Roych

NativeAnalytics has been updated to version 1.0.30. This is a small maintenance release with a few focused fixes: Fixed the analytics page widget appearing in field-limited edit interfaces, such as image/file edit modals. Improved PrivacyWire integration so consent changes are synced immediately in the same browser tab. Added a PrivacyWire consent version check to prevent stale consent from older PrivacyWire versions being reused. Fixed a dashboard tab display flash where the Overview tab could briefly appear before the requested tab was activated. Thanks to @adrian for reporting the widget issue and for the helpful pull requests. As always, please refresh modules after updating.

NativeAnalytics 1.0.29 is out This release polishes the recent contributions from @adrian and fixes a few edge cases: Hourly trend chart now live-updates the current hour (previously it could update the last slot of the day). "Find page" autocomplete now suggests only real pages with recorded data — bot rows and 404 probes are excluded. Page search no longer fails on environments without mbstring. Uninstalling only the dashboard module is now non-destructive — it won't remove the main module or drop your analytics tables. Full data removal still happens when you uninstall the main NativeAnalytics module. And anwser to @millipedia No step missing on your side — this was a bug. The tracking endpoint (/pwna-track/) was being recorded as the pageview path on some setups (subdir/proxy/trailing-slash), so every session showed it. Fixed in 1.0.29 release: the endpoint paths are now hard-excluded from being stored. Thanks R

I’ve uploaded a new NativeAnalytics update from v1.0.25 to v1.0.26. Big thanks to @adrian for the PRs, testing, feedback and useful suggestions. What’s new / improved: Added improved 404 bot/probe detection with the new scanner_404 rule. Added an option to show/hide bot traffic in the 404 report. Fixed dashboard tabs so the ?tab= URL parameter updates correctly. Current visitors are now grouped by visitor instead of showing duplicate sessions. Current visitors counters and tables are now more consistent. Removed duplicate/native SVG chart tooltips. Fixed chart/date labels so they no longer show unnecessary 00:00:00. Added new Avg active time / session metric. Added active time tracking with cookieless tracking support. Improved session quality reporting. Added new export options and improved export handling. Reworked the export button/dropdown for a cleaner admin UI. Improved Current Visitors auto-refresh so action buttons are not removed. Cleaned up export dropdown IDs and admin UI behavior. Improved install/schema consistency. Improved module info and permission definitions. Small UI, stability and code cleanup fixes. This update should make NativeAnalytics cleaner, more accurate and more consistent, especially around bots, 404 traffic, current visitors, exports and reporting. Cheers R

Thanks - all sorted in 1.0.25. @adrian — merged your PR. The preg_match regex fix and the new behavioral bot filter are both in. Great approach catching the headless scrapers that slip past UA detection. Appreciate the clean diagnosis and patch. 😉 On the follow-ups: The page edit stats widget now only renders on viewable pages ($page->viewable()), so non-viewable pages like Page Reference sources no longer show it. The global disable option still works on top of that. UserActivity conflict fixed on my side - NativeAnalytics no longer emits a <title> per data point on the SVG charts, so it can't blow past the request-line limit anymore. Your diagnosis was spot on though; the real fix belongs in UserActivity (document.title instead of jQuery('title').text()) — worth getting that one-liner to Ryan. Cheers R

