Two clear surfaces for merchant scripts: site-wide head/body injection for GTM and chat widgets, and order-confirmation scripts for Google Ads, Facebook Pixel, and TikTok purchase events. CSP nonces injected automatically.
Every marketing campaign ends with the same question: did it work? To answer that question, you need conversion tracking — and until now, setting it up on a Cartly storefront required editing Liquid files directly. That changes today.
We looked at how merchants actually use tracking scripts and found two distinct audiences with different needs. That led us to build two separate, clearly-labelled injection points rather than one generic "custom code" box.
Go to Settings → Custom Scripts to add code that should run on every page of your storefront: Google Tag Manager, GA4 site-wide config, Hotjar session recording, Intercom or Crisp chat widgets. Paste your snippet into the head or body field. It fires on every Liquid storefront page — home, product, collection, cart, blog, search.
Go to Preferences → Checkout / Order Status Scripts to add code that should run exactly once, on the Thank You page after a successful purchase. This is the right place for Google Ads conversion tags, Facebook Pixel Purchase events, TikTok purchase events, and post-purchase surveys.
The script fires only when a valid order is loaded — the error page ("Order not found") never triggers it. This prevents inflated conversion counts when the thank-you URL is shared or visited without a real order.
In earlier versions, both admin pages wrote to the same configuration field. If you saved Settings after saving Preferences, your conversion tracking would disappear silently. The two injection points now use completely separate storage keys — they cannot interfere with each other.
Cartly storefronts enforce a strict Content Security Policy. Scripts that are not explicitly allowed by the policy are blocked by the browser. Cartly automatically injects the per-request CSP nonce into every <script> tag in your merchant HTML — you do not need to add nonces manually.
Tracking platforms typically give you two script tags to paste (an async loader and an inline config block). Both execute correctly — Cartly parses the HTML and activates each script tag individually.
Platform administrators can disable custom script injection globally via the Platform admin. When disabled, the merchant editor shows a clear explanation. This gives platform operators the governance they need without removing the feature from merchants by default.
How to set up Google Ads conversion tracking →