Statistics
Open Control panel → Statistics. First select an active domain in the Domains section — statistics are calculated for it and its subdomains (www and others are counted together).
Period and refresh
Section titled “Period and refresh”At the top you choose the range: 1 hour, 6 hours, 24 hours, 7 days, 30 days. The last data update time is shown under the heading. The Refresh button reloads the active tab.
Statistics are split into tabs — data loads only for the open tab, so switching is instant.
“Protection” tab
Section titled ““Protection” tab”The main screen: shows what the protection saved your site from during the period. Cards are compared to the previous period (▲/▼ arrow and percentage); the border color hints whether it is good or bad.
- Attacks repelled — requests with attack signatures (SQL-injection attempts, hits to
/.env,/.git, exploit paths) and hard-blocked responses. Zero is green — that’s good. - IPs banned — addresses banned at the network level (brute force, mass scanning).
- Fake search bots — requests that imitated known search engines but failed authenticity verification.
- Browser checks shown — how many times a visitor was shown the verification before reaching the site.
- Direct visits sent to verification — suspicious direct visits sent to the browser check based on a combination of signals.
- Suspicious ad clicks — visits from advertising campaigns that failed the browser check.
Below:
- Attacks over time — a chart of attack spikes. If there were no attacks, it shows “No attacks detected in this period”.
- Attacked URLs — which URLs attackers tried to exploit.
- Attack source countries — where attacks came from.
- Suspicious ad clicks — a list of IPs that arrived via an ad tag and failed verification. Use it to investigate click fraud and as evidence for a refund claim with the ad network. Note: the refund is processed by the ad network itself; we detect the bots and provide the data.
“Visitors” tab
Section titled ““Visitors” tab”Who actually visits the site (real humans separated from bots).
- Cards: unique visitors, unique IPs, total requests, successful responses (2xx), backend errors (5xx).
- Unique visitors — real browsers that passed the check (by browser fingerprint). This is the closest estimate to actual people, so the number is usually noticeably lower than “unique IPs” — it counts only confirmed browsers. Available when browser protection is enabled.
- Unique IPs — the number of distinct non-bot IP addresses. A rough estimate: one IP can be shared by many people (common Wi-Fi, mobile carrier, office), and bots with a spoofed User-Agent are included. So the value is inflated and does not equal the number of people.
- Request and response counters (2xx/5xx) count the site itself only — internal protection responses (the browser-check page) are excluded.
- Humans and bots — a stacked chart: total volume along the top edge, with layers by category inside (humans, search engines, AI bots, social networks, SEO crawlers, monitoring, scanners). Hovering shows the value per category.
- Top pages — the most visited pages (humans only, excluding bots and static assets).
- Referrers — external sites that visitors come from.
- Visitor countries, browsers, operating systems — the audience profile. Tables have a share bar and a percentage column.
“Site health” tab
Section titled ““Site health” tab”Availability and speed.
- Response time (p95) — the 95th percentile of your backend response time: 95% of requests completed within this time.
- Backend errors (5xx) — failures on the origin server side.
- Cache hit ratio — the share of requests served from the WebShield cache without hitting the backend.
- Served from cache — saved origin-server traffic.
- Backend response time — a p50/p95 chart over time.
- Search engines — a table with crawl status: 🟢 crawling normally, 🟡 has errors, 🔴 hitting protection, gray — no visits for a while. Here you can see whether Yandex and Google index the site correctly.
“Traffic” tab
Section titled ““Traffic” tab”Data volumes over time:
- Traffic usage this period — how much has been served during the current billing period and the share of the plan’s limit (progress bar: green — fine, amber — close to the limit, red — exceeded). If the plan has no limit, only the consumed volume is shown. Billing counts outgoing traffic (served to visitors); this is the counter it runs off.
- Traffic by host — a breakdown across the apex and subdomains (for example
docsorwikiwith a static site): how much was sent (outgoing) and received (incoming) per host. Helps you see what consumes the volume. - Total requests — load dynamics.
- Traffic: user → WebShield and WebShield → backend. If incoming traffic is noticeably larger than traffic to the backend, the cache and protection layer reduce origin load.
“Bots (details)” tab
Section titled ““Bots (details)” tab”A technical breakdown for advanced users: top bots by name. Categories and the bot summary are on the “Visitors” tab.
How to use this
Section titled “How to use this”- A recurring spike in “Attacks over time” or a rise in “direct visits sent to verification” is a reason to enable a stricter mode (captcha) in the domain’s proxy settings.
- If “suspicious ad clicks” appear during an active campaign, export the IPs and file a refund claim with the ad network.
- A red or yellow status under “Search engines” — check the search-bot exceptions in the settings so indexing is not hindered.
- Related sections: CDN and protection, Site under attack.