StackPath's Web Application Firewall can present incoming traffic a number of different challenges, depending on triggered rules. You can read more about why these challenges happen here.
A security screen is displayed under any of these conditions, based on the severity of the rule that was triggered, the reputation of the requester's IP, and a number of other considerations.
Block Screen
The Block Screen will be displayed any time a visitor has received a hard block and will be accompanied by a 403 response code, completely denying access to the requester.
Captcha Screen
The StackPath captcha is designed to allow access to human viewers while stopping automated requests by forcing visitor input before access can be granted.
JavaScript Validation
The WAF JavaScript Validation (extended browser validation) will test a number of different aspects to determine if the request was initiated by a human or an automated tool to allow only human visitors to view web content without any user intervention required. Real visitors should only see this screen for a fraction of a second when displayed, so the Reference ID is not included. Gateway or StackPath may also show in the Tab Title which is normal and is just there to represent that this validation period is occurring. This test is also used to block automated traffic during application-layer DDoS attacks.
Enable JavaScript and Cookies
The StackPath WAF uses a combination of JavaScript and cookies for verification, so visitors with either of these features disabled in their browser will be presented with security screens suggesting to enable them.
If you have any questions or believe any of these security screens were issued by mistake, our support is available 24/7.