- Visitors and New Visitors - real and new headcounts, counted by a durable identity, not a cookie.
- Traffic Sources - every channel, referrer, and campaign ranked by the risk it delivers.
- Traffic Risk and the Data table - the average risk gauge and the per-request records behind it.
Visitors and New Visitors
Two metrics sit at the top of the Visitor Insights card. These are the exact product tooltips:| Metric | Tooltip |
|---|---|
| Visitors | ”Estimated unique visitors using cookies, browser info, and device info.” |
| New Visitors | ”Visitors first seen in the selected period.” |
“Estimated” is deliberate. ShieldLabs does not promise an exact headcount. It reports a confident estimate of real people, built from a stable identity rather than a single cookie. New Visitors is the subset first seen inside the selected window, so the determination moves with the date filter.
Why the count is more accurate
ShieldLabs does not count by a single cookie. It counts by the durable DeviceID, an identity derived from dozens of stable browser and device characteristics, not stored. Because nothing is stored, there is nothing to clear. A returning person on the same browser reproduces the same environment, so the server derives the same DeviceID and keeps them recognized as returning. Cookie-based tools count differently, and that decides whether the same person is counted once or many times:| Dimension | Google Analytics | Vercel Analytics | ShieldLabs |
|---|---|---|---|
| Counts by | First-party cookie (client id) | First-party client id (per-visit, partly IP-derived) | Durable DeviceID, derived not stored |
| Cleared cookies | New user | New user | Same person, stays recognized |
| Incognito / private window | New user | New user | Same person, stays recognized |
| IP rotation | Same user (cookie persists) | New user (id is partly IP-based) | Same person (DeviceID is not IP-based) |
Traffic Sources
Traffic Sources ranks every acquisition channel, referrer, and campaign by the risk it delivers, not the volume it sends. Two channels with identical request counts are not equal if one runs Clean and the other runs High. That delta is the difference between paying for real visitors and paying for masked traffic. The card holds two tables side by side: Channels on the left, Source details on the right.Channels
The Channels table groups every request into one acquisition channel and scores the channel as a whole. Each row shows the channel name, its Requests / Share, and a Risk Badge. The channel set is fixed and exact:| Channel | What it covers |
|---|---|
| Google Ads | Paid Google traffic. There is no separate “Google” channel. |
| Meta | Facebook and Instagram. It is Meta, not “Meta Ads”. |
| TikTok | TikTok paid and organic. |
| LinkedIn paid and organic. | |
| X | The channel is X, not “Twitter”. |
| Organic Search | Unpaid search referrals. Not bare “Organic”. |
| Referral | Inbound links from other sites. |
| Direct | No referrer (typed URL, bookmark, stripped referrer). |
| Other | Anything that does not map to the channels above. |
<score> <level>, for example 71 High or 8 Clean. The number is the average Risk Score of the requests attributed to that source, on the same 0–100 scale used everywhere. The word is the band:
| Level | Score range | What it means for the source |
|---|---|---|
| Clean | 0–9 | No meaningful anonymity or abuse signals. Real traffic. |
| Low | 10–29 | One minor signal on average. Mostly fine. |
| Medium | 30–59 | Overlapping or moderate signals. A meaningful slice is masked. |
| High | 60–100 | Strong anonymity or abuse signals. Skews toward masked traffic. |
Source details
Where Channels answers “which channel?”, Source details answers “which specific source inside it?”. A toggle switches between two views, each row carrying its own Requests / Share and Risk Badge:- Referrers - each row is a referring host (for example
news.ycombinator.com). This is how you find the one inbound link, partner site, or affiliate sending masked traffic while the channel-level number still looks fine. - UTM Parameters - a select picks which campaign tag to break down by.
| UTM field | Breaks the rows down by |
|---|---|
| Source | utm_source (for example newsletter, partner_x) |
| Medium | utm_medium (for example cpc, email) |
| Campaign | utm_campaign (the specific campaign) |
| Term | utm_term (the paid keyword) |
| Content | utm_content (the specific creative or ad variant) |
42 Medium. UTM Campaign shows the medium score is one clean campaign averaged with one running 81 High. UTM Content narrows it to a single creative. Now you know exactly what to pause, ranked by risk instead of guesswork.
Cost per real visitor, not per click. Rank each paid and organic source by the risk and anonymous-traffic share it delivers. The campaign that sends 50,000 clicks at
71 High is not your best channel. It is the one quietly inflating your click count and your real cost per visitor.Traffic Risk and the Data table
The Traffic Risk gauge on the Overview tab shows the average Risk Score across requests in the period. A half-circle gauge maps the average to a band, with a short subtitle under the needle:| Band | Range | Gauge subtitle |
|---|---|---|
| Clean | 0–9 | All Clear |
| Low Risk | 10–29 | Worth a Quick Check |
| Medium Risk | 30–59 | Needs Attention |
| High Risk | 60–100 | Action Recommended |
The denominator is requests, not visitors. Traffic Risk averages the Risk Score across every request analyzed, and Requests Checked is that total. One person who triggers ten identify calls is ten requests here. The visitor counts above count unique people, so the two numbers measure different things on purpose.
RequestID:
- Filterable by project, score range (for example
60–100to isolate the High band), date range, and abuse pattern. - Searchable by a single identifier:
request_id,visitor_id,device_id,user_hid, orip. - Sortable by date, score, and every signal column, so you can group every request that tripped a given signal.
- Exportable to JSON or CSV, free of charge. Exports do not consume request balance.
Details array naming the signals that fired and the points each added. So when a source reads High, filter the Data table to it, set the Score range to the High band, and read the exact signals (VPN, Anti-detect Browser, Tor, Datacenter IP, and the rest) that pushed the average up. The dashboard surfaced the masked source. The decision and the action are yours, in your own tools.
Next steps
Anonymity Signals
The signal catalog behind every risk badge: VPN, anti-detect, datacenter, Tor, and the rest, each with its weight.
Traffic quality
Measure traffic quality per source over time and turn cost per real visitor into a metric your code can act on.
Affiliate fraud
Score traffic per affiliate and per campaign, find the partner sending masked clicks, and reconcile payouts against real visitors.