Enterprise conversations get a calendar
The Enterprise plan and contact page now offer a direct book-a-15-min-call link alongside the contact form — pick a slot instead of waiting on an email thread.
Every update, improvement, and fix — in one place. We ship constantly. Here's what's been happening.
/v1/evaluate, shares the per-key 1,000/hour quota, documented in the OpenAPI spec. Lookups appear in your dashboard alongside session evaluations.@sentinelsup/mcp) that gives AI assistants two tools: lookup_ip for live fraud verdicts on any IP, and service_status for API health. One-line setup with a free API key — or use the hosted endpoint at https://sntlhq.com/mcp with no install at all..html suffixes, trailing slashes) now 301-redirect to a single canonical form on every page, consolidating link equity and eliminating duplicate-content ambiguity.X-Powered-By header, added Cross-Origin-Opener-Policy, and de-duplicated CSP origins across all responses.Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0 plus CDN-specific no-store headers. Previously pages were cached at the Cloudflare edge for 30 minutes (max-age=1800), so nav and footer fixes were invisible to visitors until the CDN TTL expired. Static assets retain their long-lived cache headers.showDefaultResult() could route into the first-paint inconclusive branch of showScannerResult() (when __sentinelInconclusiveSeen was still false), showing “Analysing connection…” with a pending circle and then returning early — leaving the panel frozen forever because no subsequent timer would fire. Fixed by setting __sentinelInconclusiveSeen = true inside showDefaultResult() before the scan result call, ensuring it always reaches the second branch (“Network identified”) as a final state.showScannerResult() returned early before calling setDetail(), leaving VPN / Proxy / Datacenter / Tor Exit / Country / Risk Score all frozen on the loading ellipsis. The early return now populates all six fields (CLEAR for network flags, country flag + code, amber 50 for risk score) and calls resolveDeviceFallback() so the Device Intelligence row also fills from server-side UA data.overflow:hidden on .scanner-widget clips any overflow; min-width:0; word-break:break-all; flex-shrink:1 on .result-row-val lets flex items shrink and wrap; align-items:flex-start on .result-row handles multi-line IP values. Route mismatch JS also fixed: replaced <br> inside inline-flex (broken) with a proper column layout, and fixed mojibake ↳ arrow.msg.textContent does not parse HTML entities, so “Verified residential — you’re clean.” and “Analysing connection…” were displayed verbatim with the entity codes visible. Replaced with actual Unicode characters (em dash, right single quotation mark, ellipsis). ISP/Service logo chip also fixed: generic names (Mobile ISP, Residential ISP, Mismatched route, etc.) no longer render a fallback “M” initial chip — unrecognized brand names are now shown as plain text only.▌ across all browsers. Replaced all three instances with the correct UTF-8 character.content-visibility:auto with contain-intrinsic-size to .value-props, .features-section, and .proof-section — browser skips off-screen layout and paint on first render, measurably reducing LCP on long pages. (3) Upgraded flagcdn.com from dns-prefetch to preconnect, eliminating the full DNS + TCP + TLS handshake before the first flag image renders in the scanner.box-shadow: 0 0 0 1px rgba(204,255,0,0.12)) alongside the existing lift animation. Article count updated to 34.setTimeout(load, 3000) as a safety throttle. Since loadDeviceIntel already awaits the SDK promise, the timeout just stalled the DI panel for 3 full seconds on every dashboard open — even on fast connections. Changed to load() (immediate). Client-side fetch to /api/device-intel now has AbortSignal.timeout(8000) so the DI panel fails gracefully instead of hanging if the upstream device-intelligence API is slow.bcrypt.hashSync inside a db callback, synchronously blocking the event loop on every first-time Google login. Replaced with await bcrypt.hash() in an async callback. guard.js: Cache-Control changed from no-store to public, max-age=604800, immutable — saves a round-trip on every page load. crypto: parseUaIntel was calling require('crypto') on every invocation; changed to use the module-level crypto import.npm audit now reports 0 known vulnerabilities.sitemap.xml with priority 0.95 and a May lastmod. Bumped homepage, blog index, and changelog