Download the PHP package ghdj/laravel-visitor-tracker without Composer
On this page you can find all versions of the php package ghdj/laravel-visitor-tracker. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ghdj/laravel-visitor-tracker
More information about ghdj/laravel-visitor-tracker
Files in ghdj/laravel-visitor-tracker
Package laravel-visitor-tracker
Short Description A comprehensive visitor tracking package for Laravel applications with analytics, geolocation, and bot detection - zero external dependencies
License MIT
Homepage https://github.com/ghdj/laravel-visitor-tracker
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-visitor-tracker
Laravel Visitor Tracker
A comprehensive visitor tracking package for Laravel applications with analytics, geolocation, and bot detection.
🚀 Zero External Dependencies - Uses only Laravel's built-in features and native PHP for all functionality.
Features
- 📊 Comprehensive Tracking - Track page views, unique visitors, and sessions
- 🤖 Native Bot Detection - Detect 100+ bots/crawlers without external packages
- 📱 Native Device Detection - Identify browsers, platforms, and device types using regex
- 🌍 Geolocation - Optional IP-based location tracking (using Laravel's HTTP client)
- 🔒 GDPR Compliant - GDPR Safe Mode for consent-free tracking, IP anonymization, DNT support
- ⚡ Performance - Queue support for async tracking, statistics caching
- 📈 Rich Statistics - Browser, platform, device, country, referrer analytics
- 🎯 Flexible Exclusions - Exclude paths, IPs, user agents, status codes
- 🔧 Zero Dependencies - Only uses Laravel's illuminate packages
Requirements
- PHP 8.1+
- Laravel 10.x, 11.x, or 12.x
Installation
Publish the configuration file:
Run the migrations:
Configuration
The configuration file is located at config/visitor-tracker.php. Key options include:
Usage
Middleware
Add the tracking middleware to your routes:
Using the Facade
Using the Helper Function
Blade Directives
Working with Models
Using Native Services Directly
Adding Custom Patterns
Listening to Events
Artisan Commands
Scheduling Data Pruning
Add to your routes/console.php or scheduler:
Behind a Reverse Proxy / CDN
If your app sits behind Cloudflare, AWS ALB, nginx, or any other reverse proxy,
you must configure Laravel's TrustProxies middleware before enabling
visitor tracking. Without it, every request will appear to come from the proxy's
IP address — breaking IP exclusions, geolocation accuracy, and IP anonymization.
For Laravel 11/12, in bootstrap/app.php:
For Laravel 10, see app/Http/Middleware/TrustProxies.php.
Tip: trust only the proxies you actually own. Setting
at: '*'accepts anyX-Forwarded-Forheader, which is fine when only your proxy can reach the app, but unsafe if the app is also directly accessible.
Dashboard Authentication
Security: When
dashboard.enabledistrue, the package will refuse to boot unless at least one ofdashboard.token,dashboard.gate, or anauth*entry indashboard.middlewareis configured. The check is auto-skipped in thetestingenvironment so your test suite can exercise the controller directly. To bypass it intentionally elsewhere (e.g. you front the dashboard with a network-level access control), setvisitor-tracker.dashboard.allow_unprotected = true.
The dashboard is always protected. Choose an authentication method based on your site:
Option 1: Token Authentication (Sites Without Login)
For sites without user authentication, use a secret token:
Enable the dashboard in config/visitor-tracker.php:
Access the dashboard via:
- URL:
/admin/visitor-tracker?token=your-secret-token-here - Header:
X-Visitor-Tracker-Token: your-secret-token-here - Bearer:
Authorization: Bearer your-secret-token-here
Option 2: Laravel Auth (Sites With Login)
For sites with user authentication:
Option 3: Gate Authorization (Role-Based Access)
For admin-only access with Laravel Gates:
Geolocation Providers
All providers use Laravel's built-in HTTP client - no external packages required.
ip-api.com (Free, No API Key)
ipinfo.io
Queue Support
For high-traffic sites, enable queue processing:
GDPR Safe Mode
To track anonymous aggregate statistics without requiring user consent, enable GDPR Safe Mode:
When enabled, the following personal data is NOT collected:
| Data | Status | Notes |
|---|---|---|
| IP Address | ❌ Not stored | Not even anonymized |
| User ID | ❌ Not stored | No link to authenticated users |
| Persistent Cookie | ❌ Not used | Session-only identification |
| Full User Agent | ❌ Not stored | Only parsed for aggregate stats |
| City / Region | ❌ Not stored | Only country-level location |
| Coordinates | ❌ Not stored | No lat/long |
Note on session fallback: GDPR Safe Mode identifies visitors by Laravel's session ID (which lives in a session cookie that expires when the browser closes if you set
SESSION_LIFETIMEaccordingly). If the request has no session available at all, the tracker falls back to a daily hash of the User-Agent string for aggregate counting only — this is not individually identifying but does group same-UA requests within a single calendar day. To get the strongest guarantees, ensure your tracked routes go through thewebmiddleware group.
What IS still collected (anonymous, aggregate data):
| Data | Purpose |
|---|---|
| Page view counts | Traffic analytics |
| Browser name | Chrome, Firefox, etc. |
| Platform name | Windows, macOS, etc. |
| Device type | Mobile, desktop, tablet |
| Country | Broad geographic distribution |
| Referrer domain | Traffic sources |
Detected Browsers
Chrome, Firefox, Safari, Edge, Opera, Brave, Vivaldi, Samsung Browser, UC Browser, Yandex, IE, and more.
Detected Platforms
Windows (XP through 11), macOS, iOS, Android, Linux, Ubuntu, Chrome OS, FreeBSD.
Detected Bots
100+ bot patterns including:
- Search Engines: Google, Bing, Yahoo, DuckDuckGo, Baidu, Yandex
- Social Media: Facebook, Twitter, LinkedIn, Pinterest, Slack, Discord
- AI/LLM: GPTBot, ClaudeBot, Anthropic, CCBot, Perplexity
- SEO Tools: Ahrefs, SEMrush, Moz, Majestic
- Monitoring: UptimeRobot, Pingdom, DataDog, New Relic
- HTTP Clients: cURL, Wget, Python Requests, Postman, Axios
Testing
Code Quality
Why Zero Dependencies?
- Smaller footprint - No additional packages to install or maintain
- Better performance - Native regex is fast and efficient
- Full control - Easily extend patterns via configuration
- Security - Less attack surface, no supply chain concerns
- Reliability - Only depends on Laravel core packages
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
License
The MIT License (MIT). Please see License File for more information.
All versions of laravel-visitor-tracker with dependencies
illuminate/contracts Version ^10.0|^11.0|^12.0
illuminate/database Version ^10.0|^11.0|^12.0
illuminate/http Version ^10.0|^11.0|^12.0
illuminate/support Version ^10.0|^11.0|^12.0