En vous promenant sur Beamreactor, nous stockons votre IP 48h pour des raisons de sécurité.

Lecteur Markdown

tracking Documentation › TRACKING_DOCUMENTATION

Tracking Documentation

Tracking — Digital Exposure Audit #

Purpose #

Demonstrates to visitors how much of their identity is exposed to any website they visit. Designed as a sales/awareness tool for cybersecurity consultations.

No data is stored. No cookies are set by this plugin. Everything is computed live and discarded.

How it works #

The plugin collects information from two sources:

Server-side (PHP): IP address (with proxy/VPN detection via ipCheck()), User-Agent, accepted languages, referrer, source port, forwarding headers (X-Forwarded-For, Cloudflare).

Client-side (JavaScript): Screen resolution, colour depth, CPU cores, device memory, connection type, battery status, timezone, platform, canvas fingerprint, WebGL renderer/vendor, audio fingerprint, Do Not Track, cookies, localStorage, browser plugins, touchscreen capability, WebRTC IP leak.

A final score (0–100) is computed based on how many vectors returned usable data. The score represents exposure percentage, not a security rating.

Threat levels #

Each data card is visually tagged by exposure severity:

  • Low (green border): minimal identifying power on its own
  • Medium (yellow border): contributes to fingerprint entropy
  • High (red border): strongly identifying
  • Critical (pulsing red border): near-unique identifier

Security #

  • Access restricted to TRACKING_LEVEL_HIGHUSER by default
  • Not public ($is_public = 0)
  • All server-side values sanitized via Parser
  • No database required
  • No data persistence

Structure #

text
/plugins/tracking/
├── tracking.php
├── /conf/
│   └── tracking.conf.inc.php
├── /doc/
│   └── tracking.md
├── /locale/
│   ├── tracking.en.inc.php
│   ├── tracking.fr.inc.php
│   └── tracking.de.inc.php
├── /css/
│   └── tracking.css
└── /js/
	└── tracking.js

Configuration #

In conf/tracking.conf.inc.php:

  • $ftype = 2 — classified as stats/crawler tool
  • $is_public = 0 — not available to unauthenticated visitors
  • TRACKING_LEVEL_HIGHUSER — minimum access level

To restrict to admins only:

php
defined('TRACKING_LEVEL_HIGHUSER') or define('TRACKING_LEVEL_HIGHUSER', BASE_LEVEL_ADMIN);

Translations #

47 translation keys in $dialtracking[]. Available in EN, FR, DE.

JavaScript API #

The plugin exposes three global functions (prefixed to avoid collision):

  • tracking_init() — entry point, called via $footdata
  • tracking_checkWebRTC(translations, callback) — async WebRTC leak test
  • tracking_updateVerdict(score, maxScore, translations) — recomputes and displays the verdict

All translations are passed via setJavascriptLocale() through the PLUGIN_TRANSLATION.tracking namespace.

Changelog #

  • 2.0.0 (2026.02.07): Complete rewrite. Added canvas/WebGL/audio fingerprinting, WebRTC leak detection, battery API, scoring system. Full i18n. BeamReactor plugin conventions.
  • 1.0.0 (2003): Original version. Basic server info + inline JavaScript.
de en fr