From f2758abc85335aa6d62763bd3694fb9bf73db548 Mon Sep 17 00:00:00 2001
From: Marc Mintel <marc@mintel.me>
Date: Fri, 6 Feb 2026 22:35:49 +0100
Subject: [PATCH] refactor: Standardize Umami analytics environment variables
 to non-public names with fallbacks to `NEXT_PUBLIC_` prefixed versions.

---
 .env                                          |   4 +-
 .env.example                                  |   4 +-
 .env.production                               |   4 +-
 .gitea/workflows/deploy.yml                   |  16 +-
 Dockerfile                                    |   8 +-
 README.md                                     |  55 ++++-
 app/[locale]/layout.tsx                       |   3 +-
 components/analytics/AnalyticsProvider.tsx    |  35 +---
 docs/DEPLOYMENT.md                            |  75 ++++---
 docs/ENV_MIGRATION.md                         |  61 +++---
 lib/config.ts                                 |  10 +-
 lib/env.ts                                    |  13 +-
 .../analytics/umami-analytics-service.ts      | 196 +++++++-----------
 lib/services/create-services.ts               |   2 +-
 next.config.mjs                               |   2 +-
 15 files changed, 243 insertions(+), 245 deletions(-)

diff --git a/.env b/.env
index 7523ee9f..ab749cb0 100644
--- a/.env
+++ b/.env
@@ -1,8 +1,8 @@
 # Application
 NODE_ENV=production
 NEXT_PUBLIC_BASE_URL=https://klz-cables.com
-UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
-NEXT_PUBLIC_UMAMI_WEBSITE_ID=59a7db94-0100-4c7e-98ef-99f45b17f9c3
+UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me
+UMAMI_WEBSITE_ID=59a7db94-0100-4c7e-98ef-99f45b17f9c3
 SENTRY_DSN=https://c10957d0182245b1a2a806ac2d34a197@errors.infra.mintel.me/1
 LOG_LEVEL=info
 
diff --git a/.env.example b/.env.example
index f2fa2702..64642189 100644
--- a/.env.example
+++ b/.env.example
@@ -20,8 +20,8 @@ TARGET=development
 # Analytics (Umami)
 # ────────────────────────────────────────────────────────────────────────────
 # Optional: Leave empty to disable analytics
-NEXT_PUBLIC_UMAMI_WEBSITE_ID=
-NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
+UMAMI_WEBSITE_ID=
+UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me
 
 # ────────────────────────────────────────────────────────────────────────────
 # Error Tracking (GlitchTip/Sentry)
diff --git a/.env.production b/.env.production
index 0d41ad03..8e779c14 100644
--- a/.env.production
+++ b/.env.production
@@ -12,8 +12,8 @@ NODE_ENV=production
 NEXT_PUBLIC_BASE_URL=https://klz-cables.com
 
 # Analytics (Umami)
-NEXT_PUBLIC_UMAMI_WEBSITE_ID=
-NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
+UMAMI_WEBSITE_ID=
+UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me
 
 # Error Tracking (GlitchTip/Sentry)
 SENTRY_DSN=
diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 7f379d8f..4e756abb 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -198,16 +198,16 @@ jobs:
           IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
           TARGET:    ${{ needs.prepare.outputs.target }}
           NEXT_PUBLIC_BASE_URL:          ${{ needs.prepare.outputs.next_public_base_url }}
-          NEXT_PUBLIC_UMAMI_WEBSITE_ID:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.TESTING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID) }}
-          NEXT_PUBLIC_UMAMI_SCRIPT_URL:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.TESTING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL) }}
+          UMAMI_WEBSITE_ID:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.TESTING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID) }}
+          UMAMI_API_ENDPOINT:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.TESTING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL) }}
           DIRECTUS_URL:                  ${{ needs.prepare.outputs.directus_url }}
         run: |
           docker buildx build \
             --pull \
             --platform linux/arm64 \
             --build-arg NEXT_PUBLIC_BASE_URL="$NEXT_PUBLIC_BASE_URL" \
-            --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID="$NEXT_PUBLIC_UMAMI_WEBSITE_ID" \
-            --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL="$NEXT_PUBLIC_UMAMI_SCRIPT_URL" \
+            --build-arg UMAMI_WEBSITE_ID="$UMAMI_WEBSITE_ID" \
+            --build-arg UMAMI_API_ENDPOINT="$UMAMI_API_ENDPOINT" \
             --build-arg NEXT_PUBLIC_TARGET="$TARGET" \
             --build-arg DIRECTUS_URL="$DIRECTUS_URL" \
             -t registry.infra.mintel.me/mintel/klz-cables.com:$IMAGE_TAG \
@@ -231,8 +231,8 @@ jobs:
       ENV_FILE:             ${{ needs.prepare.outputs.env_file }}
       TRAEFIK_HOST:         ${{ needs.prepare.outputs.traefik_host }}
       NEXT_PUBLIC_BASE_URL:          ${{ needs.prepare.outputs.next_public_base_url }}
-      NEXT_PUBLIC_UMAMI_WEBSITE_ID:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.TESTING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID) }}
-      NEXT_PUBLIC_UMAMI_SCRIPT_URL:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.TESTING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL) }}
+      UMAMI_WEBSITE_ID:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.TESTING_NEXT_PUBLIC_UMAMI_WEBSITE_ID  || secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID) }}
+      UMAMI_API_ENDPOINT:  ${{ needs.prepare.outputs.target == 'production' && secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL  || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.TESTING_NEXT_PUBLIC_UMAMI_SCRIPT_URL  || secrets.NEXT_PUBLIC_UMAMI_SCRIPT_URL) }}
       SENTRY_DSN:                    ${{ secrets.SENTRY_DSN                    || vars.SENTRY_DSN                    || (needs.prepare.outputs.target == 'production' && secrets.SENTRY_DSN                    || (needs.prepare.outputs.target == 'staging' && secrets.STAGING_SENTRY_DSN                    || secrets.TESTING_SENTRY_DSN                    || secrets.SENTRY_DSN)) }}
       MAIL_HOST:                     ${{ secrets.MAIL_HOST || vars.MAIL_HOST || (needs.prepare.outputs.target == 'production' && (secrets.MAIL_HOST || vars.MAIL_HOST) || (needs.prepare.outputs.target == 'staging' && (secrets.STAGING_MAIL_HOST || vars.STAGING_MAIL_HOST) || (secrets.TESTING_MAIL_HOST || vars.TESTING_MAIL_HOST) || (secrets.MAIL_HOST || vars.MAIL_HOST))) }}
       MAIL_PORT:                     ${{ secrets.MAIL_PORT || vars.MAIL_PORT || (needs.prepare.outputs.target == 'production' && (secrets.MAIL_PORT || vars.MAIL_PORT) || (needs.prepare.outputs.target == 'staging' && (secrets.STAGING_MAIL_PORT || vars.STAGING_MAIL_PORT) || (secrets.TESTING_MAIL_PORT || vars.TESTING_MAIL_PORT) || (secrets.MAIL_PORT || vars.MAIL_PORT))) }}
@@ -273,8 +273,8 @@ jobs:
           NODE_ENV=production
           NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
           NEXT_PUBLIC_TARGET=$TARGET
-          NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
-          NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
+          UMAMI_WEBSITE_ID=$UMAMI_WEBSITE_ID
+          UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT
           SENTRY_DSN=$SENTRY_DSN
           LOG_LEVEL=$( [[ "$TARGET" == "testing" || "$TARGET" == "development" ]] && echo "debug" || echo "info" )
           MAIL_HOST=$MAIL_HOST
diff --git a/Dockerfile b/Dockerfile
index 9a1ede8a..34f68483 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,14 +25,18 @@ ENV NEXT_TELEMETRY_DISABLED=1
 # Build-time environment variables for Next.js
 # These are baked into the client bundle during build
 ARG NEXT_PUBLIC_BASE_URL
+ARG NEXT_PUBLIC_BASE_URL
+ARG UMAMI_WEBSITE_ID
 ARG NEXT_PUBLIC_UMAMI_WEBSITE_ID
+ARG UMAMI_API_ENDPOINT
+ARG UMAMI_SCRIPT_URL
 ARG NEXT_PUBLIC_UMAMI_SCRIPT_URL
 ARG NEXT_PUBLIC_TARGET
 ARG DIRECTUS_URL
 
 ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
-ENV NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
-ENV NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ENV UMAMI_WEBSITE_ID=${UMAMI_WEBSITE_ID:-$NEXT_PUBLIC_UMAMI_WEBSITE_ID}
+ENV UMAMI_API_ENDPOINT=${UMAMI_API_ENDPOINT:-${UMAMI_SCRIPT_URL:-$NEXT_PUBLIC_UMAMI_SCRIPT_URL}}
 ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET
 ENV DIRECTUS_URL=$DIRECTUS_URL
 
diff --git a/README.md b/README.md
index 093e10ba..f09b12fa 100644
--- a/README.md
+++ b/README.md
@@ -5,11 +5,13 @@ A complete WordPress to Next.js static site migration for KLZ Cables, transformi
 ## 🚀 Quick Start
 
 ### Prerequisites
-- Node.js 18+ 
+
+- Node.js 18+
 - npm or yarn
 
 ### Installation
-```bash
+
+````bash
 # Install dependencies
 npm install --legacy-peer-deps
 
@@ -42,11 +44,12 @@ npm run cms:logs
 
 # Stop the CMS
 npm run cms:stop
-```
+````
 
 Once running, you can access the Strapi admin panel at `http://localhost:1337/admin`.
 
 ### 🔄 Data & Migration
+
 To sync data or migrate existing content:
 
 ```bash
@@ -61,6 +64,7 @@ npm run cms:migrate
 ```
 
 ### Environment Variables
+
 ```bash
 # .env
 SITE_URL=https://klz-cables.com
@@ -69,8 +73,8 @@ TURNSTILE_SITE_KEY=your_turnstile_key
 TURNSTILE_SECRET_KEY=your_turnstile_secret
 
 # Umami
-NEXT_PUBLIC_UMAMI_WEBSITE_ID=your_umami_website_id
-NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
+UMAMI_WEBSITE_ID=your_umami_website_id
+UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me
 
 # GlitchTip (Sentry compatible)
 SENTRY_DSN=https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
@@ -81,6 +85,7 @@ NEXT_PUBLIC_SENTRY_DSN=https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
 ## 📊 Project Overview
 
 ### Migration Statistics
+
 - **Content Exported**: 141 items
   - 18 pages (9 EN + 9 DE)
   - 59 posts (29 EN + 30 DE)
@@ -91,6 +96,7 @@ NEXT_PUBLIC_SENTRY_DSN=https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
 - **Translation Pairs**: 16
 
 ### Performance Benefits
+
 - **Before**: Dynamic WordPress with database queries
 - **After**: Static HTML with CDN delivery
 - **Load Time**: <100ms (vs 500ms+)
@@ -99,6 +105,7 @@ NEXT_PUBLIC_SENTRY_DSN=https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
 ## 🏗️ Architecture
 
 ### Tech Stack
+
 - **Framework**: Next.js 14 (App Router)
 - **Language**: TypeScript
 - **Styling**: SCSS
@@ -109,6 +116,7 @@ NEXT_PUBLIC_SENTRY_DSN=https://PUBLIC_KEY@errors.infra.mintel.me/PROJECT_ID
 - **CAPTCHA**: Cloudflare Turnstile
 
 ### Project Structure
+
 ```
 app/
 ├── layout.tsx          # Root layout
@@ -163,6 +171,7 @@ scripts/
 ## 🎯 Features
 
 ### ✅ Implemented
+
 - **Multi-language**: EN/DE with `/de/` prefix routing
 - **Contact Forms**: Resend integration with validation
 - **GDPR Compliance**: Cookie consent banner
@@ -175,12 +184,14 @@ scripts/
 - **Asset Management**: WordPress → local path mapping
 
 ### 🔄 In Progress
+
 - Analytics integration (consent-based)
 - Turnstile CAPTCHA
 - Build testing
 - Deployment configuration
 
 ### 📝 Remaining
+
 - Performance optimization
 - Final QA testing
 - Documentation updates
@@ -188,6 +199,7 @@ scripts/
 ## 📝 Content Management
 
 ### Data Export
+
 ```bash
 # Export from WordPress
 npm run data:export
@@ -203,6 +215,7 @@ npm run data:improve-mapping
 ```
 
 ### Adding New Content
+
 1. Export new content from WordPress
 2. Process the data
 3. Rebuild the site
@@ -210,17 +223,20 @@ npm run data:improve-mapping
 ## 🎨 Design System
 
 ### Colors
+
 - Primary: `#0066cc` (KLZ Blue)
 - Secondary: `#00a896` (Teal)
 - Text: `#1a1a1a`
 - Background: `#f8f9fa`
 
 ### Typography
+
 - Font: Inter
 - Base: 16px
 - Scale: 1.25 (Major Third)
 
 ### Layout
+
 - Max width: 1200px
 - Responsive grid
 - Mobile-first
@@ -228,6 +244,7 @@ npm run data:improve-mapping
 ## 🔧 API Endpoints
 
