Skip to main content
Visitor Insights is the card on the dashboard Overview tab that answers a question cookie-based analytics gets wrong: how many real people visited, and how many were genuinely new? The two headline numbers are Visitors and New Visitors, followed by breakdowns of where those people came from and how they connect. Every number is computed server-side and read-only. The dashboard renders results; it never blocks, challenges, or decides anything.

Visitors and New Visitors

Two metrics sit at the top of the card. These are the exact product tooltips:
MetricTooltip
Visitors”Estimated unique visitors using cookies, browser info, and device info.”
New Visitors”Visitors first seen in the selected period.”
“Estimated” is deliberate. ShieldLabs does not promise an exact headcount. It reports an estimate of unique people, built from a stable identity rather than a single cookie. Read these as a confident estimate of real humans, not a precise tally.
  • Visitors is the estimated number of distinct people in the selected date range.
  • New Visitors is the subset of those people first seen inside that same window. “First seen” is measured against the dashboard date filter, not a fixed lookback. Change the date range and the “new” determination moves with it.
Both numbers carry a trend arrow that compares the selected range against the immediately preceding range of equal length (for example, the last 7 days versus the 7 days before).

How visitor counting actually works

The phrase that matters in the Visitors tooltip is “using cookies, browser info, and device info.” ShieldLabs does not count by a single cookie. It counts by a fingerprint-derived identity: the DeviceID. This is the whole reason the count is more accurate for returning visitors, so it is worth understanding the mechanism.

How Google Analytics and Vercel Analytics count

Cookie-based analytics assign each browser a first-party identifier and count distinct identifiers:
  • Google Analytics writes a _ga first-party cookie holding a client id and counts unique client ids.
  • Vercel Analytics derives a per-visit client id (a daily hash of IP and user-agent in its privacy-preserving mode) and counts those.
In both cases the identity is something stored on the client or derived from network attributes that change. That has a predictable failure mode. Every one of these events mints a brand-new identifier, and the same person is counted again as a brand-new user:
  • The visitor clears cookies or browser storage.
  • The visitor opens the site in an incognito / private window (fresh storage, no prior cookie).
  • The visitor’s IP rotates (mobile network, VPN, ISP reassignment) where the id leans on IP.
  • Privacy tooling (tracking-protection browsers, cookie auto-expiry) drops the cookie within days.
The result: inflated new-visitor counts and lost returning visitors. A loyal user who clears cookies every week looks like 52 different new people a year. Safari and other privacy browsers cap first-party script cookies at around 7 days, so cookie-based “returning visitor” rates decay within weeks no matter what you do.

How ShieldLabs counts

ShieldLabs counts by the DeviceID, a UUID5 derived from dozens of stable browser-environment components (canvas, WebGL, audio, fonts, screen, navigator, timezone, and more). The critical property:
The DeviceID is derived from the browser environment, not stored in it.
Because nothing is stored, there is nothing to clear. A returning person on the same browser reproduces the same environment, so the server derives the same DeviceID even after they:
  • clear cookies and local storage,
  • open the site in an incognito / private window,
  • rotate their IP address.
That person is recognized as returning, not counted again as new. The “new visitor” number stops inflating, and the “returning” signal survives the cookie clears that destroy it in cookie-based tools.
ShieldLabs also has a VisitorID (UUID5(DeviceID + CookieID)), but that one breaks on cookie clear because it includes the cookie. The durable identity that powers accurate visitor counting is the DeviceID, not the VisitorID. The “survives cleared cookies” property belongs to DeviceID.

