Conversion tracking script configuration
The conversion tracking SDK is loaded as a standard <script> tag. All configuration is handled through data-* attributes on the tag itself — no JavaScript initialization is required for basic use.
Installation
Add the following tag to your HTML <head>:
<script
src="https://cdn.rebrandly.com/analytics/sdk/v1/rbly.min.js"
data-api-key="YOUR_KEY"
></script>Replace YOUR_KEY with your conversion tracking API key. You can find this key in Rebrandly Settings > Conversion tracking.
VersioningThe script URL currently follows an always-latest pattern.
Script attributes
All data-* attributes are set directly on the <script> tag. Only data-api-key is required; all others are optional.
| Attribute | Type | Default | Description |
|---|---|---|---|
data-api-key | string | — | Required. Your conversion tracking API key. |
data-api-base | URL | https://cdn.rebrandly.com | Override the tracking API base URL. The production default is https://cdn.rebrandly.com. Use this only if you need to target a non-production environment. |
data-auto-pageview | "true" | "false" | "true" | When "true", the SDK automatically fires a page_view event on initialization and on every SPA route change if an rbly_click_id is present. Set to "false" to disable automatic page view tracking entirely. |
data-custom-utm-params | comma-separated string | — | Extra UTM parameter names to capture in addition to the five standard ones (utm_source, utm_medium, utm_campaign, utm_term, utm_content). For example: data-custom-utm-params="utm_team,utm_variant". |
data-verify-param | string | "rbly_verify" | The query parameter name used for domain verification. Change this only if rbly_verify conflicts with an existing parameter in your application. |
data-dedup-enabled | "true" | "false" | "true" | Enable or disable event deduplication. When enabled, the SDK suppresses duplicate events with the same signature within the deduplication time window. |
data-dedup-time-window | integer (ms) | 10000 | The deduplication window in milliseconds. This setting has no effect when data-dedup-enabled is "false". |
Single-page application behavior
The tracking script initializes once when the script tag is parsed, using document.currentScript to read its configuration. It automatically intercepts history.pushState, history.replaceState, and popstate events — a page_view event fires on every route change with no developer action needed.
The rbly_click_id value persists in localStorage across routes, so calls to rbly.track() and rbly.convert() work correctly from any route without any additional setup.
There is no rbly.reinit() or rbly.reset() method. The tracking script does not support reload-based re-initialization.
Content Security Policy
The SDK makes runtime requests to the configured apiBase:
POST {apiBase}/v1/track— sends custom events viarbly.track()POST {apiBase}/v1/track/conversion— sends conversion events viarbly.convert()POST {apiBase}/v1/track/page-view— sends automatic page view eventsPOST {apiBase}/v1/sdk/ping— sends a domain verification ping on initialization
No requests are made to any third-party domain or analytics service. To operate under a strict Content Security Policy, add the following directives:
Content-Security-Policy:
script-src https://cdn.rebrandly.com;
connect-src {apiBase};Replace {apiBase} with the actual base URL for your environment. The production default is https://cdn.rebrandly.com.
Updated 4 days ago