 ### Contact Form
+
 ```
 POST /api/contact
 {
@@ -239,11 +256,13 @@ POST /api/contact
 ```
 
 ### Sitemap
+
 ```
 GET /sitemap.xml
 ```
 
 ### Robots
+
 ```
 GET /robots.txt
 ```
@@ -261,6 +280,7 @@ The project uses **Gitea Actions** for CI/CD. Every push to `main` or `staging`
 **Workflow**: `.gitea/workflows/deploy.yml`
 
 **Branch Deployments**:
+
 - `main` branch: Deploys to production using `.env.prod`
 - `staging` branch: Deploys to staging using `.env.staging`
 
@@ -268,12 +288,13 @@ The project uses **Gitea Actions** for CI/CD. Every push to `main` or `staging`
 The CI/CD workflow supports `STAGING_`-prefixed secrets (e.g., `STAGING_NEXT_PUBLIC_BASE_URL`) to override default secrets when deploying the `staging` branch.
 
 **Required Secrets** (configure in Gitea repository settings):
+
 - `REGISTRY_USER` - Docker registry username
 - `REGISTRY_PASS` - Docker registry password
 - `ALPHA_SSH_KEY` - SSH private key for deployment
 - `NEXT_PUBLIC_BASE_URL` - Application base URL (e.g., `https://klz-cables.com`)
-- `NEXT_PUBLIC_UMAMI_WEBSITE_ID` - Analytics ID
-- `NEXT_PUBLIC_UMAMI_SCRIPT_URL` - Analytics script URL
+- `UMAMI_WEBSITE_ID` - Analytics ID
+- `UMAMI_API_ENDPOINT` - Analytics API endpoint (formerly NEXT_PUBLIC_UMAMI_SCRIPT_URL)
 - `SENTRY_DSN` - Error tracking DSN
 - `MAIL_HOST`, `MAIL_PORT`, `MAIL_USERNAME`, `MAIL_PASSWORD`, `MAIL_FROM`, `MAIL_RECIPIENTS` - Email configuration
 
@@ -293,6 +314,7 @@ docker image prune -f
 ```
 
 Or use the convenience script:
+
 ```bash
 bash scripts/deploy-webhook.sh
 ```
@@ -304,11 +326,13 @@ Client → Traefik (TLS) → Next.js App
 ```
 
 **Domains**:
+
 - `klz-cables.com` - Production
 - `www.klz-cables.com` - Production (www)
 - `staging.klz-cables.com` - Staging
 
 **Services**:
+
 - `app`: Next.js application (port 3000)
 - `traefik`: Reverse proxy (external)
 
@@ -317,25 +341,30 @@ For detailed deployment documentation, see [`docs/DEPLOYMENT.md`](docs/DEPLOYMEN
 ## 📈 Performance
 
 ### Build Time
+
 - **Target**: < 2 minutes
 - **Current**: ~1-2 minutes
 
 ### Page Load
+
 - **Target**: < 100ms
 - **Current**: Static HTML from CDN
 
 ### Bundle Size
+
 - **Target**: < 100KB gzipped
 - **Current**: Optimized with code splitting
 
 ## 🔒 Security
 
 ### Environment Variables
+
 - Never commit `.env` file
 - Rotate keys regularly
 - Use secrets in deployment platform
 
 ### Form Security
+
 - Email validation
 - Rate limiting (recommended)
 - Turnstile CAPTCHA (pending)
@@ -343,6 +372,7 @@ For detailed deployment documentation, see [`docs/DEPLOYMENT.md`](docs/DEPLOYMEN
 ## 🎓 WordPress Specifics
 
 ### WPBakery Shortcodes Removed
+
 - `[vc_row]`, `[vc_column]`, `[vc_column_text]`
 - `[nectar_*]` (Salient theme)
 - `[image_with_animation]`
@@ -350,13 +380,16 @@ For detailed deployment documentation, see [`docs/DEPLOYMENT.md`](docs/DEPLOYMEN
 - `[divider]`
 
 ### HTML Sanitization
+
 - Removes inline event handlers
 - Strips scripts
 - Normalizes classes
 - Preserves structure
 
 ### Asset Mapping
+
 WordPress URLs → Local paths:
+
 ```
 https://klz-cables.com/wp-content/uploads/... → /media/...
 ```
@@ -364,11 +397,13 @@ https://klz-cables.com/wp-content/uploads/... → /media/...
 ## 📚 Documentation
 
 ### Internal
+
 - `PROJECT_STRUCTURE.md` - Detailed structure
 - `IMPLEMENTATION_SUMMARY.md` - Progress tracking
 - `FINAL_SUMMARY.md` - Complete overview
 
 ### External
+
 - [Next.js Docs](https://nextjs.org/docs)
 - [WordPress REST API](https://developer.wordpress.org/rest-api/)
 - [Resend Docs](https://resend.com/docs)
@@ -379,17 +414,20 @@ https://klz-cables.com/wp-content/uploads/... → /media/...
 ### Common Issues
 
 **TypeScript Errors**
+
 - The TypeScript errors shown in the editor are expected
 - They occur because modules reference each other
 - The build process resolves these correctly
 - Run `npm run build` to verify
 
 **Build Failures**
+
 - Check environment variables
 - Verify data files exist
 - Clear `.next` cache: `rm -rf .next`
 
 **Missing Modules**
+
 - Run `npm install --legacy-peer-deps`
 - Check `package.json` dependencies
 
@@ -404,11 +442,12 @@ https://klz-cables.com/wp-content/uploads/... → /media/...
 ✅ **i18n**: Multi-language support  
 ✅ **SEO**: Metadata and sitemaps  
 ✅ **Compatibility**: WPBakery content handled  
-✅ **Media**: All images downloaded  
+✅ **Media**: All images downloaded
 
 ## 📞 Support
 
 For issues or questions:
+
 1. Check the documentation
 2. Review the troubleshooting section
 3. Check environment variables
diff --git a/app/[locale]/layout.tsx b/app/[locale]/layout.tsx
index fff060f6..257f8c32 100644
--- a/app/[locale]/layout.tsx
+++ b/app/[locale]/layout.tsx
@@ -8,6 +8,7 @@ import { NextIntlClientProvider } from 'next-intl';
 import { getMessages } from 'next-intl/server';
 import '../../styles/globals.css';
 import { SITE_URL } from '@/lib/schema';
+import { config } from '@/lib/config';
 
 export const metadata: Metadata = {
   metadataBase: new URL(SITE_URL),
@@ -51,7 +52,7 @@ export default async function LocaleLayout({
           <CMSConnectivityNotice />
 
