so that if someone copies your tracking code onto their site accidentally or maliciously, your data won't be impacted. Most other services do not enforce this by default, and it's a much bigger problem than you might expect.

You can disable domain validation in your site preferences, under the "Advanced" section.

We only recommend disabling it as a last resort, if you can't get tracking to work at all.

If the code is installed correctly, the main reasons tracking may not work is if there's a typo in the domain, or if your site uses a restrictive referrer-policy header (or <meta> tag). If your site sets this header to "same-origin" or "no-referrer", then you must disable domain validation, or set the header to a less restrictive option if you are able. We recommend setting it to "origin-when-cross-origin", which means for external links from your site (and third party requests like our beacon), only the domain of your site will be passed through as the referrer, but no path or query data. This is the value we use on Clicky!