Documentation

Everything you need to protect your PPC campaigns from click fraud.

Installation

Google Tag Manager Setup

Install ClickDefender using GTM with our pre-built container template.

API Reference

Full API documentation for custom integrations and advanced use cases.

Integrations & Alerts

Integrations

Connect to Google Ads, Slack, and more for automated protection.

Webhooks

Receive real-time fraud alerts in your own systems via HTTP.

Alerts & Security

Configure email alerts and manage API key security.

Advanced Settings

IP lists, blocking modes, detection rules, geo-targeting, and thresholds.

Quick Start

1Create a Property

After signing up, go to your Dashboard and click "Add Property". Enter a name for your website and optionally the domain.

2Copy Your Tracking Code

Once created, you'll see your unique JavaScript snippet. Copy it to your clipboard.

<script>
  (function() {
    var s = document.createElement('script');
    s.src = 'https://www.clickdefender.app/defender.js';
    s.async = true;
    s.onload = function() {
      window.ClickDefender.init({
        apiKey: 'YOUR_API_KEY',
        endpoint: 'https://www.clickdefender.app'
      });
    };
    document.head.appendChild(s);
  })();
</script>

3Add to Your Landing Pages

Paste the code in the <head> section of your PPC landing pages.

Platform-specific instructions:

WordPress: Use a plugin like "Insert Headers and Footers" or add to your theme's header.php
Shopify: Go to Online Store → Themes → Edit code → theme.liquid
Wix: Settings → Custom Code → Add to Head
Squarespace: Settings → Advanced → Code Injection → Header
Custom HTML: Add directly inside the <head> tag

Verify Installation

Visit your landing page, then check your ClickDefender dashboard. You should see events appearing within seconds. The property card will show "Active" once verified.

How It Works

Visitor Tracking

When a visitor lands on your page, our script silently collects behavioral signals: scroll depth, time on page, click patterns, and browser fingerprint. No personal data is stored—only hashed identifiers.

Fraud Scoring

Each visitor gets a fraud score (0-100) based on 8 detection rules. Scores above 40 are flagged as suspicious, above 70 as fraudulent. Fraudulent visitors can be automatically blocked.

Real-Time Detection

Our engine analyzes patterns in real-time: repeat clicks from the same IP, datacenter/VPN usage, impossible browser behaviors, and honeypot triggers. Fraudsters are identified instantly.

IP Blocklist Export

Export blocked IP addresses as a CSV file and upload to Google Ads IP exclusions. This prevents fraudsters from seeing your ads entirely, saving your budget.

Detection Rules

ClickDefender uses 8 sophisticated rules to detect click fraud. Each rule contributes to the overall fraud score.

Repeat Click Detection

Flags visitors who click your ads excessively. Default thresholds: 10 clicks/hour or 50 clicks/day from the same visitor.

Score impact: +20 to +30 points

Short Dwell Time

Detects visitors who leave your page suspiciously fast (under 10 seconds). Real users typically spend more time reading content.

Score impact: +20 points

No Scroll Detection

Identifies visitors who never scroll the page (less than 10% scroll depth). Legitimate visitors almost always scroll to view content.

Score impact: +15 points

Datacenter IP Detection

Flags traffic from known datacenter IP ranges (AWS, Google Cloud, Azure, DigitalOcean, etc.). Real customers don't browse from cloud servers.

Score impact: +25 points

VPN/Proxy Detection

Identifies visitors using VPN services often associated with click farms (NordVPN, ExpressVPN, Surfshark exit nodes, etc.).

Score impact: +15 points

Honeypot Trap

Hidden links invisible to humans but clicked by bots. Add a honeypot element with class="cd-honeypot" and position it off-screen.

Score impact: +40 points

Geographic Mismatch

Flags visitors from countries outside your target regions. Configure allowed countries in your property settings (Pro plan).

Score impact: +15 points

Rapid Click Pattern

Detects inhuman click speeds—clicks occurring faster than 500ms apart indicate automated bot activity.

Score impact: +25 points

Advanced Configuration

Honeypot Setup

Catch bots that click invisible links

Add a hidden element to your page that only bots will click:

<!-- Add this anywhere in your page body -->
<div class="cd-honeypot" style="position:absolute;left:-9999px;opacity:0;">
  <a href="#">Click here for discount</a>
</div>

Then enable honeypot detection in your script:

window.ClickDefender.init({
  apiKey: 'YOUR_API_KEY',
  endpoint: 'https://www.clickdefender.app',
  honeypotSelector: '.cd-honeypot'  // Enable honeypot detection
});

Debug Mode

See what ClickDefender is tracking

Enable debug mode to see console logs during development:

window.ClickDefender.init({
  apiKey: 'YOUR_API_KEY',
  endpoint: 'https://www.clickdefender.app',
  debug: true  // Logs events to browser console
});

Google Ads IP Exclusions

Block fraudsters from seeing your ads

Go to your property in ClickDefender and click "Export Blocklist"
Download the CSV file containing blocked IP addresses
In Google Ads, go to Settings → Additional settings → IP exclusions
Enter the IP addresses from your blocklist (up to 500 per campaign)
Repeat weekly to keep your exclusions up to date

Pro tip: Export and update your blocklist weekly for best results. Fraudsters often rotate IPs, so fresh data is essential.

Frequently Asked Questions

Will this slow down my website?

No. The script loads asynchronously and is only 5KB gzipped. It has zero impact on your page load time or Core Web Vitals.

Does this block real customers?

Our detection rules are tuned to minimize false positives. We only flag visitors with multiple suspicious signals. Legitimate users almost never trigger fraud detection.

Is it GDPR compliant?

