Visitors
Browse every visitor with their trust score, risk signals and status, filter and search, and drill into a full security profile.
Overview
The Visitors page lists every visitor and their security data, sorted by trust score (lowest first) so the riskiest are at the top. Use it to investigate a specific person, spot patterns, or audit your overall posture. A date filter on last seen limits the list (default: last 30 days).
Filtering and search
Open Filters to narrow the list by:
| Filter | Purpose |
|---|---|
| Email / Name / Username | Find a specific visitor |
| Status | Low trust, Allowed, or Blocked |
| Widget | Show visitors from one widget |
When you arrive from an Overview tile or a top risk signal, the list opens pre-filtered and shows a removable chip describing it — for example Filtered by rule: … or Trust score ≤ …. Remove the chip to clear that filter.
Columns
| Column | Description |
|---|---|
| Trust | Colour-coded score badge. It reads green Allowed or red Blocked when a decision is set, otherwise it shows the trust band. |
| Visitor | Name (or "no email") — click to open the security profile |
| Location / IP | Country flag and most recent IP address |
| Widget | Which widget the visitor used |
| Signals | How many risk signals fired, plus the top one. Hover to see each signal's score impact. |
| Last seen | When the visitor was last active |
Use View on any row to open the full profile.
Bulk actions
Select several visitors with the checkboxes to Allow, Block, or Clear status in one go (up to 200 at a time). Blocking in bulk asks for confirmation first, since it blocks those visitors from chat.
Visitor security profile
Click a visitor to open their profile.
Identity and actions
The header shows the visitor's name, trust score badge, status, plan/value (if set), country, key dates, and visitor ID. The action buttons depend on the current status:
- Allow — mark as trusted; a permanent exemption — the visitor is never auto-blocked again even if the score drops, and only a teammate can undo it
- Block — block the visitor org-wide in one click, no confirmation. This is a full block (no chat at all). Beyond live chat, it also refuses inbound voice calls from any phone number on the visitor's record — the call is hung up before Telnyx answers, so there's no ring-through and no per-minute billing.
- Clear status — remove a manual decision and revert to automatic scoring (shown only when a status is set)
"This visitor is blocked"
If the visitor is currently blocked, a red banner explains why, because a visitor can be blocked by two independent sources:
- Blocked by Security — an automatic block. Security always applies a full block (no chat at all). Clear it with Clear status or Allow at the top of the profile.
- Manual ban — banned by an agent from the inbox, at either level: Block from agents (keeps the AI but can't reach a human) or Block completely. Manual bans can be timed — when the duration ends, the ban lifts on its own. Lift one early with the Remove manual ban button in the banner — it only appears while an open manual ban exists.
If both apply, you'll need to clear both sources before the visitor can chat again — and both can now be cleared from this page.
Trust score and breakdown
A trust scale shows where the score sits between your block and low-trust lines. Below it, a score breakdown explains the number: it starts at the baseline of 50 and lists every signal that raised or lowered it, with the running total. Each signal is tagged either Permanent or Expires in N days — weak risk signals fade after 30 days if the behaviour stops, while attack-grade signals and earned trust are permanent.
Activity
Six tiles summarise the visitor's behaviour: Sessions, Events, Countries, IP addresses, Rage clicks, and Errors (console + network). Rage clicks and errors are shown for context only.
Risk signals
Every signal that has fired for this visitor, each with the context that triggered it (for example which countries or how many IPs), its score impact, and when it fired.
Linked visitors
Other visitors who share the same device fingerprint or IP address with this one. Each shows their trust score, name, status, a Same device / Same IP tag, device, and country — handy for spotting multiple accounts run by one person, shared office devices, or coordinated activity. Click to jump to any of them.
Device and network
The visitor's current device (browser, OS), current IP, and location (city, region, country) derived from connection headers. Expandable lists show all Known IPs and Known devices seen for this visitor.
Recent sessions and events
A list of the visitor's most recent sessions (date, device, IP, country) and a timeline of their most recent SDK events (type, time, and URL) — so you can see exactly what they were doing around any risk signal.