# Understanding Unique Hit Tracking

## What are Unique Hits?

Unique hits represent distinct visits to your website pages. While total hits count every page view (including refreshes and repeat visits), unique hits provide a more accurate picture of individual visitor sessions on a per-page basis.

## How We Track Unique Hits

Our unique hit tracking system is built with privacy at its core, using advanced anonymisation techniques:

### Data Collection
- **Page Information:**
  - Current URL path
  - Page title
  - Referrer (when available)
- **Browser Data:**
  - User agent string (truncated for privacy)
- **Request Data:**
  - Cloudflare-provided information
  - Timestamp
  - Geographic region (country only)

### Privacy-First Processing
1. **Anonymisation:** All potentially identifying information is stripped or truncated before processing
2. **Hash Generation:** We combine the collected data with:
   - Current date
   - Rotating salt (changes every 12 hours)
   - Site identifier and page path
   - Anonymised request data
3. **One-Way Encryption:** The final hash is irreversible, ensuring visitor privacy

## Privacy and Security Measures

- Zero personal data storage
- IP addresses from Cloudflare edge locations are used only for hash generation (which are not the same as your visitor's IP address)
- Regular salt rotation (every 12 hours)
- Cloudflare as a privacy buffer
- GDPR and CCPA compliant approach ([learn more about our compliance](/docs/privacy_compliance))
- No cookies or local storage used
- Rate limiting to prevent abuse

## What This Means for Site Owners

- **Accurate Analytics:** Get meaningful visitor insights without compromising privacy
- **Time-Based Stats:** View unique visitors within a 24-hour window
- **Geographic Insights:** Country-level analytics without personal tracking
- **Zero Setup:** Privacy protection works out of the box

## Technical Considerations

- Unique hits reset daily at midnight UTC
- Geographic data is approximate (country-level only)
- Bot traffic and other automated requests are automatically filtered
- Cached responses don't trigger new hits
- Rate limiting of 25 hits per minute per source, and other limits to prevent abuse
- User agent strings are truncated to 50 characters

For implementation details and get started, see our [script embedding guide](/docs/embedding_your_script).