Install Health
Verify your Zenovay tracker is working without watching the realtime globe. The Install Health endpoint returns a structured snapshot of the tracker's recent activity, the reachability of your site, current cookieless and consent configuration, and an actionable list of any issues that need your attention.
You cannot open this URL directly in a browser. The endpoint requires a Bearer JWT — opening the URL in a new tab will return 401 Missing or invalid authorization header. The supported ways to view the report:
- Dashboard (recommended) — sign in at app.zenovay.com, open your domain, then click Settings → Install Health.
- API — call the endpoint with a valid Bearer JWT (your dashboard session token). See the API reference below.
Where to find it
In the Zenovay dashboard:
- Open the Domains page and click your domain.
- Open Settings, then click the Install Health tab.
- The report auto-refreshes every 30 seconds. Use Refresh to force a fresh check.
Reading the response
Each call returns a JSON object with the following fields:
| Field | Type | Meaning |
|---|---|---|
last_event_seen_at | ISO8601 | null | Most recent timestamp Zenovay received any event for this site. |
minutes_since_last_event | number | null | Convenience derivative of the above. |
last_event_count_5m | number | Page views + custom events received in the last 5 minutes. |
last_event_count_24h | number | Same metric over the last 24 hours. |
script_reachable | boolean | null | Result of a server-side HEAD probe to your domain. null = probe blocked or sandbox; false = HTTP error; true = site responded normally. |
script_version | string | null | The tracker version Zenovay is currently serving. |
csp_blocking_suspected | boolean | Reserved for a future heuristic; always false in V1. |
cookieless_enabled | boolean | true when either your dashboard's cookieless toggle is on or the served HTML contains data-cookieless="true" on the Zenovay script tag. SPAs that inject the script tag from a separate JS bundle (Next.js, dynamic loaders) are not detected by HTML scanning — toggle the dashboard setting explicitly in that case. |
consent_recording_active | boolean | Whether the cookie consent banner (CMP) is configured for this site. This is NOT session replay — session recording is a separate Pro+ feature controlled under Domain → Settings → Reports. |
last_5_event_types | string[] | The five most recent custom event types received. |
issues | array | Actionable items detected by the diagnostic — see below. |
Status colors in the dashboard
The four cards at the top of the tab use the following thresholds:
- Green — events received in the last 5 minutes.
- Yellow — events received within the last hour but not the last 5 minutes.
- Red — silent for more than an hour, or no events ever received.
Common issues and fixes
The issues array is an enumeration of diagnostic codes Zenovay can return. Each item carries a severity, a stable code, a human-readable message, and a fix_url.
| Code | Severity | What it means | What to do |
|---|---|---|---|
awaiting_first_event | info | The website was created less than 24 hours ago and Zenovay has not yet seen an event. | Reload your site to send the first page view. |
script_never_installed | error | Zenovay has never received any event for this tracking code. | Confirm the tracking script is on every page. |
silent_tracker | error | The current gap between events is at least 10× longer than the typical gap for this site (with a floor of 6 hours and a cap of 7 days). Only fires when the site has had ≥5 events in the last 24 hours, so personal sites with one visitor a day will never trigger it spuriously. | Check whether the script tag is still present, an ad blocker is intercepting the request, or a Content Security Policy is blocking api.zenovay.com. |
tracker_quiet | warn | The current gap is at least 3× longer than the typical gap for this site (floor: 1 hour, cap: 24 hours). Only fires when the site has had ≥10 events in the last 24 hours; low-traffic sites are deliberately not warned. | Open your site in a new tab to confirm it still tracks. The warning includes the actual gap and the typical gap so you can judge whether it's a real outage. |
site_not_reachable | warn | Zenovay reached your site but received an HTTP error. | Check your hosting provider's status. |
probe_blocked | info | A network or CSP rule blocked the probe. The tracker may still be working. | This is informational — verify against the recent-events counter. |
sandbox_detected | info | Your domain matches a known development pattern (localhost, *.vercel.app, *.netlify.app, etc.). | Expected for staging environments. |
Need to see exactly what's being sent? Enable the Debug Overlay and append ?zenovay_debug=1 to any URL on your site. You'll see the last 20 outgoing tracker events with PII masked — useful when Install Health reports tracker_quiet and you want to confirm whether a specific page is firing.
Email alerts (opt-in per domain)
When the diagnostic flips a silent_tracker error for your domain, Zenovay sends a one-shot email to the website's owner. When events resume, you get a one-shot all-clear. Maximum one email per outage — five layers of dedup prevent spam:
- The cron runs every 6 hours, not every minute.
- The
silent_trackerthreshold itself requires a gap of at least 6 hours. - Sites with fewer than 5 events in the last 24 hours never trigger an alert (a personal blog with one visit a day will never email you).
- Internal state machine fires only on transition (healthy → silent or silent → healthy), never on consecutive cron runs.
- The email-log idempotency key is anchored to the outage's first-silent timestamp — even a state-machine bug cannot send two silent emails per outage.
Sandbox/dev domains (localhost, *.vercel.app, *.netlify.app, *.pages.dev, *.workers.dev, *.test, *.local) are excluded from alerts entirely.
Toggle alerts per domain in Domain → Settings → Install Health → Email alerts. Default is on.
API reference
/api/install-health/:trackingCodeAuth-only diagnostic for a single website's tracker.
URL: https://api.zenovay.com/api/install-health/<YOUR_TRACKING_CODE> — replace <YOUR_TRACKING_CODE> with your code (e.g. ZV_AbCdEf...). The route definition uses Express-style :trackingCode notation but the leading colon is not part of the actual URL.
Authentication: Bearer JWT (your dashboard session token).
Caching: Responses are cached for 30 seconds at the edge to keep dashboard polling lightweight.
Privacy: No personal data (IP addresses, user-agent strings, or referrer values) appears in the response — only counts, flags, and event-type strings.
Example request
# Note the URL has NO leading colon — replace ZV_YOUR_TRACKING_CODE
# with your real code from app.zenovay.com → Domain → Settings.
# The Bearer JWT is mandatory; copy it from a logged-in dashboard
# session via your browser's DevTools → Network → /api/auth/user.
curl https://api.zenovay.com/api/install-health/ZV_YOUR_TRACKING_CODE \
-H "Authorization: Bearer $YOUR_JWT"Example response
{
"last_event_seen_at": "2026-05-02T21:15:42.110Z",
"minutes_since_last_event": 0,
"last_event_count_5m": 12,
"last_event_count_24h": 1843,
"script_reachable": true,
"script_version": "v2.0.1",
"csp_blocking_suspected": false,
"cookieless_enabled": true,
"consent_recording_active": false,
"last_5_event_types": ["pageview", "click", "scroll", "form_submit", "outbound_click"],
"issues": []
}The endpoint is intentionally authenticated. Tracking codes are essentially public (they are embedded in your site's HTML), so an unauthenticated diagnostic would need its own abuse plumbing. Use your dashboard JWT.