Case StudiesDocsBlogContact
Log InGet started
Product Updates

Changelog

Every update, improvement, and fix — in one place. We ship constantly. Here's what's been happening.

July 2026 17 updates
Enterprise conversations get a calendar
The Enterprise plan and contact page now offer a direct book-a-15-min-call link alongside the contact form — pick a slot instead of waiting on an email thread.
Look up any IP — single or bulk — on the free IP Lookup tool
The IP Lookup tool now checks any public IPv4 or IPv6 address, not just your own connection: live allow/review/block verdict, risk score, VPN/proxy/Tor/datacenter/anonymity signals, and network attribution. The bulk tab checks up to 20 IPs at once with CSV export — free, work email required.
New API endpoint: GET /v1/lookup/{ip}
Programmatic verdicts for arbitrary IPs with your API key — same signal language as /v1/evaluate, shares the per-key 1,000/hour quota, documented in the OpenAPI spec. Lookups appear in your dashboard alongside session evaluations.
Sentinel MCP server — IP intelligence inside Claude, Cursor, and any MCP client
A Model Context Protocol server (@sentinelsup/mcp) that gives AI assistants two tools: lookup_ip for live fraud verdicts on any IP, and service_status for API health. One-line setup with a free API key — or use the hosted endpoint at https://sntlhq.com/mcp with no install at all.
The Fraud Brief now actually ships monthly
Subscribers get a welcome issue immediately and a monthly digest of the newest research, compiled automatically from the blog. Every email carries a one-click unsubscribe (RFC 8058) and a signed unsubscribe link — no login, no dark patterns.
Fraud Brief capture extended across the whole content library
The monthly Fraud Brief signup now appears on the blog index, every case study, all comparison pages, and the industry landing pages — not just individual blog posts. Same promise as always: one technical email a month on what fraudsters changed, no spam, unsubscribe anytime.
Operational alerting upgrade
The platform now notifies the team immediately when server-side error rates spike or the process hits an unexpected fault, on top of the existing uptime probes on /status. Faster detection, faster fixes.
IP Lookup redesigned with a two-phase scan
The free IP Lookup tool now paints your connection identity (IP, country, browser) instantly and fills deep signals — VPN, proxy, datacenter, Tor, device intelligence — as the full verdict arrives. No more staring at a spinner while everything resolves at once.
Scanner first response now answered at the Cloudflare edge
The homepage scanner's first-pass identity check is now served by an edge worker in roughly 20–60 ms instead of round-tripping to origin. The scanner paints its first result near-instantly on every continent; full verdicts continue through the origin pipeline.
Third parties moved off the homepage critical path
Analytics and session-replay tags now load on idle or first interaction instead of competing with the hero render. Motion CSS deferred the same way. Faster first paint on slow connections, identical behavior after load.
One canonical spelling per URL
Duplicate URL variants (.html suffixes, trailing slashes) now 301-redirect to a single canonical form on every page, consolidating link equity and eliminating duplicate-content ambiguity.
Homepage comparison table expanded from 5 to 11 feature rows
The capability comparison on the homepage now covers antidetect-browser detection, residential-proxy classification, device intelligence, AI-agent detection, latency, free-tier depth, and more — so the differences are visible without leaving the page.
Signups are now screened by Sentinel itself
New-account creation runs through our own verdict pipeline: per-network signup caps plus server-side anonymizer screening. Sentinel dogfooding Sentinel — the same signal set we sell now protects our own front door.
Password changes instantly revoke all previous sessions
Changing or resetting your password now bumps a per-user token epoch, invalidating every previously issued session token immediately — on all devices, with no logout lag.
Cookie banner removed
The consent banner is gone. Non-essential storage defaults to denied under Consent Mode, and ad personalization is permanently disabled — so there is nothing to ask about. Less friction, same privacy posture, faster page.
Sentinel goes light — full-site redesign
Every page — homepage, console, docs, blog, case studies, all 95 public pages — converted from the dark editorial theme to a clean light shell with lime accents. New site-wide motion layer, unified pill navigation, an editorial blog reading experience, redesigned case studies with live counting metrics, and Senti, the scanner mascot that reacts to your verdict.
Dashboard reorganized: Overview and API & Integration tabs
The console now splits at-a-glance monitoring (traffic chart, threat log, recent activity) from integration work (API key, playground, webhooks, quick-start). Device-intelligence results are now persisted and shown in dashboard lookups, so past sessions keep their full signal detail.
June 2026 15 updates
Homepage scanner: cleaner, more honest risk presentation
The semicircle risk gauge is gone, replaced by a clear score and bar in a muted enterprise style. A dedicated Device Intel row names the device-layer verdict. The demo tab now shows a genuinely clean profile (score 0) matching what the real API returns for clean traffic — no more misleading red rows on a clean scan.
Response-header hardening
