What are those "verifying your device" pages for?

From Helpful
Revision as of 23:54, 22 March 2024 by Helpful (talk | contribs)
Jump to navigation Jump to search


There is a newish trend of CDNs inserting an intermediate page before they actually show you the content.

That intermediate page says it is verifying your device.

Sometimes you need to interact - e.g check a checkmark - with it to be shown the actual page.


tl;dr:

There is nothing unverified about your device, there is nothing much it's checking.
This seems to mostly be the "I only want people, not scripts, to see my site" kind of DDoS protection


What's DDoS?

A lot of computers requesting a single resource so that it becomes hard to reach.

Frankly, with increasing broadband speeds, even a single user can drive up someone's hosting traffic to go to over a monthly quota (which is sometimes priced a bit scammy),

You can do that from a script that just fetches it over and over and does nothing. That script usually reports as a script, but can be made to lie to say it's a browser.


What CloudFlare calls Browser Integrity Check is, they say, looking at "common HTTP headers abused most commonly by spammers" but that header seems to primarily be the browser you are using.

Presumably they do the "go to actual site" step in scripting, in a somewhat unusual way, so that it blocks most dumb scraping scripts.

The second or two of pause and the animated checkmark seem to primarily be security theater, in that it probably does nothing other than tell the site's owner it's working, (and be a little ad space for the CDN itself).


Hopefully it does not block more than a few real users.

One problem is that specific non-standard browsers also trigger this.

Another problem is that it may interfere with privacy protection plugins.

Retrieved from "https://helpful.knobs-dials.com/index.php?title=What_are_those_%22verifying_your_device%22_pages_for%3F&oldid=94514"