NativeAnalytics 1.0.24 is out Major update focused on getting rid of bot noise that was inflating stats and skewing single-page rates. What's new: Bundled matomo/device-detector — thousands of bot signatures, smart TV / mobile / console detection. No Composer required, but a site-wide Composer install is auto-detected and preferred. JavaScript-first tracking mode (new default for fresh installs) — server-side recording disabled by default, JS tracker is the source of truth. Cuts bot traffic by 60–80% because bots don't execute JS. Existing installs keep the legacy "Both" mode on upgrade — switch in module settings when ready. Stronger 404 / scanner filtering — IP-rate-limited 404 scanners, unidentifiable user-agents on 404s, and paths that resolve via PagePathHistory redirects are now filtered out of all three entry points (server-side, JS pageview, JS event). HTTP libraries treated as bots — curl, wget, python-requests, GuzzleHttp, RSS readers etc. are now correctly filtered. Expanded regex fallback with 2025/2026 AI scrapers (GPTBot, ClaudeBot, PerplexityBot, ByteSpider, Meta-ExternalAgent and ~25 more). GitHub-based update check for the bundled device-detector — settings page shows when a newer release is available with manual update instructions (24h cached, no auto-downloads for safety). Module settings page reorganized into 7 collapsible fieldsets with two-column layouts. Upgrade is safe — your tracking mode stays at "Both" unless you change it. After upgrade I recommend switching to "JavaScript first" in module settings and watching the difference. A note on the bundled matomo/device-detector — the version shipped with this module (6.4.2) is intentionally a bit behind the latest release. Bundled libraries are meant as a fallback to keep the module self-contained; pinning a known-tested version avoids surprises when matomo introduces new detection rules or minor API changes between releases. The module checks GitHub for newer matomo releases in the background and shows an "Update available" notice in the settings when one is out. If you want the latest detection rules, the recommended path is to install matomo/device-detector site-wide via Composer (composer require matomo/device-detector) — the module will automatically prefer the Composer copy over the bundled one. Alternatively, you can replace the contents of /site/modules/NativeAnalytics/lib/matomo-device-detector/ with a newer release from the matomo GitHub page (instructions are in the module settings under the version notice). The release has been tested, but with this many changes some edge cases may still slip through. If you notice anything off, please let me know so we can fix it. 😉 Cheers R

just a small update about the next NativeAnalytics version, v1.0.24. A lot has already been done, but I’m still testing and polishing everything before I publish the full release. One of the main things I’ve been working on is better bot and crawler filtering. NativeAnalytics should now do a much better job at filtering out AI crawlers, SEO bots, social preview bots, uptime monitors, common HTTP libraries and other automated requests, so the analytics data should be cleaner. I also added support for the Matomo device-detector library. Thanks to @adrian The module can use a site-wide Composer installation if available, or fall back to the bundled version included with the module. There is now also a clearer status section in the module settings, so it is easier to see what detection method is currently being used. 404 handling has also been improved. The module now tries to avoid logging false 404s when the URL can actually be resolved by modules such as PagePathHistory, ProcessRedirects or Jumplinks. There are also two new cleanup buttons: Cleanup resolvable 404s Cleanup suspicious probes Suspicious probes are now detected better as well. This includes common scanner URLs like WordPress/Joomla/Drupal/Magento/admin login probes, .env, .git, config files, shell upload attempts, path traversal attempts and similar noise. I also added an optional URL/path filter, so if someone wants to exclude some custom patterns from tracking, this can now be done directly from the module settings. The module settings page has also been cleaned up and reorganized. It should now be much easier to understand, with clearer sections for tracking, filters, bot detection, privacy/consent, retention, reports and advanced settings. There are also several smaller improvements around realtime visitors, IP blocking, cleanup tools, bundled library fallback handling and general admin/dashboard styling. This is not the final release post yet, but the next upgrade is getting close and should be available soon.

There is already a setting for this in the "module settings" to disable this on every page. 😉 Already working on this, and will probably post an update later today. Working on: Aggressive bot detection: IP blocklist, 404 filter and some other updates.. 😉 R

NativeAnalytics v1.0.23 released Finaly! This release brings full theme-adaptive UI support - the dashboard now natively follows the active ProcessWire admin theme, including automatic light/dark mode switching via Konkat's CSS custom properties. What's new: Automatic light/dark mode - panels, tables, charts, filters, tooltips and sub-tabs all adapt to the active color scheme and more ... Grab it from the repo and let me know how it looks on your setups! Thanks to @matjazp for the nudge to make this dark-mode friendly - more and more people are using dark themes these days, so it really had to be done. Took longer than I thought it would ... Cheers R

