Sightline Cyberfraud DefenseMitigation SettingsPrecheck Settings

Manage Sightline Precheck settings

Precheck is an interactionless challenge that deters primitive bots at the edge when they make their first request on your site, such as simple scraping attacks or primitive automations that don’t execute JavaScript or store cookies. If the check passes, your user is redirected back to their original URL. If it doesn’t, then HUMAN blocks the request.

Animated Precheck example of the HUMAN logo expanding over time

You can customize and enable Precheck behavior from Precheck Configuration settings. To update how it appears to your users, see Customize Sightline Precheck look & feel. For more information on Precheck behavior, see Precheck FAQ.

As a precaution, when you enable Precheck, it takes 5 hours for Precheck to roll out and be fully enabled on all site traffic that was enforced. This ensures there will be fewer false positives.

Prerequisites

  • Your Sensor version must be at least 9.2.7 or higher. See our installation instructions to learn how to update to the latest version.
  • An existing Enforcer set to active blocking mode (not monitoring mode).
  • A production environment to deploy Precheck on.

Enable Precheck

If you have multiple applications, you need to enable Precheck on each one that you want to protect. Not all types of applications may be eligible for Precheck. See Precheck FAQ for more information.

  1. Navigate to Sightline Cyberfraud Defense > Settings > Mitigation > Precheck Settings.
  2. Select the application you want to enable Precheck on from the Application name & Application ID dropdown menu.
  3. Select the Precheck Configuration tab.
  4. Under Precheck Enablement, click ON.
  5. Click Save Changes.
  6. Click Save.

Exclusion settings

You can exclude certain types of routes or traffic from Precheck if needed. This means that Precheck will never appear to visitors on those routes. You can find exclusion settings under Precheck General Rules.

To enable or disable exclusions, contact HUMAN’s support team.

  • Exclude Home Page: Stop Precheck from appearing on your home page
  • Exclude Paid Traffic: Stop Precheck from appearing on routes with paid traffic. HUMAN identifies requests as paid traffic if the request URL has any UTM-style or click-ID parameter, such as utm_* or gclid, and doesn’t have a matching “organic” override, such as utm_source=organic.
  • Only apply on the following IPs: This restricts Precheck to appearing exclusively to visitors from the listed IPs. This field is for testing purposes. Enabling this switches all routes to testing mode and stops active protection for any live traffic.

Once excluded, Precheck will never appear to your selections.

Precheck Route Configuration Setup statuses

Precheck Route Configuration Setup shows all routes that Precheck actively covers and updates with any new routes every 24 hours. This is the best place to check which of your routes are currently protected. You can filter these routes to narrow down your results or download a CSV file of these routes for your own use.

  • Status: Whether the route is excluded, included, or unclassified from Precheck.
    • : This route is unclassified and needs to be categorized as either excluded or included.
    • : This route is included as a route, and Precheck will present on it.
    • : This route is excluded as a route, and Precheck will not present on it.
    • : If a status icon has a star on it, then the classification assigned to this route aligns with HUMAN’s recommendation. If this recommendation ever changes, then your manual selection will persist; HUMAN will never override your manual assignments.
    • : If a status icon has an exclamation mark, then Precheck can’t currently protect this route due to technical issues.
  • Route: The protected route.
  • Threat Type: The type of threat the route is most prone to and what Precheck protects against.
  • Presented/~Simulated: The number of requests where Sightline presented Precheck over the last 24 hours.
  • Excluded: The number of requests where Sightline did not present Precheck over the last 24 hours. Sightline excludes requests based on what you chose in Exclusion settings.
  • Blocked/Passed Rate: The rate that Precheck was solved whenever it was presented. This is useful for quickly assessing how Precheck performs on each route.

Configure referrer attribution with UTM parameters

Precheck is an interstitial page that redirects the visitor to your application after the check completes, which requires reloading the webpage. Because of this, the original referrer is not preserved, so your web analytics tool such as Google Analytics or Adobe Analytics may attribute referred first-time visitors that encounter Precheck as direct traffic instead. The industry standard in this case is to preserve the referral information in UTM query parameters:

  • If a referrer is present, set utm_source to the domain (such as www.example.com) and utm_medium to referral.
  • If not, use utm_source=direct and utm_medium=none.

If there are already UTM parameters in the URL, HUMAN won’t replace these even if this feature is enabled.

This feature isn’t enabled by default, so if you’d like to preserve referrer attribution for this traffic, be sure to follow these steps before you turn on Precheck.

  1. Click the Preserve referral information in UTM parameter checkbox to activate this feature.
  2. Configure your analytics tool to detect the appropriate UTM parameters and attribute them to the respective referral source. This can vary depending on your analytics tool. For example, if you use Google Analytics, you can use Custom channel groups.