           {/* Sends pageviews for client-side navigations */}
-          <AnalyticsProvider />
+          <AnalyticsProvider websiteId={config.analytics.umami.websiteId} />
         </NextIntlClientProvider>
       </body>
     </html>
diff --git a/components/analytics/AnalyticsProvider.tsx b/components/analytics/AnalyticsProvider.tsx
index 30feb149..27b9ffb9 100644
--- a/components/analytics/AnalyticsProvider.tsx
+++ b/components/analytics/AnalyticsProvider.tsx
@@ -3,7 +3,6 @@
 import { useEffect } from 'react';
 import { usePathname, useSearchParams } from 'next/navigation';
 import { getAppServices } from '@/lib/services/create-services';
-import Script from 'next/script';
 
 /**
  * AnalyticsProvider Component
@@ -11,49 +10,35 @@ import Script from 'next/script';
  * Automatically tracks pageviews on client-side route changes.
  * This component should be placed inside your layout to handle navigation events.
  *
+ * @param {Object} props - Component props
+ * @param {string} [props.websiteId] - The Umami website ID (passed from server config)
+ *
  * @example
  * ```tsx
  * // In your layout.tsx
- * <NextIntlClientProvider messages={messages} locale={locale}>
- *   <UmamiScript />
- *   <Header />
- *   <main>{children}</main>
- *   <Footer />
- *   <AnalyticsProvider />
- * </NextIntlClientProvider>
+ * const { websiteId } = config.analytics.umami;
+ * <AnalyticsProvider websiteId={websiteId} />
  * ```
  */
-export default function AnalyticsProvider() {
+export default function AnalyticsProvider({ websiteId }: { websiteId?: string }) {
   const pathname = usePathname();
   const searchParams = useSearchParams();
 
   useEffect(() => {
     if (!pathname) return;
-    
+
     const services = getAppServices();
     const url = `${pathname}${searchParams?.size ? `?${searchParams.toString()}` : ''}`;
-    
+
     // Track pageview with the full URL
     services.analytics.trackPageview(url);
-    
+
     if (process.env.NODE_ENV === 'development') {
       console.log('[Umami] Tracked pageview:', url);
     }
   }, [pathname, searchParams]);
 
-  const websiteId = process.env.NEXT_PUBLIC_UMAMI_WEBSITE_ID;
   if (!websiteId) return null;
 
-  return (
-    <Script
-      id="umami-analytics"
-      src="/stats/script.js"
-      data-website-id={websiteId}
-      data-host-url="/stats"
-      strategy="afterInteractive"
-      data-domains="klz-cables.com"
-      defer
-    />
-  );
+  return null;
 }
-
diff --git a/docs/DEPLOYMENT.md b/docs/DEPLOYMENT.md
index e5150d10..16f81271 100644
--- a/docs/DEPLOYMENT.md
+++ b/docs/DEPLOYMENT.md
@@ -42,15 +42,15 @@ The application uses a clean, robust, **fully automated** environment variable s
 
 ## Environment Variables
 
-### Build-Time Variables (NEXT_PUBLIC_*)
+### Build-Time Variables (NEXT*PUBLIC*\*)
 
 These are embedded into the JavaScript bundle during build and are visible to the client:
 
-| Variable | Required | Description |
-|----------|----------|-------------|
-| `NEXT_PUBLIC_BASE_URL` | ✅ Yes | Base URL of the application (e.g., `https://klz-cables.com`) |
-| `NEXT_PUBLIC_UMAMI_WEBSITE_ID` | ❌ No | Umami analytics website ID |
-| `NEXT_PUBLIC_UMAMI_SCRIPT_URL` | ❌ No | Umami analytics script URL (default: `https://analytics.infra.mintel.me/script.js`) |
+| Variable               | Required | Description                                                  |
+| ---------------------- | -------- | ------------------------------------------------------------ |
+| `NEXT_PUBLIC_BASE_URL` | ✅ Yes   | Base URL of the application (e.g., `https://klz-cables.com`) |
+| `UMAMI_WEBSITE_ID`     | ❌ No    | Umami analytics website ID (passed as prop)                  |
+| `UMAMI_API_ENDPOINT`   | ❌ No    | Backend-only Umami analytics API target (internal)           |
 
 **Important**: These must be provided as `--build-arg` when building the Docker image.
 
@@ -58,38 +58,40 @@ These are embedded into the JavaScript bundle during build and are visible to th
 
 These are loaded from the `.env` file at runtime and are only available on the server:
 
