Client-side JavaScript Agent

The client-side JS agent is required for displaying challenge pages, and collects additional telemetry to improve threat detection and visitor categorisation.

Challenges are served within an iframe when a VerifiedVisitors mitigating response is detected. This works by listening for fetch and XMLHttpRequest calls from the browser and checking the responses sent by a server-side integration.

The additional data collected makes it possible to detect automated scripts and browsers such as headless chrome and puppeteer stealth.

Setup

Embed the following snippet in your <head> element:

<link rel="preconnect" href="https://resources.verifiedvisitors.com" />
<link rel="preconnect" href="https://api.verifiedvisitors.com" />
<script async src="https://resources.verifiedvisitors.com/vvfp.min.js"></script>

note

This is done automatically by the Cloudflare worker implementation.

Content-Security-Policy

If your site uses Content-Security-Policy (CSP), make sure the following directives are set:

connect-src https://api.verifiedvisitors.com
script-src https://resources.verifiedvisitors.com
worker-src blob:
style-src 'unsafe-inline'

Configuration

Listening for fetch and XMLHttpRequest calls can be disabled by configuring the agent before loading, like so:

<script>
    var vvcfg = {
        interceptFetch: false,
    }
</script>
<script async src="https://resources.verifiedvisitors.com/vvfp.min.js"></script>

Client-side JavaScript Agent

Setup​

Content-Security-Policy​

Configuration​

Setup

Content-Security-Policy

Configuration