Skip to content

HTML / Other

If your platform isn't listed, Botfighter works anywhere you can add a <script> tag.

Finding your Site ID

Log in at dash.botfighter.dev → your Site ID is shown at the top of the dashboard.

Any HTML page

The snippet:

html
<script
  src="https://botfighter.dev/botfighter.js"
  data-site="YOUR-SITE-ID"
  data-api="https://api.botfighter.dev"
  data-honeypot="true"
  defer>
</script>

Where you put it depends on how your site is built — pasting it into every individual .html file by hand is a last resort, not the recommended path, for anything beyond a couple of pages:

  • Static site generator (Hugo, Jekyll, Eleventy, Astro, 11ty...): add it once to the shared layout/partial that wraps every page, then rebuild. See the Hugo guide for a concrete example — the same idea applies to any generator.
  • Hosted on Netlify: use Snippet Injection — Site settings → Post processing → Snippet injection → paste it, position "Before </body>". It applies to every page instantly, with zero file edits and no redeploy.
  • Apache or nginx, hand-authored pages, no build step: use a server-side include so you only maintain one file:
    html
    <!-- in every page, once -->
    <!--#include virtual="/inc/botfighter.html" -->
    (inc/botfighter.html contains just the <script> tag above. Requires SSI enabled — mod_include on Apache, ssi on; on nginx.)
  • A handful of hand-written pages with no template or include mechanism at all: pasting it into each file is genuinely fine at that scale — it's a one-time task, not ongoing maintenance. It stops being reasonable well before "every page" of a real site.

This works with any server stack: Apache, nginx, Node.js, PHP, Ruby, Python, and more.

Single-page apps (React, Vue, Svelte, etc.)

Add the snippet once to your root index.html — the snippet initialises once per page load, which is correct for SPAs:

html
<!-- index.html -->
<body>
  <div id="root"></div>
  <script
    src="https://botfighter.dev/botfighter.js"
    data-site="YOUR-SITE-ID"
    data-api="https://api.botfighter.dev"
    data-honeypot="true"
    defer>
  </script>
</body>

PHP template example

php
<!-- footer.php or layout.php -->
<script
  src="https://botfighter.dev/botfighter.js"
  data-site="YOUR-SITE-ID"
  data-api="https://api.botfighter.dev"
  data-honeypot="true"
  defer>
</script>
</body>
</html>

Verify it's working

  1. Open DevTools → Network → filter by signal
  2. You should see a POST to https://api.botfighter.dev/signal returning {"ok":true}
  3. The visit appears in your dashboard within a few seconds

Want real blocking, not just detection?

Everything above installs the JavaScript snippet (detection only — non-JS scrapers never trigger it). If you have server access (Apache, nginx, Node.js, PHP), see Real blocking (server-side) for a one-time integration that returns a real 403 before content is served.


Need help? Check the dashboard for your live signal feed.