Configuring Web Client (Shape JS Integration)


  • This article provides guidance for configuring Shape JS. It assumes that you have already enabled a Proxy Service for your Application, enabled Shape Defense, and configured the protected endpoints.

Return to Integrating Shape Defense


  • Shape Defense for Web


Accessing Shape Defense UI

To access the JavaScript Configuration screen, go to:

Configs -> Proxy / App Management -> For a particular application, click Edit.

Choose: HTTPS (443/443) HTTP (80/80) -> Shape Defense tab


JavaScript Insertion Service Configuration


  1. Shape JavaScript Path - a unique path (should not be already used within your page), will be used to insert Shape JS. Do not use terms "shape", "silverline", or similar terms indicating a security purpose for the script.
  2. JavaScript Insert Location - specifies where in the page Shape JS should be inserted.
    • Choices are:
      • Before the first <script> 
      • After <head> (preferred option)
      • After </title>
      • None - The script tag will be inserted by the customer, at the application origin.
  3. Insert JavaScript Telemetry tag in <body> Checkbox - this will separate ASYNC portion of Shape JS, and insert it into the <body> of the page, to execute after the non-Shape spirits had executed. This improves performance, but may impact efficacy of the system.
  4. Additional Protected Endpoint Domain & Path - This section is relevant to websites where HTML page sends a protected POST to a URL on a different domain. For instance will post to  This section facilitates handling of Cross Origin Resource Sharing (CORS). Refer to this detailed guide:  Protect CORS POSTs using Shape Defense
  5. JavaScript Insertion - Excluded Paths - Defines page URLs where Shape JavaScript should not be inserted.


This will skip the page from Shape JS insertion.


Resulting Changes to Your Webpage

The configuration settings mentioned above would lead to the insertion of 3 ShapeDefense JavaScript tags inside your web page. The positioning of the insertion depends on your Javascript Insertion Location settings. 

For example:


In this scenario the three  "/js/test.js" tags were inserted after the <head> tag.


After Shape Defense is configured in the Silverline Portal and JavaScript Client is properly setup, proceed to the Testing and Validation steps.


*Note : If CDN such as CloudFront is utilized before Silverline, ensure that the Shape JS file is excluded from caching configuration. 


Related Content

Return to Integrating Shape Defense


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request