Skip to content

Statistics

Open Control panel → Statistics. First select an active domain in the Domains section — statistics are calculated for it and its subdomains (www and others are counted together).

At the top you choose the range: 1 hour, 6 hours, 24 hours, 7 days, 30 days. The last data update time is shown under the heading. The Refresh button reloads the active tab.

Statistics are split into tabs — data loads only for the open tab, so switching is instant.

The main screen: shows what the protection saved your site from during the period. Cards are compared to the previous period (▲/▼ arrow and percentage); the border color hints whether it is good or bad.

  • Attacks repelled — requests with attack signatures (SQL-injection attempts, hits to /.env, /.git, exploit paths) and hard-blocked responses. Zero is green — that’s good.
  • IPs banned — addresses banned at the network level (brute force, mass scanning).
  • Fake search bots — requests that imitated known search engines but failed authenticity verification.
  • Browser checks shown — how many times a visitor was shown the verification before reaching the site.
  • Direct visits sent to verification — suspicious direct visits sent to the browser check based on a combination of signals.
  • Suspicious ad clicks — visits from advertising campaigns that failed the browser check.

Below:

  • Attacks over time — a chart of attack spikes. If there were no attacks, it shows “No attacks detected in this period”.
  • Attacked URLs — which URLs attackers tried to exploit.
  • Attack source countries — where attacks came from.
  • Suspicious ad clicks — a list of IPs that arrived via an ad tag and failed verification. Use it to investigate click fraud and as evidence for a refund claim with the ad network. Note: the refund is processed by the ad network itself; we detect the bots and provide the data.

Who actually visits the site (real humans separated from bots).

  • Cards: unique visitors, unique IPs, total requests, successful responses (2xx), backend errors (5xx).
    • Unique visitors — real browsers that passed the check (by browser fingerprint). This is the closest estimate to actual people, so the number is usually noticeably lower than “unique IPs” — it counts only confirmed browsers. Available when browser protection is enabled.
    • Unique IPs — the number of distinct non-bot IP addresses. A rough estimate: one IP can be shared by many people (common Wi-Fi, mobile carrier, office), and bots with a spoofed User-Agent are included. So the value is inflated and does not equal the number of people.
    • Request and response counters (2xx/5xx) count the site itself only — internal protection responses (the browser-check page) are excluded.
  • Humans and bots — a stacked chart: total volume along the top edge, with layers by category inside (humans, search engines, AI bots, social networks, SEO crawlers, monitoring, scanners). Hovering shows the value per category.
  • Top pages — the most visited pages (humans only, excluding bots and static assets).
  • Referrers — external sites that visitors come from.
  • Visitor countries, browsers, operating systems — the audience profile. Tables have a share bar and a percentage column.

Availability and speed.

  • Response time (p95) — the 95th percentile of your backend response time: 95% of requests completed within this time.
  • Backend errors (5xx) — failures on the origin server side.
  • Cache hit ratio — the share of requests served from the WebShield cache without hitting the backend.
  • Served from cache — saved origin-server traffic.
  • Backend response time — a p50/p95 chart over time.
  • Search engines — a table with crawl status: 🟢 crawling normally, 🟡 has errors, 🔴 hitting protection, gray — no visits for a while. Here you can see whether Yandex and Google index the site correctly.

Data volumes over time:

  • Traffic usage this period — how much has been served during the current billing period and the share of the plan’s limit (progress bar: green — fine, amber — close to the limit, red — exceeded). If the plan has no limit, only the consumed volume is shown. Billing counts outgoing traffic (served to visitors); this is the counter it runs off.
  • Traffic by host — a breakdown across the apex and subdomains (for example docs or wiki with a static site): how much was sent (outgoing) and received (incoming) per host. Helps you see what consumes the volume.
  • Total requests — load dynamics.
  • Traffic: user → WebShield and WebShield → backend. If incoming traffic is noticeably larger than traffic to the backend, the cache and protection layer reduce origin load.

A technical breakdown for advanced users: top bots by name. Categories and the bot summary are on the “Visitors” tab.

  • A recurring spike in “Attacks over time” or a rise in “direct visits sent to verification” is a reason to enable a stricter mode (captcha) in the domain’s proxy settings.
  • If “suspicious ad clicks” appear during an active campaign, export the IPs and file a refund claim with the ad network.
  • A red or yellow status under “Search engines” — check the search-bot exceptions in the settings so indexing is not hindered.
  • Related sections: CDN and protection, Site under attack.