Skip to main content
Visitors shows the most recent 1,000 hits to each domain on your account, pulled live from the Apache access log. It’s the fastest way to see what is hitting your site right now without downloading anything.
Visitors tool listing domains

Open the view

Click the magnifying-glass icon next to any domain. cPanel renders the last 1,000 access log entries for that domain, newest first.
ColumnWhat it shows
URLThe path requested. Click to open it in a new tab.
HTTP CodeThe status code Apache returned (200, 301, 404, 500, etc).
SizeResponse body size in bytes. 0 means a 304 or empty body.
ReferrerThe page the visitor came from. Often blank or -.
TimeServer time the request was logged.
User AgentBrowser or bot string the client sent.
HostThe visitor’s IP, plus reverse-DNS hostname when one exists.
The magnifying-glass icon on each row opens a detail view with the full request line and any extra headers Apache captured.

What it’s good for

  • Spot a misbehaving bot. Filter by user agent and you’ll see scrapers hammering one URL.
  • Confirm a redirect chain works. Trigger the redirect, refresh the visitor list, see the 301 → 200 sequence.
  • Find the IP behind a complaint. “User reports a 500 on /checkout at 14:32” is one row away.
For anything aggregate (page-by-page totals, daily traffic graphs), use Awstats instead. Visitors is for raw inspection, not analysis.

What it’s not

  • Not real-time. There’s a small lag (under a minute) while the log buffer flushes.
  • Not historical. Beyond the last 1,000 hits the data lives in Raw Access.
  • Not security-only. The list includes all traffic, not just suspicious requests. For abuse triage, look at the error log too.
If a domain is missing from the list, it’s because no requests have hit it since the log was last rotated. Wait a few minutes after launching a new domain before expecting entries here.

Common issues

The log was rotated within the last hour and no new requests have been logged yet. Hit the site once from a private window to confirm. If it’s still empty, check that DNS for the domain points to the server.
Either a search engine crawl (check the user agent: Googlebot, Bingbot, etc.), or an abuse scan. For a real bot you don’t recognize, block the IP via IP Blocker or open a support ticket.
That’s a script you ran against the site, not a real visitor. Filter it out mentally before drawing conclusions about traffic patterns.

Need a hand?