Hi @adrian, thanks for the kind words! Good news — NativeAnalytics v1.0.22 now supports CSP nonces using exactly the two approaches you describe: Central $config->cspNonce / $config->cspNonce() — if/when Ryan adds it (or you define it yourself in config.php or via a hook), the module picks it up automatically. TracyDebugger-style header parsing — as a fallback, the module reads the already-sent Content-Security-Policy / CSP-Report-Only header and extracts the nonce from script-src / script-src-elem using essentially the same regex you posted. The relevant helper is NativeAnalytics::getCspNonce() / getScriptNonceAttribute(). The module does not create or manage the CSP header itself — it only reuses an existing nonce — so it works with whatever CSP setup you already have (middleware, web server config, custom hook, etc.). If no nonce is found, scripts are emitted normally without the attribute, so nothing breaks for sites that don't use CSP. - See NativeAnalytics.module.php, lines 143–191 if you want to check the implementation. So no core hacks needed on your end — should just work. Let me know if you run into any edge case. Version Updated to: v1.0.22 Cheers 😉 R

Thanks for the feedback. Yes, easy event tracking is already built into NativeAnalytics. The module can automatically track common engagement actions such as form submits, downloads, mailto/tel clicks and outbound links. For custom CTA buttons or other actions you can add simple data attributes like data-pwna-event, data-pwna-group and data-pwna-label. Based on the feedback, I have also added a new Goals section for the next release (This was already on the list and partialy done, thanks for the kick ... 😉 ). Goals can be created from tracked events or from page/path rules, for example a thank-you page, a form submit, a CTA click or a download. The dashboard then shows conversions, converted sessions, unique visitors and conversion rates. Regarding very large datasets, I do not want to overclaim without real long-term benchmarks at that scale. The module includes retention options, daily aggregate tables and cleanup tools, and the next release improves this further for events and goals. For very high-traffic sites, the recommended approach is to keep raw data only for a limited period and use aggregate data for long-term reporting. Wait for the update refresh 😉 New version is now v1.0.21. Thank you R

I’ve just uploaded a new version of NativeAnalytics 1.0.20. This update mainly focuses on monthly reporting, privacy options, engagement tracking improvements and some smaller admin UI refinements. Added / improved Added optional monthly email reports Added Send test report now option in module settings Added report preview before sending Added optional PDF report attachment Improved page-level analytics summary inside Page Edit Added a setting to show/hide the Page Edit analytics summary Improved spacing and styling of the Page Edit analytics block Improved engagement event tracking, especially form submit tracking Added better cache-busting for updated tracker/admin assets Added module info files so the ProcessWire modules directory and Upgrade module can detect the version correctly Added support links to the module info array The module should now also be upgradeable through the ProcessWire Upgrade module once the modules directory has refreshed the latest version. The current version is 1.0.20. Special thanks to matjazp for testing the module and reporting useful issues along the way. The feedback helped a lot with polishing the module and making it more reliable in real-world use. P

I just did, but still waiting for approval. Cheers R

NativeAnalytics v1.0.19 – update This release mainly focuses on privacy/consent handling and admin UI polishing. Added / improved: Added optional cookie-less visitor/session mode for sites that want to avoid browser visitor/session cookies. Added PrivacyWire localStorage consent helper support. Added helper methods for custom consent integrations: window.PWNA.trackIfConsented() window.PWNA.setConsent() window.PWNA.clearConsent() window.PWNA.syncPrivacyWireConsent() Improved consent-based tracking flow, so tracking can start correctly after consent is granted. Tracking-related settings are now hidden/disabled when global tracking is turned off, to avoid confusing combinations like “tracking off + event tracking on”. Added a module settings shortcut button in the analytics dashboard header. Improved AdminTheme compatibility and tab spacing across ProcessWire admin themes. Polished the flat admin UI and removed rounded corners. Fixed panel alignment issues in dashboard grid layouts, especially where side-by-side panels appeared vertically offset. Note: Multi-site analytics is not included yet. It is planned as a possible future improvement because it needs proper per-site separation in stored analytics data. Download is updated in first post!

I wasn't realy planning to, we'll see! R

Small update on PW Native Analytics I made a few refinements to improve usability and setup: cleaned up and improved the module settings added short text descriptions to make technical options easier to understand improved the date format setting so it now offers cleaner and more useful format choices made important beginner-friendly options enabled by default on install, such as: Enable tracking Enable event tracking Respect Do Not Track Ignore query strings in stored paths This makes the module easier to understand and ready to use immediately after installation, especially for less technical users. thx to matjazp for feedback 😉 I updated the file in first post! Cheers