-| Variable | Required | Description |
-|----------|----------|-------------|
-| `NODE_ENV` | ✅ Yes | Environment mode (`production`, `development`, `test`) |
-| `SENTRY_DSN` | ❌ No | GlitchTip/Sentry error tracking DSN |
-| `MAIL_HOST` | ❌ No | SMTP server hostname |
-| `MAIL_PORT` | ❌ No | SMTP server port (default: `587`) |
-| `MAIL_USERNAME` | ❌ No | SMTP authentication username |
-| `MAIL_PASSWORD` | ❌ No | SMTP authentication password |
-| `MAIL_FROM` | ❌ No | Email sender address |
-| `MAIL_RECIPIENTS` | ❌ No | Comma-separated list of recipient emails |
-| `REDIS_URL` | ❌ No | Redis connection URL (e.g., `redis://redis:6379/2`) |
-| `REDIS_KEY_PREFIX` | ❌ No | Redis key prefix (default: `klz:`) |
-| `STRAPI_DATABASE_NAME` | ✅ Yes | Strapi database name |
-| `STRAPI_DATABASE_USERNAME` | ✅ Yes | Strapi database username |
-| `STRAPI_DATABASE_PASSWORD` | ✅ Yes | Strapi database password |
-| `STRAPI_URL` | ✅ Yes | URL of the Strapi CMS |
-| `APP_KEYS` | ✅ Yes | Strapi application keys (comma-separated) |
-| `API_TOKEN_SALT` | ✅ Yes | Strapi API token salt |
-| `ADMIN_JWT_SECRET` | ✅ Yes | Strapi admin JWT secret |
-| `TRANSFER_TOKEN_SALT` | ✅ Yes | Strapi transfer token salt |
-| `JWT_SECRET` | ✅ Yes | Strapi JWT secret |
+| Variable                   | Required | Description                                            |
+| -------------------------- | -------- | ------------------------------------------------------ |
+| `NODE_ENV`                 | ✅ Yes   | Environment mode (`production`, `development`, `test`) |
+| `SENTRY_DSN`               | ❌ No    | GlitchTip/Sentry error tracking DSN                    |
+| `MAIL_HOST`                | ❌ No    | SMTP server hostname                                   |
+| `MAIL_PORT`                | ❌ No    | SMTP server port (default: `587`)                      |
+| `MAIL_USERNAME`            | ❌ No    | SMTP authentication username                           |
+| `MAIL_PASSWORD`            | ❌ No    | SMTP authentication password                           |
+| `MAIL_FROM`                | ❌ No    | Email sender address                                   |
+| `MAIL_RECIPIENTS`          | ❌ No    | Comma-separated list of recipient emails               |
+| `REDIS_URL`                | ❌ No    | Redis connection URL (e.g., `redis://redis:6379/2`)    |
+| `REDIS_KEY_PREFIX`         | ❌ No    | Redis key prefix (default: `klz:`)                     |
+| `STRAPI_DATABASE_NAME`     | ✅ Yes   | Strapi database name                                   |
+| `STRAPI_DATABASE_USERNAME` | ✅ Yes   | Strapi database username                               |
+| `STRAPI_DATABASE_PASSWORD` | ✅ Yes   | Strapi database password                               |
+| `STRAPI_URL`               | ✅ Yes   | URL of the Strapi CMS                                  |
+| `APP_KEYS`                 | ✅ Yes   | Strapi application keys (comma-separated)              |
+| `API_TOKEN_SALT`           | ✅ Yes   | Strapi API token salt                                  |
+| `ADMIN_JWT_SECRET`         | ✅ Yes   | Strapi admin JWT secret                                |
+| `TRANSFER_TOKEN_SALT`      | ✅ Yes   | Strapi transfer token salt                             |
+| `JWT_SECRET`               | ✅ Yes   | Strapi JWT secret                                      |
 
 ## Local Development
 
 ### Setup
 
 1. Copy the example environment file:
+
    ```bash
    cp .env.example .env
    ```
 
 2. Edit `.env` and fill in your local configuration:
+
    ```bash
    NODE_ENV=development
    NEXT_PUBLIC_BASE_URL=http://localhost:3000
@@ -97,6 +99,7 @@ These are loaded from the `.env` file at runtime and are only available on the s
    ```
 
 3. Install dependencies:
+
    ```bash
    npm install
    ```
@@ -112,8 +115,8 @@ These are loaded from the `.env` file at runtime and are only available on the s
 # Build with build-time arguments
 docker build \
   --build-arg NEXT_PUBLIC_BASE_URL=http://localhost:3000 \
-  --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID=your-id \
-  --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js \
+  --build-arg UMAMI_WEBSITE_ID=your-id \
+  --build-arg UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me \
   -t klz-cables:local .
 
 # Run with runtime environment file
@@ -138,8 +141,8 @@ docker run --env-file .env -p 3000:3000 klz-cables:local
 
    **Build-Time Variables:**
    - `NEXT_PUBLIC_BASE_URL` - Production URL (e.g., `https://klz-cables.com`)
-   - `NEXT_PUBLIC_UMAMI_WEBSITE_ID` - Umami analytics ID
-   - `NEXT_PUBLIC_UMAMI_SCRIPT_URL` - Umami script URL
+   - `UMAMI_WEBSITE_ID` - Umami analytics ID
+   - `UMAMI_API_ENDPOINT` - Umami API endpoint
 
    **Runtime Variables:**
    - `SENTRY_DSN` - Error tracking DSN
@@ -209,11 +212,12 @@ docker-compose logs -f app
 **Problem**: Build fails with "Environment validation failed"
 
 **Solution**: Ensure all required `NEXT_PUBLIC_*` variables are provided as build arguments:
+
 ```bash
 docker build \
   --build-arg NEXT_PUBLIC_BASE_URL=https://klz-cables.com \
-  --build-arg NEXT_PUBLIC_UMAMI_WEBSITE_ID=your-id \
-  --build-arg NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js \
+  --build-arg UMAMI_WEBSITE_ID=your-id \
+  --build-arg UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me \
   -t klz-cables .
 ```
 
@@ -222,6 +226,7 @@ docker build \
 **Problem**: Container starts but application crashes
 
 **Solution**: Check that the `.env` file exists and contains all required runtime variables:
+
 ```bash
 # On the server
 cat /home/deploy/sites/klz-cables.com/.env
@@ -235,9 +240,11 @@ docker-compose logs app
 **Problem**: Features not working (email, analytics, etc.)
 
 **Solution**:
+
 1. Check that the secret is configured in Gitea
 2. Verify the workflow includes it in the `.env` generation (see `.gitea/workflows/deploy.yml`)
 3. Redeploy to regenerate the `.env` file:
+
    ```bash
    git commit --allow-empty -m "Trigger redeploy"
    git push origin main
@@ -255,6 +262,7 @@ docker-compose logs app
 **Problem**: `docker-compose up` fails with "env file not found"
 
 **Solution**: The `.env` file should be automatically created by the workflow. If it's missing:
+
 1. Check the workflow logs for errors in the "📝 Preparing environment configuration" step
 2. Manually trigger a deployment by pushing to main
 3. If still missing, check server permissions and disk space
@@ -264,6 +272,7 @@ docker-compose logs app
 **Problem**: Container can't connect to Traefik
 
 **Solution**: Verify the `infra` network exists:
+
 ```bash
 docker network ls | grep infra
 docker network inspect infra
diff --git a/docs/ENV_MIGRATION.md b/docs/ENV_MIGRATION.md
index 3796a613..8806b960 100644
--- a/docs/ENV_MIGRATION.md
+++ b/docs/ENV_MIGRATION.md
@@ -7,29 +7,31 @@ This guide helps you migrate from the old fragile environment variable setup to
 ### Before (Fragile & Overkill)
 