lastmod to 2026-05-09 so Google and Bing recrawl. Refreshed /llms.txt with the new posts surfaced for ChatGPT/Claude/Perplexity citation discovery, plus an expanded "Capabilities" block that explicitly names ChatGPT Atlas / Claude Computer Use detection. Updated blog-index BlogPosting JSON-LD list with the new headlines./api/newsletter with deduplication, fires generate_lead in GA4 on success. Same pattern as the existing post fleet — consistent capture surface across the blog.dch as ground truthdch) to distinguish stale-cache verdicts from real VPN traffic. Matched IPs + vpn=true + residential ASN → CLEAN (cache residue from a previous VPN session). Route mismatch + datacenter ASN → DETECTED (real VPN exit even if our IP DB doesn't have it pinned by name). Eliminates the false-PROTON-VPN labels on residential IPs after VPN toggles, and catches real VPN exits our per-IP database hasn't ingested yet.?_rescan=<ts> query so no cache layer (browser disk, BFCache, service worker, Cloudflare edge) can serve stale state. /api/verify calls now also send a fresh nonce per request and explicit cache: 'no-store'.A.B.C.D via CF + ↳ X.Y.Z.W via edge (VPN exit). The split itself is recorded, and the verdict reflects the underlying ASN signals rather than guessing.scanInconclusive=true twice. Bot poll now waits the full 4-second window and uses the LATEST device token (catches the engine's mid-window assessment refresh). Master 5-second safety timeout force-resolves if anything else stalls. Loading panel cross-fade switched from absolute positioning to CSS grid stacking — no more overflow behind the scanner foot when the details panel expands.SCANNING… indefinitely. Hard 3-second timeout now resolves the row to a neutral state. Verify endpoint distinguishes "SDK genuinely blocked" (private/missing IP) from "stale public IP" so the panel paints an honest verdict either way.", " empty value, which read as broken-rendered output if a visitor opened the details panel during the bot-poll window. Replaced all 12 placeholders with "…" so the loading state reads as loading.cubic-bezier(0.22, 1, 0.36, 1) easing on opacity and Y-translate. Score-circle pops with a soft bounce. Result rows cascade in at 40/100/160/220 ms. Detail-grid items fade in staggered when the panel expands. Header colour swaps go through 0.4 s eased transitions instead of instant — feels like a polished SaaS product, not a 90s page reload.script-src, worker-src, and connect-src directives updated for the device-intelligence subdomain./login and /signup on phones (top-bar + split-panel brand rendered twice). Fixed horizontal overflow on the blog listing for small screens — comparison-table text scales down instead of clipping, CTA buttons stack full-width, tight containers no longer push content past the viewport on ≤420 px devices.BreadcrumbList JSON-LD alongside the existing Article and FAQPage schemas. Qualifies every post for breadcrumb rich snippets in Google SERPs and tightens site-wide structured-data coverage.<head> before scripts parse (saves 50-200 ms cold) and stale-while-revalidate paints cached state instantly on returning visits. Redundant /api/user 2FA fetch removed. Device-intel call now uses requestIdleCallback. Login page preconnects accounts.google.com and prefetches /dashboard.prefers-reduced-motion.onmouseover to CSS :hover — no flicker on filter changes.text-transform:uppercase so "IP Lookup" and "Integrations" read cleanly. Added a 400-px breakpoint for tiny phones; CTA buttons stack full-width; footer columns wrap to two-across.sameAs schema to integrations, privacy, terms, cookies, login, signup, and forgot-password. Removed noindex from legal pages — they were in the sitemap but blocked from indexing, inconsistent SEO signal now resolved.CF-Connecting-IP is used only when the token couldn't resolve (antidetect browser blocking the SDK). Result: toggling VPN on/off now shows correctly every time.crypto.randomBytes.:focus-visible accent outlines on all interactive elements. Skip-to-content link on every page. Contact form labels properly associated with inputs. Heading hierarchy violations fixed.<main> landmarks to all pages, removed user-scalable viewport restrictions, and improved ARIA labels across 34 pages for better screen reader and keyboard navigation support./api/device-intel combining device smart signals with network intelligence. Returns a unified risk score with device-level and network-level signals in a single call.