Skip to main contentSkip to primary navigation
Installation library

Put one ClickReport tag on your site without guessing where it belongs

Choose your website platform for exact placement, publishing, consent, and verification steps. The signed-in installer supplies your domain's tag and site token; the private live test returns a bounded installation diagnostic before accepted visitor traffic establishes the strongest live state.

2. Publish the website

Saving a theme, builder, or tag-manager draft is not enough. Publish to the live domain before testing.

3. Run the private live test

The private test reports browser execution context, the site token, and conflicting duplicate tags. First accepted visitor traffic remains the strongest production confirmation.

Platform guides

Follow the path for the tool that publishes your site

These instructions install the same domain-wide tracker. WordPress and Google Tag Manager use the raw site token shown in guided setup; the other paths use the complete script tag.

WordPress
  1. Easiest: install the free “WPCode” plugin (Plugins → Add New → search “WPCode”), open Code Snippets → Header & Footer, paste the snippet in the Footer box, and click Save.
  2. Or download the ClickReport WordPress plugin from your dashboard, upload it under Plugins → Add New → Upload Plugin, activate it, and paste your site token in Settings → ClickReport.
  3. Then press Verify install here — no theme editing required.
Google Tag Manager

Use one All Pages tag per domain. The live browser test can verify GTM even when a server-side code scan cannot see it.

  1. Download the ClickReport GTM template, then in GTM open Templates → Tag Templates → New and use the three-dot menu to import the template file.
  2. Create a new tag from the imported ClickReport template and paste the site token shown beside the download — not the full script tag.
  3. Attach the All Pages trigger, save, Submit, and Publish the container.
  4. Return here and run the live browser test on the published website.
Wix
  1. In your Wix dashboard open Settings → Custom Code (under Advanced).
  2. Click “+ Add Custom Code”, paste the snippet, select “All pages”, and set it to load in the Body — end.
  3. Publish the site, then press Verify install here.
Squarespace

Code Injection is available on Core, Plus, Advanced, and some legacy plans. Squarespace checkout pages do not support injected code.

  1. Open the website dashboard's Code Injection panel.
  2. Paste the snippet into the Footer box and click Save.
  3. Open the published site, then press Verify install here.
Webflow
  1. In Webflow open Site Settings → Custom Code.
  2. Paste the snippet into the Footer Code box and click Save Changes.
  3. Publish the site, then press Verify install here.
ShopifyTheme-limited

Theme-code installs cover storefront pages but should be rechecked after replacing the theme.

  1. In Shopify admin open Online Store → Themes → Edit code.
  2. Open layout/theme.liquid and paste the snippet just before the closing </body> tag, then Save.
  3. Press Verify install here.
Duda
  1. In the Duda editor open Settings → Header HTML (Site Settings → Advanced).
  2. Paste the snippet into the Body-end section and republish.
  3. Press Verify install here.
GoDaddy Websites + MarketingNo reliable site-wide install

GoDaddy Websites + Marketing has no reliable site-wide custom-code location for this tracker.

  1. Do not paste the tracker into an HTML section: builder HTML sections are isolated and cannot reliably observe the whole page.
  2. Use a GoDaddy-hosted WordPress site with the ClickReport plugin, or move the landing page to a platform that supports site-wide custom code.
  3. If you are unsure which GoDaddy product you have, send the installer link to your site administrator before changing anything.
Next.js / React

Render the loader once at the application root. ClickReport already observes normal History API and popstate navigation, so do not add a second tag on route changes.

  1. Next.js App Router: add next/script in the root app/layout.tsx with strategy="afterInteractive", the absolute ClickReport script URL, and the public site token.
  2. React: create the script once from a root component effect; keep the same element during Strict Mode's development effect probe.
  3. Map your consent manager to data-consent or ClickReportTracking.setConsent(), then build and deploy the application.
  4. Open the deployed URL and run the live browser test here.
HubSpot

HubSpot does not automatically block manually added third-party scripts with its consent banner. If you use that banner, start ClickReport in pending consent and connect its analytics callback before publishing.

  1. In HubSpot open Settings → Content → Pages and find the domain's Site footer HTML field.
  2. Paste the site-wide tag there. If a HubSpot consent banner is enabled, use the consent-aware HubSpot recipe on the ClickReport integrations page instead of treating the raw tag as automatically blocked.
  3. Save the domain setting and publish the affected HubSpot content.
  4. Test analytics grant, refusal, and withdrawal in a private browser, then run the ClickReport live browser test.
Framer
  1. Open the Framer project, choose Site Settings → Custom Code, and add a new site-wide code block.
  2. Paste the ClickReport tag, place it at the end of the body, and configure it to run on every page visit.
  3. Save and publish the project to its live domain.
  4. Return here and run the live browser test.
Custom HTML / another platform
  1. Open the shared site layout or template that renders every page on this domain.
  2. Paste the site-wide tag once just before the closing </body> tag. Do not add another copy for each ClickReport landing page.
  3. If the site has a consent manager, start with data-consent="pending" and map its analytics decision to ClickReportTracking.setConsent(). Allow https://www.clickreport.com in the site's script and connection CSP directives.
  4. Deploy or publish the change, then run the live browser test here.

Installers and developer adapter downloads

Every file below is built and checked from the repository source. After download, return to guided setup to copy the separate site token and run the live browser test.

No-code and tag-manager installers

Repository-tested developer adapters

Browser loader (.js)

ES module for custom sites and client-side applications.

Download Browser loader (.js)

React component (.tsx)

Client component for React applications.

Download React component (.tsx)

Next.js component (.tsx)

next/script component for the root app layout.

Download Next.js component (.tsx)

Nuxt plugin (.js)

Client-only Nuxt plugin driven by public runtime config.

Download Nuxt plugin (.js)

HubSpot consent adapter (.js)

HubSpot privacy-listener adapter that starts consent pending.

Download HubSpot consent adapter (.js)

Consent and Content Security Policy

If analytics consent is required, start the tag with data-consent="pending" and map the site's analytics choice to ClickReportTracking.setConsent(). The live test reports execution context; accepted visitor traffic confirms collector delivery.

Merge these minimum ClickReport destinations into the site's existing policy; do not replace a stricter production policy. The three directives cover script loading, fetch/beacon/XHR, and the bounded image fallback.

Minimum ClickReport CSP destinations

Content-Security-Policy:
  script-src 'self' https://www.clickreport.com;
  connect-src 'self' https://www.clickreport.com;
  img-src 'self' data: https://www.clickreport.com;

If the site requires Subresource Integrity, copy this current immutable tracker tag. Its filename and SHA-384 value are a matched pair; do not reuse the integrity value with /track.js. Keep the mutable /track.js URL for normal installs.

Current SRI tracker tag (2026-07-10.1)

<script
  async
  src="https://www.clickreport.com/track-2026-07-10.1-c1d36a127aca.js?id=SITE_TOKEN_FROM_DASHBOARD"
  integrity="sha384-2aw6Hkomelk6hNvdO06k3qlV5mwjl/LHpmeH7kDFSKbV+4Lm+xoRcoylCqWgSElF"
  crossorigin="anonymous"
></script>

HubSpot's banner does not automatically block manually inserted scripts; follow the HubSpot guide above and test grant, refusal, and withdrawal explicitly.

Ready for the site-specific tag?

Guided installation detects known website builders, supplies both the tag and raw site token, and records live verification in the account automatically.