 ❌ **Problems:**
+
 - Environment variables passed individually via SSH (12+ vars)
 - Duplicate definitions in Dockerfile, docker-compose.yml, and deploy.yml
-- Build args included runtime-only variables (SENTRY_DSN, MAIL_*, REDIS_*)
+- Build args included runtime-only variables (SENTRY*DSN, MAIL*_, REDIS\__)
 - No single source of truth
 - Difficult to maintain and error-prone
 
 ```yaml
 # Old deploy.yml - FRAGILE!
 ssh root@alpha.mintel.me \
-  "MAIL_FROM='${{ secrets.MAIL_FROM }}' \
-   MAIL_HOST='${{ secrets.MAIL_HOST }}' \
-   MAIL_PASSWORD='${{ secrets.MAIL_PASSWORD }}' \
-   MAIL_PORT='${{ secrets.MAIL_PORT }}' \
-   MAIL_RECIPIENTS='${{ secrets.MAIL_RECIPIENTS }}' \
-   MAIL_USERNAME='${{ secrets.MAIL_USERNAME }}' \
-   NEXT_PUBLIC_BASE_URL='${{ secrets.NEXT_PUBLIC_BASE_URL }}' \
-   ... (12+ variables) \
-   /home/deploy/deploy.sh"
+"MAIL_FROM='${{ secrets.MAIL_FROM }}' \
+MAIL_HOST='${{ secrets.MAIL_HOST }}' \
+MAIL_PASSWORD='${{ secrets.MAIL_PASSWORD }}' \
+MAIL_PORT='${{ secrets.MAIL_PORT }}' \
+MAIL_RECIPIENTS='${{ secrets.MAIL_RECIPIENTS }}' \
+MAIL_USERNAME='${{ secrets.MAIL_USERNAME }}' \
+NEXT_PUBLIC_BASE_URL='${{ secrets.NEXT_PUBLIC_BASE_URL }}' \
+... (12+ variables) \
+/home/deploy/deploy.sh"
 ```
 
 ### After (Clean & Robust)
 
 ✅ **Benefits:**
+
 - Single `.env` file on server contains all runtime variables
 - Only `NEXT_PUBLIC_*` variables passed as build args (3 vars)
 - Clear separation: build-time vs runtime
@@ -46,6 +48,7 @@ ssh root@alpha.mintel.me "/home/deploy/deploy.sh"
 ### Step 1: Update Gitea Secrets
 
 **Remove these secrets** (no longer needed in CI/CD):
+
 - ❌ `MAIL_FROM`
 - ❌ `MAIL_HOST`
 - ❌ `MAIL_PASSWORD`
@@ -58,9 +61,11 @@ ssh root@alpha.mintel.me "/home/deploy/deploy.sh"
 - ❌ `SENTRY_DSN` (from build args)
 
 **Keep these secrets** (still needed for build):
+
 - ✅ `NEXT_PUBLIC_BASE_URL`
-- ✅ `NEXT_PUBLIC_UMAMI_WEBSITE_ID`
-- ✅ `NEXT_PUBLIC_UMAMI_SCRIPT_URL`
+- ✅ `NEXT_PUBLIC_BASE_URL`
+- ✅ `UMAMI_WEBSITE_ID`
+- ✅ `UMAMI_API_ENDPOINT`
 - ✅ `REGISTRY_USER`
 - ✅ `REGISTRY_PASS`
 - ✅ `ALPHA_SSH_KEY`
@@ -81,8 +86,8 @@ NODE_ENV=production
 NEXT_PUBLIC_BASE_URL=https://klz-cables.com
 
 # Analytics
-NEXT_PUBLIC_UMAMI_WEBSITE_ID=your-actual-id
-NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
+UMAMI_WEBSITE_ID=your-actual-id
+UMAMI_API_ENDPOINT=https://analytics.infra.mintel.me
 
 # Error Tracking
 SENTRY_DSN=your-actual-dsn
@@ -168,6 +173,7 @@ git push origin main
 ```
 
 The CI/CD workflow will:
+
 1. Build with only `NEXT_PUBLIC_*` build args
 2. Push to registry
 3. SSH to server and run deploy.sh
@@ -197,21 +203,22 @@ curl -I https://klz-cables.com
 
 ## Comparison Table
 
-| Aspect | Before | After |
-|--------|--------|-------|
-| **Gitea Secrets** | 15+ secrets | 8 secrets |
-| **Build Args** | 4 vars (including runtime-only) | 3 vars (NEXT_PUBLIC_* only) |
-| **Runtime Vars** | Passed via SSH command | Loaded from .env file |
-| **Maintenance** | Update in 3 places | Update in 1 place |
-| **Security** | Secrets in CI logs | Secrets only on server |
-| **Clarity** | Confusing duplication | Clear separation |
-| **Robustness** | Fragile SSH command | Robust file-based config |
+| Aspect            | Before                          | After                        |
+| ----------------- | ------------------------------- | ---------------------------- |
+| **Gitea Secrets** | 15+ secrets                     | 8 secrets                    |
+| **Build Args**    | 4 vars (including runtime-only) | 3 vars (NEXT*PUBLIC*\* only) |
+| **Runtime Vars**  | Passed via SSH command          | Loaded from .env file        |
+| **Maintenance**   | Update in 3 places              | Update in 1 place            |
+| **Security**      | Secrets in CI logs              | Secrets only on server       |
+| **Clarity**       | Confusing duplication           | Clear separation             |
+| **Robustness**    | Fragile SSH command             | Robust file-based config     |
 
 ## Rollback Plan
 
 If you need to rollback to the old system:
 
 1. Revert the changes in git:
+
    ```bash
    git revert HEAD
    git push origin main
@@ -229,7 +236,8 @@ A: `NEXT_PUBLIC_*` variables are special in Next.js - they're embedded into the
 
 **Q: Can I update environment variables without rebuilding?**
 
-A: Yes, for runtime-only variables (MAIL_*, REDIS_*, SENTRY_DSN, etc.). Just edit the `.env` file on the server and restart containers:
+A: Yes, for runtime-only variables (MAIL*\*, REDIS*\*, SENTRY_DSN, etc.). Just edit the `.env` file on the server and restart containers:
+
 ```bash
 nano /home/deploy/sites/klz-cables.com/.env
 docker-compose down && docker-compose up -d
@@ -240,6 +248,7 @@ For `NEXT_PUBLIC_*` variables, you need to rebuild the Docker image since they'r
 **Q: Where should I store the .env file backup?**
 
 A: Keep a secure backup outside the server:
+
 ```bash
 # Download from server
 scp root@alpha.mintel.me:/home/deploy/sites/klz-cables.com/.env \
@@ -250,7 +259,8 @@ scp root@alpha.mintel.me:/home/deploy/sites/klz-cables.com/.env \
 
 **Q: What if I accidentally commit .env to git?**
 
-A: 
+A:
+
 1. Remove it immediately: `git rm .env && git commit -m "Remove .env"`
 2. Rotate all credentials in the file
 3. Update the `.gitignore` to ensure it doesn't happen again (already done)
@@ -267,6 +277,7 @@ If you encounter issues during migration:
 ## Summary
 
