ShieldGate Docs

1. Create a site

Sign in, open Dashboard → Sites, add your domain. You'll receive a site_key.

2. Configure destinations

Under Destinations, add one or more money / white / block pages. Filter by country, device, or OS. Use weights for A/B rotation. The site's fallback white_url and money_url are used when no destination matches.

3. Install

JS snippet (simplest):

<script src="https://YOUR_HOST/api/public/cloak.js"
        data-site-key="YOUR_SITE_KEY"
        data-auto-redirect="1"></script>

Server-side decide call:

POST /api/public/decide
{
  "site_key": "...",
  "visitor": { "ip":"1.2.3.4", "ua":"...", "country":"US", "asn":15169 }
}
→ { "verdict":"allow|challenge|block", "action":"money|white|block", "url":"..." }

4. Detection signals

• Curated bot signatures: Google, Meta, Microsoft, VirusTotal, security scanners, AI scrapers, SEO bots, automation tools.
• Headless / WebDriver / Puppeteer / Playwright flags.
• ASN reputation: datacenter, VPN, Tor.
• CIDR-aware IP allow/block, ASN allow/block, country, device, OS, referrer rules.
• Signed JS challenge (HMAC, 2-min TTL, replay-resistant).
• Behavioral throttle per IP per minute.

5. Analytics

The bundled cloak.js auto-tracks pageview, click (any <a>/<button>), and download events. Track custom events:

ShieldGate.track('custom', 'signup_completed', { plan: 'pro' });

6. Billing

Subscriptions are billed in ETH via Bitcart (self-hosted). Webhook deduplication and replay window are enforced.