DOCS

Install PHP + JS protection when server and browser context should work together.

PHP + JS install combines server-side decisioning with browser-side behavior signals. Use it when you need more context than a server-only check can provide.

Start free trial View pricing

Server-side routing Browser signals Behavior context Protected Pages Stronger review

On this page

Best for. How PHP + JS works. What browser-side signals are for. Setup checklist. Public docs vs dashboard package. Related docs.

When to use it

Best for.

Landing pages with mixed traffic quality

Use richer context when paid traffic quality varies widely by source or device.

Lead forms receiving suspicious sessions

Add browser-side evidence when server-only routing feels too thin.

Campaign traffic where browser context matters

Use PHP + JS when click fraud prevention needs both server and browser context.

Pages where false positives must be reduced

Use browser signals to improve confidence before tightening Protected Page rules.

Flow

How PHP + JS works.

Step 1

Visitor reaches Protected Page

The request first lands on the protected PHP route.

Step 2

PHP performs the server-side check

Server-side routing still owns the first decision layer.

Step 3

JS collects browser-side context where enabled

Browser behavior adds more confidence signals when the page allows it.

Step 4

KillBot combines signals with route policy

Server-side context and browser-side context are reviewed together.

Step 5

Final outcome is logged in Traffic Log

Use the record to confirm the route is working before scaling traffic.

Signal depth

What browser-side signals are for.

Browser-side signals help separate scripted or low-quality sessions from normal visitors. They should improve decision confidence, not replace server-side route policy.

Checklist

Setup checklist.

Create Protected Page.
Select PHP + JS install mode.
Add PHP package to the protected route.
Add JS snippet where required.
Set safe redirect target.
Test with monitor/redirect mode first.
Review Traffic Log.

Dashboard package

Public docs vs dashboard package.

Exact PHP + JS package files are available inside the dashboard after signup so they match the account, route, and current package version.

Public docs explain when to use the mode. The authenticated dashboard provides the account-specific package and placement details.

Get started

Use PHP + JS when browser context matters.

Start with one route, collect proof in Traffic Log, and scale only after the decisions are clear.