Small analytics without invasive tracking

/PrivacyAnalyticsCloudflare

A portfolio does not need an advertising profile. The useful questions are much smaller: which pages are visited, whether people reach project details, and whether the site remains available.

Collect only what answers a question

For basic page analytics, a random session identifier and a normalized path are enough. IP addresses, full referrers, user-agent strings, and cross-site identifiers are unnecessary for understanding navigation through a small personal site.

The session identifier can live in session storage, disappear when the browsing session ends, and never become an authentication token.

Respect browser signals

Global Privacy Control and Do Not Track provide a simple opportunity to opt out before any request is sent. Local development and administrative statistics pages should also be excluded so testing does not contaminate the data.

Treat analytics as optional infrastructure

Analytics must never block navigation or render an error to a visitor. A short request can be sent after the page loads, with failures handled silently. If the database is missing or asleep, the application should return a clear service-unavailable response to diagnostics while the public site continues working normally.

Health checks help separate application problems from database availability without exposing credentials or internal error details.

Security starts outside the request handler

Connection strings belong in environment variables, not scripts or source control. Inputs should be validated and bounded before reaching a query, even when the database client uses parameterized templates.

Privacy-friendly analytics is mostly restraint: decide what is genuinely useful, collect only that, retain it intentionally, and make the entire feature disposable without affecting the product.

Email copied