The Veritus widget is the fastest way to add signup fraud scoring to an existing site. Paste a <script> tag in your <head>, tag your form, done. Works on WordPress, Webflow, Wix, Squarespace, plain HTML — anywhere you control the page source.
<head>Add the script tag to every page that contains a form you want protected. Most sites have a single header template, so this is a one-line change.
Add data-veritus="signup" to any form you want scored. The widget hooks the submit event and scores before letting the form through.
The widget reads the standard form fields by name, plus any extras you specify, posts them to Veritus, and acts on the verdict before letting the original submit fire.
Original submit fires immediately. User sees no delay beyond the ~73 ms scoring call. Verdict logged silently to your dashboard.
Submit fires (user sees normal success message) but the signup is flagged for review in your dashboard. Decide later whether to keep or remove the account.
Submit is cancelled. User sees a friendly message (customisable) inviting them to try again or contact support. Verdict logged for your review.
Tune the widget’s behaviour per form by setting data-* attributes on the <form> tag. Sensible defaults mean you usually don’t need any.
| Attribute | Default | Meaning |
|---|---|---|
data-veritus | — | Form type. Required. Values: signup, login, password-reset, contact. |
data-on-block | show-message | What to do on a block verdict: show-message, redirect, silent, or a JS function name. |
data-on-review | allow | Whether to submit anyway on review verdict (allow) or hold (block). |
data-on-fail | allow | What to do if Veritus is unreachable: allow (fail-open), block (fail-closed), review (queue all). |
data-block-message | friendly default | The text shown to the user on block. Plain text or an element ID to display. |
data-extra-fields | — | Comma-separated list of extra form field names to include in the payload. |
data-form-id | auto | Override the form identifier sent to Veritus. Lets you split metrics by form. |
The widget looks for common field names and maps them to Veritus payload keys automatically. You don’t need to rename your form fields.
email, mail, e-mail, user_email, useremail, login_email
phone, tel, telephone, mobile, mobile_number, phone_number
name, full_name, fullname, first_name + last_name
address1 + city + postcode + country (with common aliases)
The widget sets no third-party cookies and tracks no users across the web. It only acts when a tagged form is submitted. The payload sent to Veritus contains only the form fields plus behavioural signals from that one form interaction; no browsing history, no fingerprinting beyond what is needed for scoring.
Passwords are never sent in plaintext. If your form has a password field, the widget computes a SHA-1 prefix locally and only sends the first five characters — enough for the k-anonymity breach check, not enough to recover the password.
No credit card, no trial countdown, no expiry. Every account gets 1,000 fraud checks per month for life. Upgrade when you outgrow it.