Overview
You can use this document to learn about the different WAF-related security screens that your visitors may see when they attempt to access your site. These screens will display based on the triggered rule.
Review security screens
Review the possible security screens that your visitors may see:
| Screen type | Description |
| Block screen |
The Block screen displays when your visitor has received a hard block. The screen displays a 403 response code, which will deny access to the visitor.
|
| Capcha screen |
The Capcha screen displays to ensure and test that a human visitor wants to access your site, and not an automated request. Your visitor will need to enter the displayed characters.
|
| JavaScript Validation |
The JavaScript Validation screen displays to ensure and test that a human visitor wants to access your site, and not an automated request. Your visitor will not need to perform any action. The screen will display for less than a second. Additionally, This screen may also display when blocking automated traffic during application-layer DDoS attacks.
|
| Enable JavaScript and Cookies |
The Enable JavaScript or Enable Cookies screen displays when a visitor has JavaScript or cookies disabled in their browser. The screen will suggest that the visitor enable these features.
|
| Cross-site request forgery (CSRF) |
This CSRF screen displays when a CSRF attack is suspected. CSRF is an attack vector that tricks a web browser into executing an unwanted action in an application that a visitor is logged into.
|
| DDoS |
The DDoS screen displays when another service has white-labeled the StackPath WAF service.
|
Related documentation
To learn about the security challenges that may cause your visitors to see a security screen, see StackPath WAF: Why are my Users Blocked?.