---
title: The Tracking Script
description: How to install and configure the Luigi's Box tracking script on your website.
slug: platform-foundations/lbx-script
docKind: guide
hub: platform-foundations
---

After you [sign up](https://app.luigisbox.tech/users/sign_up) for Luigi's Box, you will receive a
unique tracking script. This script activates
Luigi's Box services, including Analytics, Autocomplete, Search, Product Listing, and Recommender.

**Example:**

```html
<script async src="https://scripts.luigisbox.tech/LBX-123.js"></script>
```

:::note
This script is required unless you are performing a full server-side integration via the API.
:::

## Domain specificity

Each tracking script is unique to a specific domain. Do not use the same script across different domains.
Doing so will merge data from multiple sites into a single view, making analysis difficult. If you
manage multiple domains, please contact us for separate tracking scripts.

## Installation

### Option 1: Direct HTML injection (recommended)

Locate your website's main layout or header file. This file is typically responsible for the global
header across all pages (e.g., `header.php`, `theme.liquid`, or `head.phtml`).

Paste the script tag anywhere between the opening `<head>` and closing `</head>` tags.

**Example:**

```html
<!DOCTYPE html>
<html>
  <head>
    <script async src="https://scripts.luigisbox.tech/LBX-123.js"></script>
  </head>
  <body></body>
</html>
```

:::tip
If you are using **Magento** or **IdoSell**, browse our [Platform Integrations](/platform-integrations/)
to find the specific setup guide for your store.
:::

### Option 2: Google Tag Manager (GTM)

If you cannot modify the HTML directly, you may use **Google Tag Manager**.

You can refer to this [step-by-step guide for GTM integration](https://www.luigisbox.com/implementation/gtm/).

:::caution
We strictly recommend **Option 1** instead. Using GTM has two major downsides:

1. **Adblockers:** Many adblockers block GTM entirely. If you load Luigi's Box via GTM, our services
   will not load for users with adblockers enabled.
2. **Performance:** Loading via GTM introduces latency, which may cause advanced features (such as
   Fixit rules) to execute more slowly.
   :::

## Content Security Policy (CSP)

If your website enforces a Content Security Policy, add the following rules to allow Luigi's Box services
to communicate with your site:

| CSP Directive | Required Values                                                                         |
| ------------- | --------------------------------------------------------------------------------------- |
| `connect-src` | `https://api.luigisbox.tech` `https://live.luigisbox.tech` `https://app.luigisbox.tech` |
| `script-src`  | `https://scripts.luigisbox.tech` `https://cdn.luigisbox.tech`                           |
| `style-src`   | `https://cdn.luigisbox.tech`                                                            |