Enforce a lightweight, invisible check to confirm the client is a real web browser used by a human.
When enabled, first-time visitors briefly run a small JS task (WebCrypto + DOM probe).If it succeeds, the server issues a short-lived, signed cookie and the user proceeds without captchas.
Headless scripts and basic bots usually fail or are rate-limited.This feature is available with v4.50 Service Pack 6 or in v4.50 Service Pack 5 Hotfix 20251012-15
Notes: Static assets and health endpoints can be excluded; no personal data is collected; works transparently for legitimate users.
Be aware that some bots (Google, ChatGPT, etc.) are capable of interpreting JavaScript and can bypass this barrier.
- Go to your Reverse-Proxy services and search the reverse-proxy rule.
- On the General Settings tab, select the
Signed JavaScript Browser Challengelink. - Turn on the feature
