Visitors
Browse all visitors with their trust scores and review statuses, filter by risk level, and drill into individual security profiles.
Overview
The Visitors page gives you a searchable, filterable list of every visitor and their security data. Use it to investigate specific visitors, find patterns, or audit your security posture.
Filtering Visitors
The page provides two rows of filters:
Date & Widget Filters
- Date range — Limit results to visitors seen within a specific time period
- Widget — Focus on visitors from a specific widget
Search & Status Filters
| Filter | Purpose |
|---|---|
| Search | Find a specific visitor by email address or name |
| Status | Filter by review status: Pending review, Whitelisted, or Blacklisted |
| Min / Max score | Set a trust score range to find visitors in a specific risk bracket |
Click Clear filters to reset all filters at once. The total result count is shown on the right.
Visitor Table
The table displays one row per visitor with these columns:
| Column | Description |
|---|---|
| Trust Score | Color-coded badge showing the visitor's current score |
| Visitor | Email or name (click to open the full security profile) |
| Status | Current review status badge (Normal, Pending Review, Whitelisted, or Blacklisted) |
| Country | The visitor's detected country |
| Last IP | Most recent IP address, with TOR/VPN/Proxy badges if detected |
| Device | Parsed device label (browser + OS) |
| Sessions | Total number of sessions for the visitor |
| Signals | Number of risk signals triggered for this visitor |
| Last Seen | When the visitor was last active |
Results are paginated with 50 visitors per page.
Visitor Security Profile
Click any visitor's name to open their detailed security profile. The profile page includes:
Identity & Actions
At the top you'll see the visitor's name or email, trust score, review status, and whether they're currently banned. Action buttons let you:
- Whitelist — Mark as trusted (overrides automatic flagging)
- Blacklist — Block the visitor
- Clear status — Remove any manual override and revert to automatic scoring
Risk Signals
A detailed list of every risk rule that has been triggered for this visitor. Each signal shows:
- The rule name and category (Account Takeover, Behavior, Bot Detection, IP, Blacklist)
- Context data (e.g., which countries changed, how many IPs were used)
- The severity weight of the signal
- When it was triggered
Activity Stats
Aggregated data about the visitor's behavior:
- Total countries, IP addresses, and devices used
- Session count and total events
- Rage click count, console errors, and network errors
- List of all countries the visitor has been seen from
Device & Network Intelligence
Detailed information about the visitor's current and historical device/network fingerprint:
- Current device — Parsed browser, OS, and device type
- Current IP — IP address with ASN details (autonomous system number and organization)
- Network risk flags — Badges for TOR, VPN, Proxy, or Hosting/datacenter IPs
- Location — City, region, country, and timezone derived from IP
- Known IPs — All IP addresses this visitor has ever used
- Known devices — All device/browser combinations seen for this visitor
Linked Visitors
Shows other visitors who share the same IP address or device fingerprint with the current visitor. This helps identify:
- Multiple accounts operated by the same person
- Shared devices in an office or household
- Coordinated suspicious activity across accounts
Each linked visitor shows their trust score, review status, device, country, and session count. Click any linked visitor to jump to their profile.
Recent Sessions
A chronological list of the visitor's most recent sessions, each showing:
- Timestamp, device type, and parsed device label
- IP address with network risk badges (TOR/VPN/Proxy/Hosting)
- Country
Recent Events
A timeline of the visitor's most recent SDK events, showing the event type, timestamp, and associated URL or country. Use this to understand exactly what the visitor was doing leading up to any risk signals.