What are those "verifying your device" pages for?

From Helpful
Jump to navigation Jump to search


There is a newish trend of CDNs inserting an intermediate page (a.k.a. interstitial page) before they actually show you the content.


That intermediate page says often says something like "verifying your device".

Sometimes you need to interact - e.g check a checkmark - with it to be shown the actual page.


tl;dr:

There is nothing unverified about your device,
it's not actually checking a whole lot,
and none of the possible checks are necessary for the user.
This seems to mostly be the "I want only people, not scripts, to see my site" kind of DDoS protection

...where a DDoS is lot of computers requesting a single resource so that it becomes hard to reach. Frankly, with increasing broadband speeds, even a single user can drive up someone's hosting traffic to go to over a monthly quota (which is sometimes priced a bit scammy).


What CloudFlare calls Browser Integrity Check is, they say, looking at "common HTTP headers abused most commonly by spammers" but that header seems to primarily be 'the browser you are using'.

While bots and scripts usually reports being a bot / script, they can be made to lie to say it's a browser, so they are probably doing some slightly unusual things just to throw off most dumb scraping scripts.


The second or two of pause and the animated checkmark seem to primarily be security theater, in that it probably does nothing

other than tell the site owner this feature is working,
and be a little ad space for the CDN itself.


Notes:

so they can remember who they approved and not do this on every visit.
  • they seem to be too dumb to realize being behind VPNs is valid,
as they trigger way more easily, presumably based on IP address.
  • specific non-standard browsers seem to also trigger this.
  • it may interfere with privacy protection plugins.
  • there are variants that fail on slower computers
(possibly because they seem to be doing some kind of proof of work).
  • ...and there are variants that will rate-limit the speed you browse a site
you better hope you're not reading documentation, because that will be made almost unusable
Retrieved from "https://helpful.knobs-dials.com/index.php?title=What_are_those_%22verifying_your_device%22_pages_for%3F&oldid=95977"