By default, Clicky validates all incoming traffic against the registered domain name as entered into your site preferences. Sub-domains are automatically supported, but any other domains also being tracked (e.g. a mirror) must be entered in the "additional domains" field. The main reason for validation is so that if someone copies your tracking code onto their site, accidentally or maliciously, your data won't be impacted. This is a much bigger problem than you would ever expect, which is why validation is on by default.

You can disable domain validation in your site preferences, under the "Advanced" section, but this should only be done as a last resort.

As long as the correct code is installed, domain validation is usually the reason why tracking isn't working. And the two things that break domain validation are either a typo in your registration, or an overly restrictive referrer-policy header . If your site sets this header to "same-origin" or "no-referrer", then you need to either disable domain validation, or set a less restrictive value. We recommend setting it to "origin-when-cross-origin", which means only the domain name of your site will be passed through in the referrer, without any path or query data.

Cloudflare users

You may have inadvertently enabled a restrictive referrer-policy header without realizing it.

On Cloudflare (CF), from the sidebar of your site's dashboard, click "Rules", then "Transform Rules". On that page will be some tabs at the top. Click the "Managed Transforms" tab, then at the bottom there will be an "Add security headers" option. If that box is checked, then CF is setting this header, so you'll need to uncheck the box and save the changes. For most customers we've helped with this, it's almost always just this setting that's the problem. But if you still see nothing after at least an hour, then your web server may also be setting the header, so you'll need to dig deeper.