Skip to main content
The Overview tab is the home of the dashboard. It summarizes your traffic for a selected project and date range: how risky it is, which signals are firing, which abuse patterns are showing up, who is visiting, and where they come from. Every number on this tab is computed server-side and read-only. The dashboard renders results; it never blocks, challenges, or decides anything. Your own code owns the allow / challenge / review / block decision using the Risk Score and signals you receive over webhooks and the Management API.

Filters

A Filters panel at the top of the page scopes every card below it.
ControlBehavior
ProjectA domain select. Default is All Projects (aggregates every domain you own). Pick one domain to scope the page to it.
Date rangeA calendar range. All cards report over this window, and trend arrows compare it against the previous window of the same length.
Reset filtersClears the project and date selections back to defaults.
Trends shown on the cards compare the selected range against the immediately preceding range of equal length (for example, the last 7 days versus the 7 days before).

Card layout

Traffic Risk

Average request risk (0–100) with a Clean / Low / Medium / High distribution and Requests Checked.

Request Signals

Each scoring signal with its visitor count, share, and weight. See /concepts/signals.

Visitor Insights

Estimated unique visitors and new visitors, plus top countries, browsers, OS, device types, and connection types.

Patterns Summary

Suspicious and Dangerous abuse-pattern detections and their traffic share.

Traffic Sources

Channels and source details ranked by request volume, share, and traffic risk.
The left column shows Traffic Score over Request Signals, the right column shows Visitor Insights, and below the columns are Patterns Summary then Traffic Sources.

Traffic Score card

The Traffic Score card answers one question: how risky is my traffic this period? It is an aggregate, not the score of any single request. A half-circle gauge shows the band the average falls into, with the band label and a short subtitle under the needle:
BandRangeGauge subtitle
Clean0–9All Clear
Low Risk10–29Worth a Quick Check
Medium Risk30–59Needs Attention
High Risk60–100Action Recommended
Two metrics sit beside the gauge:
MetricValueTooltip
Traffic Risk{riskScore}/100”Average request risk score. 0 is ideal, 100 is very bad.”
Requests Checkedcount”Requests analyzed in the selected period.”
A stacked bar with a legend breaks the requests into the four bands, each row showing the band name, its threshold, the count, and the percent.
The Traffic Risk denominator is requests, not visitors. Traffic Risk is the average Risk Score across every request analyzed in the period, and Requests Checked is that request total. One person who triggers ten identify calls contributes ten requests here. This is different from the Patterns Summary and Visitor Insights cards, which count unique visitors and sessions. Compare like with like when you read the two cards together.
The Risk Score is always 0–100, capped at 100. There is no higher scale. A legitimate user can still score in a higher band (corporate proxy, VPN, privacy browser), so treat the average as a trend signal, not a verdict. See acting on the Risk Score.

Request Signals card

The Request Signals card lists the technical signals used to assess traffic quality and abuse risk, sorted by how often they fired. Its tooltip reads: “Technical signals used to assess traffic quality and abuse risk.” Each signal tile shows:
  • the signal name (for example, VPN, Tor, OS Mismatch, Anti-detect Browser)
  • an info tooltip describing what the signal means
  • the count of requests in the period where the signal fired
  • the share of requests, as a percent
  • a weight badge: the points this signal contributes to a request’s Risk Score
The weight is the explainability hook. Higher-weight signals indicate stronger anonymity or abuse evidence, so a request that trips a high-weight signal lands in a higher band. The full signal catalog, the weight of each signal, and how signals combine (mutually exclusive anonymity signals, the VPN 2-of-3 corroboration rule, and stacking proxy-family signals) live in /concepts/signals.
These per-request scoring signals are distinct from the abuse patterns on the Patterns Summary card. Signals score a single request right now. Patterns link many requests over a time window. Do not conflate the two.
The same signals appear as per-request Yes / No columns on the Data tab, and the per-request signal list ships in the webhook and History API payloads as the explainable Details array.

Patterns Summary card

The Patterns Summary card shows how often abuse patterns triggered in the period, broken down by degree. Its subtitle reads: “How often patterns triggered, broken down by degree.” It surfaces the two persisted severity levels:
TileColorShows
Suspiciousamberdetections count, trend, and Traffic Share
Dangerousreddetections count, trend, and Traffic Share
The Traffic Share row tooltip reads: “Share of unique visitors flagged at this level in the selected period (detections / total sessions).” A See Patterns button opens the full Patterns tab, where each of the eight abuse patterns is graded Normal, Suspicious, or Dangerous and broken down per identifier.
Different denominator from Traffic Risk. Patterns Summary counts unique visitors and sessions, while Traffic Risk counts requests. The two cards measure different things on purpose, so do not expect their totals to reconcile.
Abuse patterns are computed server-side from historical data and are a dashboard feature only. They are not part of the webhook or API payload. The pattern worker runs about every ten minutes, and a level never downgrades once reached.

Visitor Insights card

The Visitor Insights card estimates how many people visited and how many were new, then breaks them down by attribute. Two metrics sit at the top:
MetricTooltip
Visitors”Estimated unique visitors using cookies, browser info, and device info.”
New Visitors”Visitors first seen in the selected period.”
These counts are deliberately estimated. ShieldLabs counts by a fingerprint-derived identity (DeviceID) rather than a single cookie, so a returning person on the same browser keeps the same identity even after clearing cookies or using incognito, instead of being miscounted as new. DeviceID is browser-bound, so a different browser on the same machine counts separately. The card also lists top countries, browsers, operating systems, device types, and connection types. The full counting model, the contrast with cookie-based analytics, and the honest boundaries live on the Visitor Insights page.

Traffic Sources card

The Traffic Sources card ranks where your traffic comes from by volume, share, and risk. Its subtitle reads: “Traffic source breakdown by request volume, traffic share, and traffic risk. Use Source details to inspect referrers and UTM parameters.” Two tables sit side by side:
  • Channels, with columns Channel, Requests / Share, and Traffic Risk. The channel set is Google Ads, Meta, TikTok, LinkedIn, X, Organic Search, Referral, Direct, and Other. Each row carries a risk badge rendered as <score> <level> (for example, 71 High or 8 Clean), using the bands Clean / Low / Medium / High.
  • Source details, which toggles between Referrers and UTM Parameters. The UTM view lets you pick Source, Medium, Campaign, Term, or Content.
The payoff is ranking each paid and organic source by the risk and anonymous-traffic share it delivers, so you can read cost per real visitor rather than cost per click and find the campaign or affiliate sending masked traffic. The full breakdown lives on the Traffic Sources page.

Where to go next

Risk Score

How the 0–100 score and its bands work, with the explainable Details array.

Signals

The full signal catalog, each weight, and the combination rules.

Abuse Patterns

The eight server-side patterns and how they grade entities.

Acting on the Risk Score

Turn the score and signals into allow / challenge / review / block logic in your own code.