For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Deploy both the Sensor and the Enforcer
  • Application IDs
Getting Started

Best practices

Was this page helpful?
Previous

About Sightline Cyberfraud Defense

Next
Built with

HUMAN recommends certain setup and configuration within your account whenever possible for optimal performance and integration across all of HUMAN’s features and products, including Sightline Cyberfraud Defense, AgenticTrust, and Code Defender.

Deploy both the Sensor and the Enforcer

HUMAN strongly recommends you deploy both the Sensor and the Enforcer for the most complete defense strategy possible for your application. This is because each element protects different parts of your system. The Sensor:

  • Collects user signals from the browser side and sends this data to the Detector for analysis, which returns the risk score
  • Encrypts and injects the risk score into the client
  • Is excellent at detecting primitive bots, particularly those that execute JavaScript

Meanwhile, the Enforcer:

  • Collects user signals from the server side and sends this data to the Detector for analysis
  • Blocks or allows users based on the received risk score and set policy rules
  • Detects and reacts to volumetric patterns, such as high-velocity spikes characteristic of bot attacks
  • Extracts GraphQL-specific operations and header-based context for API queries

Application IDs

An Application ID is a unique ID assigned to each Application you create within HUMAN. You create at least one Application while setting up Sightline or Code Defender. A single Application typically covers all traffic in a single application. This includes traffic across multiple domains within an application as long as their detection logic and traffic are shared. We recommend only using one Application ID whenever possible. This ensures you have complete coverage, optimal functionality, and full feature capabilities across all HUMAN products.

Web and mobile traffic should not be separated into different Application IDs if they share the same traffic, detection logic, and APIs. HUMAN already differentiates between web and mobile traffic in the dashboard. However, if you have a mobile application with separate traffic, it can have a separate Application ID.

That said, there are some situations where it may be appropriate to have multiple Application IDs. This is typically when enterprise businesses might have multiple domains or applications that need to be protected. If you’re unsure, we encourage you to reach out to our support team to determine what best suits your use case.

We strongly discourage using multiple Application IDs within a single application or domain for the following reasons:

  • Multiple Application IDs may increase the risk of false negatives as traffic is segmented across multiple IDs.
  • Multiple Application IDs may increase the risk of false positives, as each Application ID is effectively treated as a separate Application even if they’re on the same domain. This means that, for example, the same malicious user could be mitigated on one Application ID, but not the other.
  • Segmenting traffic between IDs on one domain or application weakens HUMAN’s holistic behavioral analysis model and lessens our ability to reliably predict and block malicious behavior.