Bypassing adblockers with GDPR-safe analytics using Plausible

I’m using Plausible analytics for my self-hosted Ghost blog in the EU.

Plausible has “privacy by design” which can not be disabled; no cookies, GDPR safe and EU-servers so I believe it is ethical to bypass ad-blockers - with a notification in the site footer.

Plausible uses a proxy in the server configuration - they describe how to do this for different hosts (nginx / apache / cloudflare / GCP / etc ) at Adblockers and using a proxy for analytics | Plausible docs

I’m using nginx to proxy the tracking script and API requests. They all appear to come from the same site as the blog content, but the request is actually made to plausible.io.

The script tag in Ghost HEAD is re-written to

<script defer data-api="/api/event" data-domain="myblogdomain.com" src="/js/script.js"></script>

No reference to any tracking script-tag in this statement - the tracking script is loaded and API requests are made from/to a different site using a proxy-statement in the nginx config file…

    location = /js/script.js {
        proxy_pass https://plausible.io/js/script.js;
 
    }

   location = /api/event {
        proxy_pass https://plausible.io/api/event;
        proxy_http_version 1.1;

        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;

    }

There are additional config to cache the script and when self-hosting Plausible in the documentation at Proxying Plausible through Nginx | Plausible docs

Here is the Plausible script loaded - the browser sees the request from the same site as all other blog content with a friendly looking name such as script.js

UPDATE: also figured out how to rewrite the script names in nginx, the name script.outbound-links.js is easily targeted by ad-blockers, by using a regex for location and adding rewrites…

    location ^~ /js/ {

        rewrite ^/js/pl.js$ /js/script.js last;
        rewrite ^/js/pl2.js$ /js/script.outbound-links.js last;

in the location block the scripts can be renamed - pl.js and pl2.js in my case, then the HEAD tag in Ghost becomes

<script defer data-api="/api/event" data-domain="myblogdomain.com" src="/js/pl.js"></script>

1 Like