Validate Shape Defense Web Integration


  • This article will provide steps to validate your Shape Defense website integration. 
  • How do you confirm the JS is being injected into the site?

Return to Integrating Shape Defense



  • Shape Defense for Web


For all the tests below, spoof your local host file to the Silverline generated CNAME. For more information, see How to Test the Silverline Proxy Using 'hosts' File on Windows PC


Test Case 1: Shape JS is inserted on every HTML page

1. Open an incognito window and open the Network tab in Developer tools

2. Filter for the JS tag and inspect the network requests. 

3. Navigate to your website.

4. There will be a total of 3 requests with the following query string parameters, ?matcher, ?cache, ?async

5. Click on the ?matcher JS and look at the response. The response should define all the protected URL patterns that you have configured in your Shape Defense Protected URL configuration. This is how Shape JS knows which URLs to decorate.




Test Case 2: Shape telemetry attached to protected endpoint

Shape will inject JavaScript on every path on the proxy's configured FQDN but will only enable protection for the protected URLs that are explicitly defined in the portal.

1. Open Network tab in Developer tools

2. Filter the POST request

3. Navigate through the flow to hit the protected URLs

4. Verify that the Shape headers are seen as part of Headers or Form body

5. Verify that the traffic is marked as Human on the Shape Defense Summary UI. View transactions in Shape Defense Summary dashboard





If either of the tests above fail, investigate the root cause, or contact Silverline SOC  (


Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request