Appearance
HTML / Other
If your platform isn't listed, Botfighter works anywhere you can add a <script> tag.
Finding your Site ID
Log in at dash.botfighter.dev → your Site ID is shown at the top of the dashboard.
Any HTML page
The snippet:
html
<script
src="https://botfighter.dev/botfighter.js"
data-site="YOUR-SITE-ID"
data-api="https://api.botfighter.dev"
data-honeypot="true"
defer>
</script>Where you put it depends on how your site is built — pasting it into every individual .html file by hand is a last resort, not the recommended path, for anything beyond a couple of pages:
- Static site generator (Hugo, Jekyll, Eleventy, Astro, 11ty...): add it once to the shared layout/partial that wraps every page, then rebuild. See the Hugo guide for a concrete example — the same idea applies to any generator.
- Hosted on Netlify: use Snippet Injection — Site settings → Post processing → Snippet injection → paste it, position "Before
</body>". It applies to every page instantly, with zero file edits and no redeploy. - Apache or nginx, hand-authored pages, no build step: use a server-side include so you only maintain one file:html(
<!-- in every page, once --> <!--#include virtual="/inc/botfighter.html" -->inc/botfighter.htmlcontains just the<script>tag above. Requires SSI enabled —mod_includeon Apache,ssi on;on nginx.) - A handful of hand-written pages with no template or include mechanism at all: pasting it into each file is genuinely fine at that scale — it's a one-time task, not ongoing maintenance. It stops being reasonable well before "every page" of a real site.
This works with any server stack: Apache, nginx, Node.js, PHP, Ruby, Python, and more.
Single-page apps (React, Vue, Svelte, etc.)
Add the snippet once to your root index.html — the snippet initialises once per page load, which is correct for SPAs:
html
<!-- index.html -->
<body>
<div id="root"></div>
<script
src="https://botfighter.dev/botfighter.js"
data-site="YOUR-SITE-ID"
data-api="https://api.botfighter.dev"
data-honeypot="true"
defer>
</script>
</body>PHP template example
php
<!-- footer.php or layout.php -->
<script
src="https://botfighter.dev/botfighter.js"
data-site="YOUR-SITE-ID"
data-api="https://api.botfighter.dev"
data-honeypot="true"
defer>
</script>
</body>
</html>Verify it's working
- Open DevTools → Network → filter by
signal - You should see a
POSTtohttps://api.botfighter.dev/signalreturning{"ok":true} - The visit appears in your dashboard within a few seconds
Want real blocking, not just detection?
Everything above installs the JavaScript snippet (detection only — non-JS scrapers never trigger it). If you have server access (Apache, nginx, Node.js, PHP), see Real blocking (server-side) for a one-time integration that returns a real 403 before content is served.
Need help? Check the dashboard for your live signal feed.