 The new system is:
+
 - ✅ **Simpler**: One .env file instead of scattered variables
 - ✅ **Cleaner**: Clear separation of build vs runtime
 - ✅ **Robust**: File-based config instead of fragile SSH commands
diff --git a/lib/config.ts b/lib/config.ts
index e39e2626..d9ccc3e6 100644
--- a/lib/config.ts
+++ b/lib/config.ts
@@ -27,11 +27,9 @@ function createConfig() {
 
     analytics: {
       umami: {
-        websiteId: env.NEXT_PUBLIC_UMAMI_WEBSITE_ID,
-        scriptUrl: env.NEXT_PUBLIC_UMAMI_SCRIPT_URL,
-        // The proxied path used in the frontend
-        proxyPath: '/stats/script.js',
-        enabled: Boolean(env.NEXT_PUBLIC_UMAMI_WEBSITE_ID),
+        websiteId: env.UMAMI_WEBSITE_ID,
+        apiEndpoint: env.UMAMI_API_ENDPOINT,
+        enabled: Boolean(env.UMAMI_WEBSITE_ID),
       },
     },
 
@@ -152,7 +150,7 @@ export function getMaskedConfig() {
     analytics: {
       umami: {
         websiteId: mask(c.analytics.umami.websiteId),
-        scriptUrl: c.analytics.umami.scriptUrl,
+        apiEndpoint: c.analytics.umami.apiEndpoint,
         enabled: c.analytics.umami.enabled,
       },
     },
diff --git a/lib/env.ts b/lib/env.ts
index ef06ab33..01d8e91b 100644
--- a/lib/env.ts
+++ b/lib/env.ts
@@ -15,10 +15,10 @@ export const envSchema = z
     NEXT_PUBLIC_TARGET: z.enum(['development', 'testing', 'staging', 'production']).optional(),
 
     // Analytics
-    NEXT_PUBLIC_UMAMI_WEBSITE_ID: z.preprocess(preprocessEmptyString, z.string().optional()),
-    NEXT_PUBLIC_UMAMI_SCRIPT_URL: z.preprocess(
+    UMAMI_WEBSITE_ID: z.preprocess(preprocessEmptyString, z.string().optional()),
+    UMAMI_API_ENDPOINT: z.preprocess(
       preprocessEmptyString,
-      z.string().url().default('https://analytics.infra.mintel.me/script.js'),
+      z.string().url().default('https://analytics.infra.mintel.me'),
     ),
 
     // Error Tracking
@@ -82,8 +82,11 @@ export function getRawEnv() {
     NODE_ENV: process.env.NODE_ENV,
     NEXT_PUBLIC_BASE_URL: process.env.NEXT_PUBLIC_BASE_URL,
     NEXT_PUBLIC_TARGET: process.env.NEXT_PUBLIC_TARGET,
-    NEXT_PUBLIC_UMAMI_WEBSITE_ID: process.env.NEXT_PUBLIC_UMAMI_WEBSITE_ID,
-    NEXT_PUBLIC_UMAMI_SCRIPT_URL: process.env.NEXT_PUBLIC_UMAMI_SCRIPT_URL,
+    UMAMI_WEBSITE_ID: process.env.UMAMI_WEBSITE_ID || process.env.NEXT_PUBLIC_UMAMI_WEBSITE_ID,
+    UMAMI_API_ENDPOINT:
+      process.env.UMAMI_API_ENDPOINT ||
+      process.env.UMAMI_SCRIPT_URL ||
+      process.env.NEXT_PUBLIC_UMAMI_SCRIPT_URL,
     SENTRY_DSN: process.env.SENTRY_DSN,
     LOG_LEVEL: process.env.LOG_LEVEL,
     MAIL_HOST: process.env.MAIL_HOST,
diff --git a/lib/services/analytics/umami-analytics-service.ts b/lib/services/analytics/umami-analytics-service.ts
index c096c4e7..d77dfe78 100644
--- a/lib/services/analytics/umami-analytics-service.ts
+++ b/lib/services/analytics/umami-analytics-service.ts
@@ -1,14 +1,5 @@
 import type { AnalyticsEventProperties, AnalyticsService } from './analytics-service';
-
-/**
- * Type definition for the Umami global object.
- *
- * This represents the `window.umami` object that the Umami script exposes.
- * The `track` function can accept either an event name or a URL.
- */
-type UmamiGlobal = {
-  track?: (eventOrUrl: string, props?: AnalyticsEventProperties) => void;
-};
+import { config } from '../../config';
 
 /**
  * Configuration options for UmamiAnalyticsService.
@@ -20,133 +11,90 @@ export type UmamiAnalyticsServiceOptions = {
 };
 
 /**
- * Umami Analytics Service Implementation.
+ * Umami Analytics Service Implementation (Script-less/Proxy edition).
  *
- * This service implements the AnalyticsService interface for Umami analytics.
- * It provides type-safe event tracking and pageview tracking.
+ * This version implements the Umami tracking protocol directly via fetch,
+ * eliminating the need to load an external script.js file.
  *
- * @example
- * ```typescript
- * // Service creation (usually done by create-services.ts)
- * const service = new UmamiAnalyticsService({ enabled: true });
- *
- * // Track events
- * service.track('button_click', { button_id: 'cta' });
- * service.trackPageview('/products/123');
- * ```
- *
- * @example
- * ```typescript
- * // Using through the service layer (recommended)
- * import { getAppServices } from '@/lib/services/create-services';
- *
- * const services = getAppServices();
- * services.analytics.track('product_add_to_cart', {
- *   product_id: '123',
- *   price: 99.99,
- * });
- * ```
+ * In the browser, it gathers standard metadata (screen, language, referrer)
+ * and sends it to the proxied '/stats/api/send' endpoint.
  */
 export class UmamiAnalyticsService implements AnalyticsService {
-  constructor(private readonly options: UmamiAnalyticsServiceOptions) {}
+  private websiteId?: string;
+  private endpoint: string;
+
+  constructor(private readonly options: UmamiAnalyticsServiceOptions) {
+    this.websiteId = config.analytics.umami.websiteId;
+
+    // On server, use the full internal URL; on client, use the proxied path
+    this.endpoint = typeof window === 'undefined' ? config.analytics.umami.apiEndpoint : '/stats';
+  }
 
