We’re happy to announce that our tracking is now 100% cookie-free by default, which means Clicky is now privacy-friendly out of the box. We mostly were before, e.g. we’ve been anonymizing IP addresses since GDPR became law, but tracking cookies were the one exception. You could disable them manually before, but now it’s the default. (You don’t need to update anything to get this new functionality, but you may want to double check your current privacy settings (see link above)).

There are some downsides to not using cookies of course. Unique visitors, new visitors, and returning visitors won’t be nearly as accurate. UID tags and filters will now be mostly useless. Also heatmaps – this is the one piece of data we log that’s sampled, since it takes up a lot of extra storage and bandwidth. With cookies, we were able to sample per visitor, but without cookies, that randomness can only be per pageview. These are just some of the differences. Check out our privacy policy (scroll down about half way) to see all tracking cookies and their purposes.

As for existing tracking cookies out in the wild now, we’ll only use them if a site has enabled cookie tracking. Otherwise they’ll still be sent to us, but they’ll be ignored, and they’ll eventually expire naturally. We also had a single third-party cookie (“cluid”) we used for cross-domain tracking, for those of you with multiple sites. We’re killing third party cookies entirely now, so we’ll just ignore this one 100% of the time.

Did you know that Clicky is older than the first iPhone? Can you even remember what life was like before smartphones? It was basically the stone age, but that’s the era that Clicky started from. Although we think today’s obsession with “privacy” is a bit overblown, we must change with the times, or we’ll end up like Grandpa Simpson.

Grandpa Simpson

New site preferences!

We had to change the way tracking works in order to allow cookies be controlled by the database rather than manual Javascript code on your site. While we were at it, we moved every single clicky_custom option that made sense (e.g. ones that should apply to all visitors and pages) to be settable via the UI. It’s really nice!

You can still set these options with Javascript if you want, and we let the manual Javascript one take precedence if an option is set in both places to allow for overrides – but most people will be excited to see these options, which are under the new “advanced” area of site preferences:

New site preferences

Windows 11 & mobile hardware

Microsoft decided to hide Windows 11 identification from user agent strings by default, so we’ve reported them as Windows 10 this entire time, as have all other services as far as I can tell. There is an API to request more data from a user agent though, called getHighEntropyValues(). This API is only supported by Chromium browsers, but that’s most of them. Anyways, it uses an asynchronous Javascript promise so that it could pop up a permissions dialogue to a visitor when this data is requested. No browser is doing this now, but it’s designed to allow for this.

We don’t ever want to do something by default that would pop up a permissions dialogue, but at the same time we know some of you really want Windows 11 data. So we added a new clicky_custom option, also called getHighEntropyValues (we’re using the same name to highlight the relationship), to do just that.

Unfortunately we couldn’t make this work with the new site preferences UI method, so it has to be done manually. But the good news is, if you set this up, we also request the hardware model if a visitor is on a mobile device. With this, we’ve brought back the hardware report we removed a while ago because it had basically devolved into just a mirror of the mobile OS report.

But now look how much great data there is now, if you use this new option!

Hardware report

Now, there are a lot of mobile device IDs, and some of them are kinda cryptic as you can see. But the OS icon will at least give you a clue, e.g. most of these are Android devices. And if you copy/paste any of them into Google, you will find out what the actual model is. E.g. the “SM-G781U” is a Samsung Galaxy S20. We may add a link for you to do this more easily, like we do with organizations.

And there’s another “while we were at it” task that’s been long overdue – renaming “iPhone OS” to just “iOS” now. I know, you are shocked to your very core. But seriously it’s so long overdue that it feels surprisingly good to have finally done it. We updated the existing database entries at the same time so historical data should be preserved, e.g. going back to last month you should see iOS as well – although we confirmed at least one of our databases didn’t do this properly, which means new and old data will be in two separate entries. Not the end of the world. A for effort at least.

Anyways, check it out below, along with Windows 11!

OS report

Other tidbits:

    • Brazil was added to “auto privacy” country list – Since GDPR, there have been other countries releasing similar laws. Brazil is the one we hear about the most, so we’ve added it to the default “medium” privacy option – where we only apply privacy to visitors in countries that have these laws. (So now it’s all of EU/EEA, and Brazil).
    • We’ve added cookie banner instructions for the “visitor_consent” option.
    • If you’re self-hosting the code, which we don’t officially support, you’ll need to update it to get the new functionality.


Let us know what you think!


  1. This is great. Still love Clicky after 15 years or so 😅

    My biggest gripe with Clicky these days is the Goal summary page: since keyword tracking was killed by Google this has been mostly redundant, an extra click to get to the reports.

    What would be amazing is if you killed the [secure search] keyword list on the page, and instead gave us a breakdown of conversion by landing page. As this would be a summary view rather than a full visitor list this would hopefully allow more than 28 days history, too.

    • You’re right, the search item in that report is of no use anymore. I’ll add the landing page option to our feature request list!

  2. Hi I see my campaign utm parameter doesn’t seem to be working. Is that due to this update? Do I need to set something? Also new Recent Visitors on the home page – is it possible to turn that off?
    Thanks so much for keeping up with the privacy laws. Much appreciated.

    • Hi Mandy, the new update shouldn’t affect UTM parameters. They just won’t be saved in cookies by default anymore, but if someone goes to your site with utm_campaign=… in the URL, it should always show up.

      • Ok I will send you more details on email. The campaign I started on Saturday does not seem to be recording in Clicky. Regards, Mandy

  3. Is it safe to assume since you didn’t mention it (or at least I didn’t see that you did), that, we don’t need to update/change the code already on our sites?

  4. Sorry if I sound like someone who has not been keeping up to date with privacy etc but this is basically about dealing with Chrome, Safari and Edge etc moving towards a cookieless future?

    Also I have the Clicky’s javascript code in my main javascript file. I realise that this makes it less maintainable but many years ago I was told to combine my javascript files for performance. Which is what I did. Is this no longer so important?

    • Right now it’s just about the legal landscape. Privacy laws everywhere are changing fast. So we want the default setup to be 100% compliant with these laws so you don’t need to worry about keeping up! So that’s the new default – no cookies, and no personal data.

      We don’t support self-hosting the code but if that’s what you’re doing, you’ll want to update it to get the new functionality.

      • Many thanks, yes makes sense trying to stay slightly ahead of the curve.

        I have updated the self hosted clicky code.

        Do you alert users to javascript code changes?

        When the tech media talks about moving to a cookieless future, are they just refering to 3rd party cookies?

        I am hoping the bog standard website cookie that gets created when you visit a website by that website will remain? Otherwise how will a website remember that this is a returning visitor and provide a relevant user experience?

        • Yes if there’s a major change to the tracking code like this one, we will always post about it.

          I’m pretty sure the ultimate goal is to get rid of cookies entirely. It’s very misguided, cookies are not inherently evil. Thankfully (?), the maker of the biggest browser in the world (Google Chrome) has incentive to keep cookies being a thing for as long as possible.

  5. How about the option “Disable “sticky data” tracking cookies”? Are these cookies also disabled now by default, or do I have to disable this manualy?

Comments are closed.