Client-side JavaScript Agent
The client-side JS agent is required for displaying challenge pages, and collects additional telemetry to improve threat detection and visitor categorisation.
Challenges are served within an iframe when a VerifiedVisitors mitigating
response is detected. This works by listening for fetch
and XMLHttpRequest
calls from the browser and checking the responses sent by a server-side
integration.
The additional data collected makes it possible to detect automated scripts and browsers such as headless chrome and puppeteer stealth.
Setup
Embed the following snippet in your <head>
element:
<link rel="preconnect" href="https://resources.verifiedvisitors.com" />
<link rel="preconnect" href="https://api.verifiedvisitors.com" />
<script async src="https://resources.verifiedvisitors.com/vvfp.min.js"></script>
This is done automatically by the Cloudflare worker implementation.
Content-Security-Policy
If your site uses Content-Security-Policy (CSP), make sure the following directives are set:
connect-src https://api.verifiedvisitors.com
script-src https://resources.verifiedvisitors.com
worker-src blob:
style-src 'unsafe-inline'
Configuration
Listening for fetch
and XMLHttpRequest
calls can be disabled by configuring
the agent before loading, like so:
<script>
var vvcfg = {
interceptFetch: false,
}
</script>
<script async src="https://resources.verifiedvisitors.com/vvfp.min.js"></script>