A lightweight, flexible attribution script for tracking referral codes in web applications. The attribution script captures referral codes from URL parameters, stores them in cookies, and automatically injects them into forms for seamless referral tracking.

• Automatic referral code tracking - Captures refcode from URL parameters (?refcode=ABC123)
• Persistent cookie storage - Stores referral codes in cookies for 90-day tracking
• Smart form attachment - Only attaches to forms when a referral code exists (no empty fields)
• Dynamic form detection - MutationObserver automatically detects forms added after page load (SPAs, modals)
• Flexible auto-attach modes - Choose between "data-refref" (default), "all", or "false"
• Simple script tag configuration - All configuration via HTML attributes (no JavaScript required)
• MDN-compliant cookie options - Supports all standard Set-Cookie attributes
• Auto-detect HTTPS - Automatically adds Secure attribute on HTTPS sites
• TypeScript support - Fully typed with exported types
• Framework agnostic - Works with React, Vue, Svelte, plain HTML, and all modern frameworks
• Zero configuration - Works out of the box with sensible defaults

Add the script tag to your HTML (typically in the or before closing ):

The script automatically initializes when the DOM is ready. No additional configuration required.

By default, the script only attaches to forms with the data-refref attribute:

When a user visits https://yoursite.com?refcode=ABC123:

1. The code is saved to a cookie for 90 days
2. Forms with data-refref get a hidden
3. Dynamically added forms with data-refref are automatically detected

Control which forms get referral tracking using the data-auto-attach attribute:

Only attaches to forms with the data-refref attribute. This is the default and recommended mode.

Use when:

• You want explicit control over which forms include referral codes
• You have non-referral forms (search, filters, internal forms) to exclude
• You prefer opt-in behavior (recommended for most use cases)
• You want to avoid cluttering every form with hidden fields

Attaches to ALL forms on the page, regardless of data-refref attribute.

Use when:

• You want to track every single form on your site
• Your site only has referral-related forms
• You want the simplest setup (no attributes to add)

Note: This attaches to ALL forms including search forms, filter forms, etc. Be intentional about this choice.

No automatic attachment. Use manual API calls only.

Use when:

• You need full manual control over form attachment
• You have custom logic for when/how to attach
• Performance-sensitive scenarios (no MutationObserver overhead)
• Advanced integrations with custom frameworks

Note: MutationObserver is disabled in this mode. You must manually call attachTo() for dynamically added forms.

Configure cookie behavior using the data-cookie-options attribute with a JSON string:

The script uses these defaults (no configuration needed):

• Path: / (available across your entire site)
• Max-Age: 7776000 (90 days in seconds)
• SameSite: Lax (allows cross-site referrals)
• Secure: Auto-detected (added automatically on HTTPS, omitted on HTTP)

The script accepts any MDN-compliant Set-Cookie attribute. Common options:

Full list of attributes: See MDN Set-Cookie documentation

Subdomain tracking (e.g., app.example.com and www.example.com):

Strict same-site policy:

Custom expiration (30 days):

Multiple options:

The Secure attribute is automatically added based on the page protocol:

• HTTPS: Secure attribute is automatically added to cookies
• HTTP: Secure attribute is NOT added (allows cookies to work on localhost)

You can override this by explicitly setting Secure in data-cookie-options.

If the data-cookie-options JSON is invalid, the script:

1. Logs a warning to the console
2. Falls back to default cookie options
3. Continues to function normally

1. Auto-initialization: Script initializes automatically when DOM is ready
2. URL parameter check: Looks for ?refcode=ABC123 in the URL
3. Cookie check: If no URL parameter, checks for existing cookie (refref-refcode)
4. Priority: URL parameters override cookie values (refreshes the cookie)
5. Cookie storage: Saves referral code to cookie if found (90-day default)
6. Form attachment (only when referral code exists):
   • Mode "data-refref" (default): Injects hidden fields into forms with data-refref attribute
   • Mode "all": Injects hidden fields into ALL forms
   • Mode "false": No automatic injection
7. Dynamic detection: MutationObserver watches for new forms and auto-attaches (for "all" and "data-refref" modes)

The script only injects hidden fields when a referral code exists (from URL or cookie). This prevents empty fields from cluttering your forms.

Example:

When a referral code exists, the script injects:

• Field name: Always "refcode" (not configurable)
• Field value: The referral code from URL or cookie
• Injection behavior: Creates new field or updates existing field with same name
• Conditional: Only injected when referral code exists

The MutationObserver automatically detects forms added after page load:

Note: MutationObserver is active for "all" and "data-refref" modes. It's disabled in "false" mode.

The script exposes window.RefRefAttribution with the following methods:

Get the current referral code (from URL or cookie).

Returns:

• string: The referral code if present
• undefined: No referral code found

Manually attach referral tracking to a specific form.

Parameters:

• form: The form element to attach to

Behavior:

• Creates/updates hidden field
• Only sets value if referral code exists

Manually attach referral tracking to all forms (respects data-auto-attach mode).

Behavior (based on current mode):

• "data-refref": Attaches to forms with data-refref attribute
• "all": Attaches to ALL forms
• "false": No-op (does nothing)

Use case: Call after dynamically adding multiple forms in "false" mode.

Stop the MutationObserver from watching for new forms.

Use cases:

• Performance optimization (if you know no more forms will be added)
• Cleanup before page unload
• Switching to fully manual control

Note: After calling stopObserver(), dynamically added forms won't be automatically tracked. You must manually call attachTo() or attachToAll().

The attribution script works seamlessly with the RefRef widget:

1. Attribution script captures and stores referral codes from URL parameters
2. Widget reads the same cookie (refref-refcode) during initialization
3. Widget sends the referral code to the backend API for automatic attribution
4. Both scripts use the same cookie key for consistency

This ensures referral tracking works across your entire application.

The script automatically captures referral codes from URL query parameters:

Priority: URL parameters override cookie values. If a user visits with a new refcode, it refreshes the cookie.

• Cookie name: refref-refcode
• Default expiration: 90 days (7776000 seconds)
• Storage: Persists across browser sessions and page navigations
• Privacy: Respects browser cookie settings and privacy preferences

Note: If cookies are disabled, the script still works for the current session using URL parameters, but won't persist across sessions.

The script is fully typed. When using the CDN version, TypeScript types are available:

Supports all modern browsers:

• Chrome
• Firefox
• Safari
• Edge

Requires JavaScript enabled.

MIT