Opportify Fraud Protection Script

A lightweight, zero-dependency client-side script that silently instruments your HTML forms to detect and score fraud risk, bots, and automated submissions — all in real time, with a single <script> tag.

Features

Detection Signals

Automation tool detection — identifies Playwright, Puppeteer, Selenium, PhantomJS, and similar headless tools via 20+ browser environment probes
Bot user-agent analysis — classifies bots, crawlers, AI agents, and known scraping libraries
UA consistency check — cross-references navigator.userAgent, navigator.platform, and userAgentData.platform to catch naive spoofing
Honeypot trap — injects an invisible field; any submission that fills it is flagged
Typing speed & pattern analysis — detects abnormally fast, uniform, or programmatic keystrokes
Interaction provenance classification — distinguishes human typing, browser autofill/password managers, and programmatic injection
Gibberish content detection — flags inputs with nonsense strings (low vowel ratio, consonant runs, etc.)

Form Management

Automatic form instrumentation — every <form> on the page is discovered and protected on load
Dynamic form support — MutationObserver detects forms injected by React, Vue, htmx, or any framework after page load
Submit token injection — injects opportifyToken and opportifyFormUUID as hidden fields so submissions are cryptographically tied to a verified session
Submit interception — optionally intercepts submit events and proxies the POST to Opportify, eliminating the need for a backend proxy

Post-Submit UI Modes

redirect — POST-redirects the user to a configurable success URL
replace-success — hides the form and reveals a success element
message-success — reveals a success message element

Platform Support

Webflow — native integration: detects Webflow DOM structure and triggers the built-in .w-form-done / .w-form-fail success/error states automatically
Any HTML page — plain HTML, React, Vue, Angular, htmx, and any other framework

Browser Compatibility

Browser	Minimum version
Chrome	57
Edge	79
Firefox	52
Safari	11
iOS Safari	11
Samsung Internet	7.4

Server-side rendering

The script is browser-only. It safely no-ops in any non-browser environment (SSR, Node.js, Deno) — all entry points guard against typeof window === 'undefined'.

Quick Start

Add the script to every page that contains a form you want to protect. Replace YOUR_PUBLIC_KEY with the key from your Opportify Admin Console.

<!-- In <head> — load before first user interaction -->
<script
  src="https://cdn.opportify.ai/f/v1.2.0.min.js"
  data-opportify-key="YOUR_PUBLIC_KEY"
  async
></script>

<!-- Your form — action points to your Opportify endpoint -->
<form action="https://api.opportify.ai/intel/v1/submit/YOUR_ENDPOINT_ID" method="POST">
  <input name="name"    type="text"  placeholder="Your name"  required />
  <input name="email"   type="email" placeholder="your@email.com" required />
  <textarea name="message" placeholder="Your message" required></textarea>
  <button type="submit">Send</button>
</form>

That's it. The script handles the rest.

Features​

Detection Signals​

Form Management​

Post-Submit UI Modes​

Platform Support​

Browser Compatibility​

Quick Start​

Links​