Side-by-side comparison

A fair comparison across the dimensions that decide whether the same person is counted once or many times.
DimensionGoogle AnalyticsVercel AnalyticsShieldLabs
Identity basisFirst-party cookie (_ga client id)Client id (per-visit hash of IP + user-agent in privacy mode)Fingerprint-derived identity (DeviceID), not stored
Survives cookie clearNo (new client id)NoYes (DeviceID is derived, not stored)
Survives incognito / private windowNo (fresh storage)NoYes (same browser environment)
Survives IP rotationYes (cookie persists)No (id is partly IP-derived)Yes (DeviceID is not IP-based)
Same person across two browsersNoNoNo (DeviceID is browser-bound)
Sees VPN / proxy / Tor on the visitNoNoYes (anonymity signals per visit)
Carries a Risk Score per visitNoNoYes (0–100 Risk Score)
The honest read of that table: ShieldLabs keeps the same person on the same browser as one identity through the four events that fragment cookie analytics (cookie clear, incognito, IP rotation, privacy tooling), and it adds two things cookie analytics never had: it can see whether a visit is masked (VPN / proxy / Tor) and it scores the visit’s risk.

Be honest about the boundaries

Durability is real, but it is not magic. State both sides.
DeviceID is browser-bound. It is derived from one browser’s environment, so the same person using a different browser on the same machine produces a different DeviceID and is counted separately. ShieldLabs does not do cross-browser visitor recognition today. If a user visits in Chrome and then Safari, that is two DeviceIDs.
The number is estimated, not exact. The tooltip says “estimated unique visitors” for a reason. Fingerprint-derived identity is far more stable than a cookie, but it is a strong estimate, not a guaranteed 1:1 headcount. Two devices with near-identical environments can collide, and a heavily modified environment can shift. Treat the count as a confident estimate of real people, not an audited total.
The fair summary: pair “more durable than cookie-based counting” with “estimated.” ShieldLabs gives you a far more accurate count of returning people on the same browser than a cookie can, and it is upfront that the figure is an estimate and that cross-browser visits are still separate.

Visitor breakdowns

Below the two metrics, the card breaks the same visitors down five ways. Each list shows the top entries with a More button that opens the full list. All values are server-supplied counts.

Top Countries

Visitor countries with flag icons (for example, United States, Germany, United Kingdom, France, Japan), derived from IP geolocation.

Top Browsers

Browser families with logos (for example, Chrome, Safari, Firefox, Edge, Opera).

Top OS

Operating systems (for example, Windows, macOS, iOS, Android, Linux).

Device Type

Desktop, Mobile, Tablet, or Other.
Each row shows the name, its count, and its share of the list total.

Connection Types

The fifth breakdown, Connection Types, is the one cookie analytics cannot produce. It classifies each visitor’s connection by how anonymous it is:
Connection typeWhat it indicates
DirectAn ordinary residential or business connection, no masking detected.
MobileA mobile carrier network.
VPNA commercial or known VPN network (corroborated, not a raw blocklist hit).
ProxyTraffic routed through a proxy.
TorTraffic exiting the Tor anonymity network.
Privacy RelayiCloud Private Relay or a similar relay service (lower risk: a privacy-conscious user, not necessarily masking intent).
UnknownThe connection type could not be determined.
Connection types come from the same network analysis behind the per-visit signals and feed each visit’s Risk Score. A high share of VPN, Proxy, or Tor connections in this list is an early read on traffic quality. To rank that risk by where the traffic came from, use Traffic Sources.

How to read this card

1

Set the window

Pick a Project and date range in the Overview Filters. The “new visitor” determination is relative to this window.
2

Read Visitors vs New Visitors

A healthy returning audience shows New Visitors as a fraction of Visitors. Because ShieldLabs counts by DeviceID, that ratio is not inflated by cookie clears the way a cookie-based tool would inflate it.
3

Sanity-check against cookie analytics

Expect your ShieldLabs returning rate to be higher (and new-visitor rate lower) than Google Analytics or Vercel for the same period. That gap is the cookie-clear and incognito traffic that cookie tools miscount as new.
4

Scan Connection Types

A rising VPN / Proxy / Tor share is a traffic-quality signal. Drill into where it comes from on Traffic Sources.

Next steps

Identifiers

How DeviceID, VisitorID, CookieID, and UserHID are derived and why DeviceID survives cleared cookies.

Traffic Sources

Rank each channel, referrer, and campaign by the risk and anonymous-traffic share it delivers.

Risk Score

The 0–100 score and bands behind each visit’s risk and the Connection Types breakdown.

Overview tab

Where Visitor Insights sits alongside Traffic Risk, Request Signals, and Patterns.