Integrating botfighter
Quick start (30 seconds)
Paste this before </body> on every page of your site:
<script
src="https://api.botfighter.dev/botfighter.js"
data-site="YOUR-SITE-ID"
data-api="https://api.botfighter.dev"
data-honeypot="true">
</script>Replace YOUR-SITE-ID with the site ID shown after registration.
Configuration options
| Attribute | Default | Description |
|---|---|---|
data-site | required | Your site ID from registration |
data-api | https://api.botfighter.dev | API endpoint (change for self-hosted) |
data-honeypot | true | Inject invisible honeypot link |
data-sample | 1.0 | Sampling rate 0.0–1.0. Use 0.1 for very high-traffic sites |
data-privacy | false | Disable canvas + screen signals for strict privacy sites |
What the snippet does
- Reads config from
data-*attributes - Generates a random session ID (stored in
sessionStorage— no cookies) - Collects behavioral signals silently:
- Headless browser flags (
webdriver, plugins, languages) - Time to first interaction
- Canvas render fingerprint (unless
data-privacy="true") - Screen resolution check
- Headless browser flags (
- If
data-honeypot="true": injects an invisible<a>link that only bots follow - Detects known protection tools on the page (Cloudflare, reCAPTCHA, etc.)
- After 3 seconds (or on page unload), sends a single async POST to
/signal - Done — no blocking, no redirects, no impact on your users
What it does NOT do
- Does not set cookies
- Does not block any visitors (classification only — you decide what to do)
- Does not send page content, form data, or user text
- Does not slow down page load (async, uses
sendBeaconwhen available)
Embedding the badge
Show visitors you fight back. The dashboard's Embed Code tab generates this for you:
<a href="https://botfighter.dev" target="_blank" rel="noopener" style="
display:inline-flex;align-items:center;gap:6px;
background:#0f0f11;border:1px solid #2a2a35;border-radius:6px;
padding:4px 10px;font-size:12px;color:#e2e8f0;text-decoration:none;
font-family:system-ui,sans-serif;">
<span style="color:#f87171;font-weight:700">⚡</span>
Protected by <strong style="color:#f87171">botfighter</strong>
</a>Or use the badge API directly:
GET https://api.botfighter.dev/badge/YOUR-SITE-ID
→ { "bots_blocked": 142, "bot_pct": 18, "protected": true }Verifying the integration
After adding the snippet, open your browser DevTools → Network tab and reload. You should see a POST to /signal return {"ok":true}.
Or via curl:
curl https://api.botfighter.dev/health
# → {"ok":true,"version":"0.1.0"}Platform-specific notes
WordPress: Paste in your theme's footer.php before </body>, or use a plugin like "Insert Headers and Footers".
Ghost: Settings → Code injection → Site Footer.
Webflow: Project Settings → Custom Code → Footer Code.
GitHub Pages / Jekyll: Add to _layouts/default.html before </body>.
Next.js: Use next/script with strategy="afterInteractive" in _app.tsx.
Hugo: Add to layouts/partials/footer.html.
Any site: If you can add a <script> tag, botfighter works.
Accessing your dashboard
After registration you receive an owner_token — save it, it is shown once.
To log in later without the token, use magic link login:
- Go to the dashboard login screen
- Click Sign in with email →
- Enter the email used during registration
- Click the link in your inbox
Magic links expire in 15 minutes and are single-use. Sessions last 30 days.