The tracking script
One small script, dropped in your page’s <head>. No cookies, no configuration, ~1.5 KB gzipped. Here’s exactly what it does and what it records.
Install
Add a site in your dashboard, then paste this into the <head> of every page (swap in your domain):
<script defer data-domain="yourdomain.com" src="https://bearing.sidecar.services/js/script.js"></script>That’s the whole setup. The script figures out where to send data from its own src, so there’s nothing else to wire up. See it working on the demo dashboard.
Wix & Squarespace
No-code site builders don’t let you edit the raw HTML, but both have a place to paste a header snippet. Use the exact snippet from your site’s settings page (it has your domain baked in).
Squarespace (Business plan or higher):
- Settings → Advanced → Code Injection.
- Paste the snippet into the Header box and save. It now loads on every page.
Wix (paid plan with a connected domain):
- Settings → Custom Code (under Advanced) → + Add Custom Code.
- Paste the snippet, set Add Code to Pages to All pages and Place Code in to Head, then apply.
Either way, publish the site, then load it in a normal browser (not the editor preview) — your visit should appear on the dashboard within a few seconds.
How it works
- No cookies, no local storagefor tracking — nothing is written to the visitor’s browser, so no consent banner.
- SPA-aware — it patches the History API, so client-side route changes count as pageviews automatically.
- Privacy at the edge — your server parses the user agent, reads country from network headers, and identifies a visitor as a one-way hash of a daily-rotatingsalt + domain + IP + user agent. The IP is never stored, and the hash can’t follow a visitor across days or sites.
- Localhost is ignoredby default, so your own dev traffic doesn’t pollute the numbers.
What it captures
Pageviews, automatically — and with each one: the page path, the referrer and a friendly source name, country, browser, operating system, device type, UTM campaign parameters, and screen width.
Engagement & conversions, automatically — no tagging required:
- Outbound link clicks — which external links visitors follow, and the link text.
- File downloads — clicks on PDFs, docs, zips, media, etc.
- Form submissions — including the call-to-action (the button that submitted the form).
- Engagement — time on page and scroll depth, one reading per pageview.
- Time to action — how long a visitor was on the site before a conversion, computed server-side (no browser storage).
Custom events
Track anything else — a signup, an add-to-cart — by calling window.bearing with an event name and optional properties:
window.bearing("Signup", { props: { plan: "growth" } })Custom and engagement events are stored but never count against your plan’s pageview quota.
Configuration
Set these as attributes on the script tag:
| Attribute | Effect |
|---|---|
data-domain | Required. The site domain you added in Bearing. |
data-exclude | Comma-separated path prefixes to never track, e.g. "/admin,/account". |
data-track-localhost | Present → also track localhost / 127.0.0.1 (off by default). |
data-api | Override the ingestion endpoint (defaults to the script's own origin). |
data-bearing-cta | On a button/link → use this text as the CTA label instead of its content. |
A visitor can opt out of tracking entirely by setting localStorage.bearing_ignore = "true" in their own browser.
Privacy
Bearing is built to be GDPR-, ePrivacy-, PECR-, and CCPA-friendly without a cookie banner: no cookies, no cross-site tracking, no IP storage, and no personal data collected about visitors. Full detail is in the privacy policy.