Yes. We don't store personal data—only hashed IP addresses and anonymous behavioral signals. No cookies are used for tracking. Our service qualifies as fraud prevention (legitimate interest).

How is this different from Google's invalid click detection?

Google catches some fraud but their refunds are often partial and delayed. ClickDefender provides real-time protection, detailed analytics, and proactive blocking before clicks cost you money.

Ready to stop click fraud?

Start protecting your ad spend in under 60 seconds.

Quick Start

1Create a Property

After signing up, go to your Dashboard and click "Add Property". Enter a name for your website and optionally the domain.

2Copy Your Tracking Code

Once created, you'll see your unique JavaScript snippet. Copy it to your clipboard.

<script>
  (function() {
    var s = document.createElement('script');
    s.src = 'https://www.clickdefender.app/defender.js';
    s.async = true;
    s.onload = function() {
      window.ClickDefender.init({
        apiKey: 'YOUR_API_KEY',
        endpoint: 'https://www.clickdefender.app'
      });
    };
    document.head.appendChild(s);
  })();
</script>

3Add to Your Landing Pages

Paste the code in the <head> section of your PPC landing pages.

Platform-specific instructions:

WordPress: Use a plugin like "Insert Headers and Footers" or add to your theme's header.php
Shopify: Go to Online Store → Themes → Edit code → theme.liquid
Wix: Settings → Custom Code → Add to Head
Squarespace: Settings → Advanced → Code Injection → Header
Custom HTML: Add directly inside the <head> tag

Verify Installation

Visit your landing page, then check your ClickDefender dashboard. You should see events appearing within seconds. The property card will show "Active" once verified.

How It Works

Visitor Tracking

Fraud Scoring

Each visitor gets a fraud score (0-100) based on 8 detection rules. Scores above 40 are flagged as suspicious, above 70 as fraudulent. Fraudulent visitors can be automatically blocked.

Real-Time Detection

Our engine analyzes patterns in real-time: repeat clicks from the same IP, datacenter/VPN usage, impossible browser behaviors, and honeypot triggers. Fraudsters are identified instantly.

IP Blocklist Export

Export blocked IP addresses as a CSV file and upload to Google Ads IP exclusions. This prevents fraudsters from seeing your ads entirely, saving your budget.

Detection Rules

ClickDefender uses 8 sophisticated rules to detect click fraud. Each rule contributes to the overall fraud score.

Repeat Click Detection

Flags visitors who click your ads excessively. Default thresholds: 10 clicks/hour or 50 clicks/day from the same visitor.

Score impact: +20 to +30 points

Short Dwell Time

Detects visitors who leave your page suspiciously fast (under 10 seconds). Real users typically spend more time reading content.

Score impact: +20 points

No Scroll Detection

Identifies visitors who never scroll the page (less than 10% scroll depth). Legitimate visitors almost always scroll to view content.

Score impact: +15 points

Datacenter IP Detection

Flags traffic from known datacenter IP ranges (AWS, Google Cloud, Azure, DigitalOcean, etc.). Real customers don't browse from cloud servers.

Score impact: +25 points

VPN/Proxy Detection

Identifies visitors using VPN services often associated with click farms (NordVPN, ExpressVPN, Surfshark exit nodes, etc.).

Score impact: +15 points

Honeypot Trap

Hidden links invisible to humans but clicked by bots. Add a honeypot element with class="cd-honeypot" and position it off-screen.

Score impact: +40 points

Geographic Mismatch

Flags visitors from countries outside your target regions. Configure allowed countries in your property settings (Pro plan).

Score impact: +15 points

Rapid Click Pattern

Detects inhuman click speeds—clicks occurring faster than 500ms apart indicate automated bot activity.

Score impact: +25 points

Advanced Configuration

Honeypot Setup

Catch bots that click invisible links

Add a hidden element to your page that only bots will click:

<!-- Add this anywhere in your page body -->
<div class="cd-honeypot" style="position:absolute;left:-9999px;opacity:0;">
  <a href="#">Click here for discount</a>
</div>

Then enable honeypot detection in your script:

window.ClickDefender.init({
  apiKey: 'YOUR_API_KEY',
  endpoint: 'https://www.clickdefender.app',
  honeypotSelector: '.cd-honeypot'  // Enable honeypot detection
});

Debug Mode

See what ClickDefender is tracking

Enable debug mode to see console logs during development:

window.ClickDefender.init({
  apiKey: 'YOUR_API_KEY',
  endpoint: 'https://www.clickdefender.app',
  debug: true  // Logs events to browser console
});

Google Ads IP Exclusions

Block fraudsters from seeing your ads

Go to your property in ClickDefender and click "Export Blocklist"
Download the CSV file containing blocked IP addresses
In Google Ads, go to Settings → Additional settings → IP exclusions
Enter the IP addresses from your blocklist (up to 500 per campaign)
Repeat weekly to keep your exclusions up to date

Pro tip: Export and update your blocklist weekly for best results. Fraudsters often rotate IPs, so fresh data is essential.

Frequently Asked Questions

Will this slow down my website?

No. The script loads asynchronously and is only 5KB gzipped. It has zero impact on your page load time or Core Web Vitals.

Does this block real customers?

Our detection rules are tuned to minimize false positives. We only flag visitors with multiple suspicious signals. Legitimate users almost never trigger fraud detection.

Is it GDPR compliant?

Yes. We don't store personal data—only hashed IP addresses and anonymous behavioral signals. No cookies are used for tracking. Our service qualifies as fraud prevention (legitimate interest).

How is this different from Google's invalid click detection?

Google catches some fraud but their refunds are often partial and delayed. ClickDefender provides real-time protection, detailed analytics, and proactive blocking before clicks cost you money.