For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
        • Create a Human Challenge
        • Set Challenge Configurations
        • Customize Challenge Look and Feel
        • Create a Challenge Bypass Token
        • Testing (Native Mobile)
      • Custom Actions Overview
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Prerequisites
  • Create a Challenge
  • Test the Challenge
  • Success scenario testing
  • Failure scenario testing
  • Logging
Sightline Cyberfraud DefenseMitigation SettingsChallenge Settings

Create a Human Challenge

Was this page helpful?
Previous

Set Challenge configurations

Next
Built with

The Human Challenge is a mitigation tool that ensures the user attempting to access your site is a human. It displays a challenge where users need to press, hold, and release a button to prove they are not a bot. The key facet to this challenge is that the amount of time users need to hold the button varies, and only a human can tell what that amount of time is. This makes the Human Challenge a great alternative to traditional CAPTCHA mitigation because it’s easier and more user friendly to complete for humans while, at the same time, harder for bots to solve.

You can learn more about how to create a Challenge with this article.

Prerequisites

  • Make sure you don’t have a custom CAPTCHA flow on a non-blocking page. If you do, contact us for assistance.
  • We recommend deploying and testing the Challenge on a staging or testing environment before deploying to your production environment.

Create a Challenge

Broadly, these are the steps to create and deploy a Challenge:

  1. Navigate to Sightline Cyberfraud Defense > Settings > Mitigation > Challenge Settings.
  2. In the Challenge Configuration tab, click each toggle to enable or disable optional configurations for your Challenge. See Set Challenge Configurations for more information.
  3. In the Challenge Look & Feel tab, update your Challenge’s appearance as needed. See Customize Challenge Look and Feel for more information.
  4. Copy the Challenge JavaScript, insert it into the px_js_ref configuration in your Enforcer, and deploy your Enforcer. See your Enforcer’s specific configuration documentation for more information. If you’re using Automated Mode, you can skip these steps and simply save your changes instead, and HUMAN will deploy your updates.

However, there are detailed custom configurations you can set up according to your business needs. Be sure to reference the documentation linked above for more information.

Test the Challenge

Once you’ve deployed the Challenge, we recommend testing scenarios where the Challenge is successfully solved and when it is not. These should be completed on web and mobile browsers as well as iOS and Android apps, if applicable.

Success scenario testing

To test that the Challenge properly lets the user proceed to the page after successfully solving it:

  1. Create a challenge bypass token. You only need to create this once, and you can use it as many times as you’d like afterwards.
  2. Add a User-Agent: PhantomJS header to the request.
  3. Navigate to the page that has the Challenge embedded.
  4. Confirm that the Challenge renders. Then, add x-px-captcha-testing: <captcha-bypass-token> to the request with the token you created in Step 1.
  5. Solve the Challenge.
  6. Confirm that you can continue to the page after successfully completing the Challenge

Failure scenario testing

To test that the Challenge properly shows another Challenge after a failed solve attempt:

  1. Add a User-Agent: PhantomJS header to the request.
  2. Navigate to the page that has the Challenge embedded.
  3. Confirm that the Challenge renders. Then, solve the Challenge.
  4. Confirm that you are prompted with another Challenge.

Logging

You can optionally add the logging event below to your Human Challenge’s JavaScript. This lets you build analytics, alerts, or other monitoring based on the activity of three Challenge statuses:

  • rendered: The Challenge was successfully displayed
  • failed: The Challenge was attempted, but not completed. The user did not pass and could not move on to the next page.
  • succeeded: The Challenge was completed successfully. The user passed and could move on to the next page.
1window._PXAPPID_asyncInit = function (px) {
2    px.Events.on("captcha", function (status) {
3        // possible values for the status parameter: 'rendered', 'failed' and 'succeeded'
4        if (status === "rendered") {
5            // add code here for when the captcha is displayed
6        } else if (status === "succeeded") {
7            // add code here for when the captcha is successfully solved
8        }
9    });
10};