   /**
-   * Track a custom event with optional properties.
-   *
-   * This method checks if analytics are enabled and if we're in a browser environment
-   * before attempting to track the event.
-   *
-   * @param eventName - The name of the event to track
-   * @param props - Optional event properties
-   *
-   * @example
-   * ```typescript
-   * service.track('product_add_to_cart', {
-   *   product_id: '123',
-   *   product_name: 'Cable',
-   *   price: 99.99,
-   *   quantity: 1,
-   * });
-   * ```
+   * Internal method to send the payload to Umami API.
+   */
+  private async sendPayload(type: 'event', data: Record<string, any>) {
+    if (!this.options.enabled || !this.websiteId) return;
+
+    try {
+      const payload = {
+        website: this.websiteId,
+        hostname: typeof window !== 'undefined' ? window.location.hostname : 'server',
+        screen:
+          typeof window !== 'undefined'
+            ? `${window.screen.width}x${window.screen.height}`
+            : undefined,
+        language: typeof window !== 'undefined' ? navigator.language : undefined,
+        referrer: typeof window !== 'undefined' ? document.referrer : undefined,
+        ...data,
+      };
+
+      const response = await fetch(`${this.endpoint}/api/send`, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'User-Agent': typeof window === 'undefined' ? 'KLZ-Server' : navigator.userAgent,
+        },
+        body: JSON.stringify({ type, payload }),
+        // Use keepalive for page navigation events to ensure they complete
+        keepalive: true,
+      } as any);
+
+      if (!response.ok && process.env.NODE_ENV === 'development') {
+        const errorText = await response.text();
+        console.warn(`[Umami] API responded with ${response.status}: ${errorText}`);
+      }
+    } catch (error) {
+      if (process.env.NODE_ENV === 'development') {
+        console.error('[Umami] Failed to send analytics:', error);
+      }
+    }
+  }
+
+  /**
+   * Track a custom event.
    */
   track(eventName: string, props?: AnalyticsEventProperties) {
-    if (!this.options.enabled) return;
-    
-    // Server-side tracking via proxy
-    if (typeof window === 'undefined') {
-      const { getServerAppServices } = require('../create-services.server');
-      const { config } = require('../../config');
-      const websiteId = config.analytics.umami.websiteId;
-      const umamiUrl = config.analytics.umami.scriptUrl.replace('/script.js', '');
-      
-      if (!websiteId) return;
-
-      const logger = getServerAppServices().logger.child({ component: 'analytics' });
-      logger.info('Sending analytics event', { eventName, props });
-
-      fetch(`${umamiUrl}/api/send`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json', 'User-Agent': 'KLZ-Server' },
-        body: JSON.stringify({ type: 'event', payload: { website: websiteId, name: eventName, data: props } }),
-      }).catch((error) => {
-        logger.error('Failed to send analytics event', { eventName, props, error });
-      });
-      return;
-    }
-
-    const umami = (window as unknown as { umami?: UmamiGlobal }).umami;
-    umami?.track?.(eventName, props);
+    this.sendPayload('event', {
+      name: eventName,
+      data: props,
+      url:
+        typeof window !== 'undefined'
+          ? window.location.pathname + window.location.search
+          : undefined,
+    });
   }
 
   /**
    * Track a pageview.
-   *
-   * This method checks if analytics are enabled and if we're in a browser environment
-   * before attempting to track the pageview.
-   *
-   * Umami treats `track(url)` as a pageview override, so we can use the same
-   * `track` function for both events and pageviews.
-   *
-   * @param url - The URL to track (defaults to current location)
-   *
-   * @example
-   * ```typescript
-   * // Track current page
-   * service.trackPageview();
-   *
-   * // Track custom URL
-   * service.trackPageview('/products/123?category=cables');
-   * ```
    */
   trackPageview(url?: string) {
-    if (!this.options.enabled) return;
-
-    // Server-side tracking via proxy
-    if (typeof window === 'undefined') {
-      const { getServerAppServices } = require('../create-services.server');
-      const { config } = require('../../config');
-      const websiteId = config.analytics.umami.websiteId;
-      const umamiUrl = config.analytics.umami.scriptUrl.replace('/script.js', '');
-      
-      if (!websiteId || !url) return;
-
-      const logger = getServerAppServices().logger.child({ component: 'analytics' });
-      logger.info('Sending analytics pageview', { url });
-
-      fetch(`${umamiUrl}/api/send`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json', 'User-Agent': 'KLZ-Server' },
-        body: JSON.stringify({ type: 'event', payload: { website: websiteId, url } }),
-      }).catch((error) => {
-        logger.error('Failed to send analytics pageview', { url, error });
-      });
-      return;
-    }
-
-    const umami = (window as unknown as { umami?: UmamiGlobal }).umami;
-
-    // Umami treats `track(url)` as a pageview override.
-    if (url) umami?.track?.(url);
-    else umami?.track?.(window.location.pathname + window.location.search);
+    this.sendPayload('event', {
+      url:
+        url ||
+        (typeof window !== 'undefined'
+          ? window.location.pathname + window.location.search
+          : undefined),
+    });
   }
 }
diff --git a/lib/services/create-services.ts b/lib/services/create-services.ts
index 31a3b876..6042b880 100644
--- a/lib/services/create-services.ts
+++ b/lib/services/create-services.ts
@@ -28,7 +28,7 @@ let singleton: AppServices | undefined;
  * - Cache service (in-memory)
  *
  * The services are configured based on environment variables:
- * - `NEXT_PUBLIC_UMAMI_WEBSITE_ID` - Enables Umami analytics
+ * - `UMAMI_WEBSITE_ID` - Enables Umami analytics
  * - `NEXT_PUBLIC_SENTRY_DSN` - Enables client-side error reporting
  * - `SENTRY_DSN` - Enables server-side error reporting
  *
diff --git a/next.config.mjs b/next.config.mjs
index ad31d2e5..c1788134 100644
--- a/next.config.mjs
+++ b/next.config.mjs
@@ -322,7 +322,7 @@ const nextConfig = {
     contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;",
   },
   async rewrites() {
-    const umamiUrl = (process.env.NEXT_PUBLIC_UMAMI_SCRIPT_URL || 'https://analytics.infra.mintel.me').replace('/script.js', '');
+    const umamiUrl = (process.env.UMAMI_API_ENDPOINT || process.env.UMAMI_SCRIPT_URL || process.env.NEXT_PUBLIC_UMAMI_SCRIPT_URL || 'https://analytics.infra.mintel.me');
     const glitchtipUrl = process.env.SENTRY_DSN
       ? new URL(process.env.SENTRY_DSN).origin
       : 'https://errors.infra.mintel.me';