Scripts

Overview

The Centinel collector script is an optional addition to your site. It runs in the browser, sets the _centinel cookie, and feeds browser-side signals back to the validator so detection can go beyond what server-side fingerprinting alone can see.

Server-only validation works without it. The script makes that validation dramatically better on traffic that originates from real browsers.

Why publishers add it

• Session continuity. Once a visitor has cleared a challenge, the _centinel cookie carries that decision through their session. They are not re-challenged on every page.

Add the script

Drop this in your page <head> and replace SITE_KEY with your site key (from the Dashboard).

<html>
  <head>
    <script src="https://collector.centinelanalytica.com/script.js?site_key=SITE_KEY"></script>
    <!-- Rest of the head -->
  </head>
  <body>
    <!-- Page content -->
  </body>
</html>

Where to install it

Add the script to any page where a protected action can be triggered:

• Login forms (or any page hosting a login modal)
• Signup and password-reset flows
• Checkout and payment pages
• Gated content: premium articles, paid downloads, members-only areas
• Comment, review, and other user-generated-content submission

For single-page apps, include it once in the global layout so it runs across all client-side routes.

Verify

Check window.cen.initialized to confirm the script has loaded. If it is not ready yet, wait for the CentinelInitialized event.

function whenCentinelReady(cb) {
  if (window.cen && window.cen.initialized) {
    cb();
    return;
  }

  const handler = () => {
    window.removeEventListener('CentinelInitialized', handler);
    cb();
  };

  window.addEventListener('CentinelInitialized', handler);
}

whenCentinelReady(() => {
  login();
});

Next steps

Whether you added the script or chose to skip it, your backend needs to call /validate on every protected request.