As and when a page request happens from a visitor on your website, the REST API call that is embedded in the header of the page is executed. This action sends a synchronous call with various parameters about the user to the ShieldSquare

The ShieldSquare bot engine analyzes the parameters and classifies the visitor as a human, malicious bot, crawler or an aggregator, and sends the corresponding response code in tens of milliseconds (including network latency). Based on the response code, you can take action against bots that complies with your business logic. If the visitor is classified as a genuine user, the page loads and the JavaScript snippet code at the bottom of page executes. This JavaScript snippet sends an asynchronous call to the server with additional parameters for further analysis.

The combination of REST API and JavaScript snippet helps ShieldSquare in detecting the bots efficiently in real-time, with zero false positives.