GET /track/config

Returns tracker config for a site (e.g. whether to record session for replay). Used by the tracker when initialised with a siteKey to decide whether to start rrweb recording. Domain-validated: the request’s Origin or Referer hostname must match an allowed domain for the site (same rule as form config).

Query parameters

Param	Required	Description
`siteKey`	Yes	Site key (e.g. `pk_live_...`)

Response (200)

json

{
  "recordSession": true
}

Field	Type	Description
`recordSession`	boolean	When `true`, tracker should start rrweb recording for this site

Errors

400 — Missing siteKey
403 — Domain not authorized for this site (Origin/Referer not in site’s allowed domains)
404 — Site not found

No authentication required. CORS allows any origin.

Debugging 403 (server logs)

On domain denial, the worker logs domain_validation_denied with route: "/track/config", reason, request_hostname, and site_key. Same reason values as forms config. If you see HTML “blocked” from Cloudflare instead of JSON, the request did not reach the Worker (WAF / bot management).

GET /track/config ​

Query parameters ​

Response (200) ​

Errors ​

Debugging 403 (server logs) ​

GET /track/config

Query parameters

Response (200)

Errors

Debugging 403 (server logs)