FAQ
Integration
Does the snippet slow down my page?
No. Dynamicimport() is non-blocking. Fingerprint collection runs async (~100–300ms) including MixVisit, WebRTC (parallel), and optional port scan on Chromium.
Does the snippet use cookies?
Yes — a first-partyvisitorID cookie (plus localStorage) for persistent visitor tracking. No third-party cookies.
What happens if the snippet fails to load?
No fingerprint is sent and no webhook fires. Use the noscript beacon for JS-disabled browsers.Can I use the snippet in a mobile WebView?
Yes. STUN may fail in some WebViews →Stun is not checked (+30). Port scan runs on Chromium WebViews only.
Which API host do I use?
- Dashboard + Pub API:
account.shieldlabs.ai - Core webhook registration alternative:
api.shieldlabs.ai/{domain}:{secret}/callback
Webhooks
How quickly does the webhook arrive?
Typically 0.5–1.5 seconds after REST submission. You may receive two webhooks:Phase: "initial" then Phase: "update" after WebRTC.
What if my endpoint is down?
No retries. Respond2xx within 1 second.
Why is the field named Assing?
Canonical spelling in the payload — use exactly Assing for HMAC verification.
How do I verify the signature?
HMAC-SHA256 over JSON of theData object (include Phase when present). See Webhook Verification.
Scoring
Why do legitimate users score above 0?
- VPN (2-of-3): +15
- Corporate/datacenter IP: +10
- Privacy browser blocking WebRTC: +30 STUN fail
- Browser extension VPN collapse: +30
What threshold should I use?
See Trust Score. Dashboard bands: Clean 0–9, Low 10–29, Medium 30–59, High 60+.Can I query historical scores?
Yes — Pub API onaccount.shieldlabs.ai:
user_hid, visitor_id, device_id, cookie_id, session_id, ip, request_id.