Overview
StackPath WAF performs various tests to determine whether a valid user is behind each request (e.g. and not automated traffic). One of the requests is completed by a bit of JavaScript code that is injected into the response code from the origin server.
The StackPath WAF JavaScript Injection is responsible for providing the following information:
- Client fingerprint: A close to unique signature based on the number and type of various components that were installed on the client.
- Browser-type signature: A signature that is typical of a type of a browser and version.
- GUI interactions: Information about the interaction of the client with the application GUI.
JS Injection will be added just after the opening <body> tag.
The Injection has a very minimal effect on the page size and almost no effect when it comes to page loading time.
The information gathered helps us provide more accurate protection and to block malicious traffic from reaching your origin server.
How does the Injected JS code send the client information to the WAF analysis engine?
- Cookies: The Injects some JavaScript code and creates and fills cookies that will be sent and analyzed by StackPath WAF on each request.
- /sbbi/: Details about the client will be sent to our analysis engine VIA a specific URL that will start with {domain-address}/sbbi/ . For example, if your website address is https://www.website.com, the requests will be made from the following URL: https://www.website.com/sbbi/