Usage

Everything is managed from the dashboard at app.whatsmytraffic.com. Its main areas are Websites and Analytics, plus Admin and Settings.

Accounts

The dashboard is invite-only. If you have an invite link, signing up through it creates your account. Admins generate invite links under Admin.

Websites and tracking

Under Websites, add a website by its domain. The dashboard registers it with the analytics backend and assigns it a colour. Expand a website to find its tracking snippet, its forms, its auth apps, a share link, its colour and its mail configuration.

Paste the tracking snippet into the <head> of the site you want to track:

<script defer src="https://whatsmytraffic.com/beacon.js"
        data-website-id="YOUR-WEBSITE-ID"></script>

The beacon is cookieless and respects Do Not Track / Global Privacy Control by default. See Beacon below for every option.

Mail configuration

Each website can have its own outgoing mail identity: SMTP host, port, username, password, plus a from address and an optional from name. All mail for things scoped to that website goes through it: form notifications, form confirmations, auth welcome emails and magic links. If left empty, mail falls back to the shared instance mail.

Port 465 selects implicit TLS, anything else (typically 587) uses STARTTLS. You need to set up SPF and DKIM for the from-address domain yourself, otherwise outgoing mail will land in spam. Use the "Clear" button to drop the mail configuration entirely.

Analytics

The Analytics tab shows traffic for your websites: page views, visits, a time series (switchable between bars and a cumulative view), a world map and the top pages, referrers, countries and browsers. Pick a time range (24 h, 7 days, 30 days, all time) and a resolution (hourly, daily, monthly). A realtime bar shows the last 30 minutes. X-axis times use your browser's timezone. From the Websites list, the chart icon on a website jumps straight to its analytics.

Share links

Each website can have a public, read-only share link, generated under Websites. Anyone with the link sees that website's analytics without a login. The same link with /data appended is a JSON API; see the API reference. Revoke a link at any time and the public page and the API stop working immediately.

Forms

Forms belong to a website. Expand a website and use its Forms section to create one, then expand the form for its embed snippet and settings. Point an HTML form at https://whatsmytraffic.com/f/YOUR-FORM-ID. Per form you can configure:

• Webhook URL: submissions are POSTed there as JSON.
• ntfy URL: a push notification per submission.
• Notify emails: comma-separated addresses, sent through the website's SMTP (configured per website, see below).
• Confirmation email: opt in to send a thank-you mail to the submitter (using the form's email field as recipient). Custom body with variables {form_name} and {timestamp}, optional Reply-To. Goes through the website's SMTP if configured, otherwise the instance mail.

Each form has its own submissions inbox, opened from the form. Submissions can be exported there as JSON or Markdown. A hidden honeypot field marks bot submissions as spam. Full endpoint details in the API reference.

If the beacon is loaded on the same page as the form, each submission is also tracked as a form_submit event in analytics, tagged with the form id. See Beacon for how to disable it.

Auth

The auth service adds a passwordless (magic-link) login to your own site. Expand a website and use its Auth section to create an auth app, then expand the app to set its redirect URLs (where users land after signing in) and allowed origins (the sites permitted to call it).

Drop the integration snippet into your site. The bundled SDK exposes wmtAuth.login(email), which emails a magic link, and wmtAuth.getSession(), which returns the signed-in user once they follow it. No end-user data is stored: the session is a signed token that lives in the visitor's browser. Endpoint details are in the API reference.

Per auth app you can opt in to a welcome email sent on a user's first sign-in to this app. Custom body with variable {app_name}. Goes through the website's SMTP if configured, otherwise the instance mail. A small marker remembers which email has signed in before so the welcome is only sent once.

If the beacon is loaded on the same page as the auth SDK, two events are tracked automatically: auth_request when a magic link is requested and auth_signin when a user comes back through the link. Together they form a sign-in funnel in analytics.

Settings

Settings holds your personal preferences:

• Notifications: opt in to a weekly analytics report by email, and to receiving every form submission by email. Both are off by default and are delivered through the shared instance mail (these are account-wide and don't belong to a single website).
• Embed badge: a small "Powered by whatsmytraffic" badge for your site's footer. Pick a colour, copy the snippet, paste it in. Pure SVG, links back to whatsmytraffic.com.

Outgoing mail (form notifications, confirmations, auth welcome mails, magic links) is configured per website under Websites, not here.

Beacon

The tracking beacon is a small wrapper around the Umami tracking script with consent gating, DNT/GPC support and a wmt() API. Configure it with data-* attributes on the script tag:

JavaScript API

The beacon exposes a global wmt() function: