Follow The Spend
Tracking

The pixel (intentiq.js)

How the Follow The Spend tracking script works — install, load behavior, and what it actually does.

The Follow The Spend pixel is a small JavaScript file (intentiq.js) that runs on every page of your storefront. It's how we capture visitor activity.

How it gets installed

Through Shopify's Script Tag API, automatically, during the OAuth install flow. There is no manual code paste, no theme edit, no Liquid snippet to add. When you approve the OAuth permissions, Shopify adds our script to every storefront page.

The Script Tag URL looks like:

https://cdn.followthespend.com/intentiq.js?sid=<your-pixel-id>

Where <your-pixel-id> is the unique site identifier we generate for your store at install time.

What's intentiq.js?

The neutral filename is deliberate. We chose a name that doesn't immediately reveal which analytics tool you use — your customers (or competitors looking at your source) can't trivially identify your stack from the script name.

The behavior is the same as any tracking pixel. The naming is just a small privacy-by-default touch.

How it loads

  • Async. Never blocks page render. The browser parses your HTML and shows your store; the pixel loads in parallel and fires when ready.
  • Small. ~6KB gzipped. The whole script downloads in a single round-trip on a fast connection.
  • Cached. Cloudflare caches the file at the edge with a 1-hour TTL. After the first visit, return visits typically hit the browser cache and the script doesn't re-download.
  • First-party. Cookies it sets are scoped to your store's domain, not to ours. They're not third-party cookies and aren't blocked by ITP's third-party rules.

What it does on each page

On every page load, the pixel:

  1. Reads or creates the visitor cookie. First visit → generate a new visitor ID. Returning → read the existing one.
  2. Reads or creates the session cookie. New session if no recent activity, otherwise extends the current session.
  3. Captures page metadata. URL, page title, referrer, UTM parameters, timestamp.
  4. Fires a page_view event to our API endpoint at cdn.followthespend.com/event (which proxies to api.followthespend.com).
  5. Detects identification triggers. If the page contains a Shopify customer login signal, fires an identify event with the customer ID.
  6. Fires conversion events on the order thank-you page, with the order ID and visitor cookie.

That's the full set. No scroll tracking, no click heatmaps, no DOM scraping in v1.

Performance impact

Real-world measurements from production stores running the pixel:

  • First Contentful Paint impact: undetectable (pixel loads after FCP)
  • Total Blocking Time impact: under 5ms (pixel work is non-blocking and runs during browser idle time)
  • Bandwidth impact: ~6KB on first visit, near-zero on cached return visits
  • CPU impact: negligible — no heavy computation on the client

If you're worried about Lighthouse scores, the pixel will not register meaningfully.

What gets sent over the wire

Each event the pixel fires sends a small JSON payload to our API. A typical page_view looks like:

{
  "type": "page_view",
  "site_id": "<your-pixel-id>",
  "visitor_id": "v_4f2a8c91...",
  "session_id": "s_a8d2e8f1...",
  "url": "https://yourstore.com/products/red-shoes",
  "referrer": "https://www.google.com/",
  "utm_source": null,
  "utm_medium": null,
  "utm_campaign": null,
  "title": "Red Shoes — Acme Store",
  "user_agent_partial": "Chrome 130 Mac",
  "timestamp": "2026-04-29T14:32:10.123Z"
}

We do not send:

  • Email addresses (until identification, and even then only the customer ID, not the email)
  • Form field contents
  • Page DOM contents
  • IP addresses (we use them at the edge for geolocation, then discard)
  • Cookies other than our own first-party visitor and session cookies

See What we collect for the complete list.

CSP / Content Security Policy

If your store has a strict CSP, you'll need to allow:

  • script-src 'self' cdn.followthespend.com
  • connect-src 'self' cdn.followthespend.com

The default Shopify storefront CSP is permissive enough that you don't need to change anything. Custom theme apps occasionally tighten this — if Pulse shows zero data and your CSP is locked down, this is the most likely cause.

Ad-blocker and ITP behavior

The pixel is not currently ad-blocker-proof. Aggressive ad-blockers (uBlock Origin with custom rules, Brave shields on max) can block the script. In real production data we see ~5–8% of visits hidden by ad-blockers — meaningful but not catastrophic.

ITP (Safari's Intelligent Tracking Prevention) caps first-party cookie lifetime at 7 days for cookies set via JavaScript. This means a Safari visitor who returns 8+ days later will look like a new visitor to us. ITP-resistant tracking is the role of server-side tracking, coming next.

Server-side tracking is the v1.x answer

The next major release of FTS adds server-side tracking via Shopify's Web Pixel API. The pixel becomes a fallback rather than the primary path. Three things change:

  • Ad-blockers can't block it — events flow server-to-server, not browser-to-server
  • ITP doesn't apply — cookies are set server-side and don't fall under the JS-cookie cap
  • Express checkouts attribute correctly — the Web Pixel surface receives all checkout events, including Buy It Now / Shop Pay

See Server-Side Tracking for the upcoming details.

Where to go next

Tracking

The pixel, server-side tracking, and what's captured automatically.

What is tracked automatically

The full taxonomy of events the pixel and webhooks send to Follow The Spend.

On this page

How it gets installedWhat's intentiq.js?How it loadsWhat it does on each pagePerformance impactWhat gets sent over the wireCSP / Content Security PolicyAd-blocker and ITP behaviorServer-side tracking is the v1.x answerWhere to go next