Dropped the X-Powered-By header, added Cross-Origin-Opener-Policy, and de-duplicated CSP origins across all responses.
Live article feed on the blog
New research articles now land on /blog automatically via an embedded publishing feed, alongside the long-form guides. Fresh coverage without waiting for a site deploy.
Cross-browser Hardware ID with sighting counts
The device checker now keys its “times seen” count on a cross-browser Hardware ID instead of the per-browser visitor ID — switching browsers no longer resets the count. The sighting pill turns red past 5 sightings, and the count is surfaced through the API as well.
Carrier-grade NAT no longer triggers a routing-anomaly false positive
Some mobile and broadband ISPs route a single subscriber's traffic to different destinations through different public pool IPs, so our origin and the network engine can legitimately see two different addresses from one clean connection. The scanner previously read this as a routing anomaly (amber 50). It now recognizes the case — both IPs clean and announced by the same network — as carrier NAT and returns a clean result. Rotating residential proxies (different networks, or any datacenter/VPN flag) still score as detected.
Signup rate limiting per network
New accounts are now capped at 10 signups per IP address per 24 hours, throttling automated bulk account creation while leaving plenty of headroom for shared networks (offices, universities, CGNAT carriers).
Removed client-side DevTools and right-click blocking
Dropped the script that blocked F12, view-source, and the context menu. It was trivially bypassed, hurt legitimate developers inspecting the integration, and provided no real protection — the actual fraud detection runs server-side. The console self-XSS warning (“don't paste code here”) is retained.
Eliminated the white flash when navigating between pages
Every page now declares its dark canvas before stylesheets parse, so moving between pages no longer shows a brief white flash. The console-branding script was also deferred so it never blocks first paint.
Fixed stray HTML entities showing in button labels
A handful of buttons set through JavaScript (the API playground “Run Request” button, blog newsletter “Sending…” states, and a few others) were rendering raw entity codes instead of the intended characters. All now show the correct glyphs.
Signup and login pages redesigned with richer left panel and improved UX
Sign-up left panel now shows the Sentinel logo, a bold new headline, and a 4-point feature checklist (VPN/proxy/Tor detection, browser fingerprinting, 1,000 free evals/day, one-call REST API). A "Free tier included" badge and a perks row were added above the CTA. Login left panel gains three dashboard-access cards (Threat Log, API Keys, Webhooks) below the headline. Primary buttons on both pages updated to brand-accent yellow from white.
Nav links and CTA button standardized across all 77 public pages
Nav items corrected site-wide: Home → Case Studies, API Docs → Docs, Trust → Contact. "Get Started" button simplified to "Get started". Pages with inconsistent active state or missing Contact link (blog.html, trust.html) fixed individually.
4-column footer with crosshair logo SVG deployed across all 89 public pages
Footer replaced site-wide with a canonical 4-column grid (Product / Compare / Use Cases / Company). Footer logo crosshair SVG now renders correctly on all pages. External async CSS files (for-page.css, vs-page.css, case-study.css) that were overriding inline footer overrides have been updated to match the canonical layout.
HTML caching disabled — Cloudflare no longer serves stale pages after a deploy
All HTML responses now carry Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0 plus CDN-specific no-store headers. Previously pages were cached at the Cloudflare edge for 30 minutes (max-age=1800), so nav and footer fixes were invisible to visitors until the CDN TTL expired. Static assets retain their long-lived cache headers.
Device-intelligence reliability upgrade
Migrated our device-intelligence integration to a Cloudflare-backed custom subdomain, with an automatic CDN fallback while DNS propagates. Updated across all pages that load the agent.
Scanner loader can no longer get permanently stuck when both the device SDK and network call fail
showDefaultResult() could route into the first-paint inconclusive branch of showScannerResult() (when __sentinelInconclusiveSeen was still false), showing “Analysing connection…” with a pending circle and then returning early — leaving the panel frozen forever because no subsequent timer would fire. Fixed by setting __sentinelInconclusiveSeen = true inside showDefaultResult() before the scan result call, ensuring it always reaches the second branch (“Network identified”) as a final state.
May 2026 32 updates
Mobile NAT64 false positive: French/EU mobile users no longer flagged as routing anomaly
When a device has a native IPv6 address (CF dual-stack) but the device-intelligence endpoint is IPv4-only, the OS routes through the carrier's NAT64 gateway — creating an apparent IP mismatch that previously triggered routingAnomaly = true (amber 50, ANOMALY on VPN/Proxy row). Common on Orange, SFR, and Bouygues mobile in France. Server now detects the IPv6→IPv4 split and classifies it as mobile dual-stack: uses the IPv4 as the display IP (covered by our intelligence DB), clears the route-mismatch widget, and returns score 0 / CLEAN. Same-version mismatches (IPv4↔IPv4) still flag amber since those are consistent with rotating residential proxies.
Scanner widget: Network Intel grid no longer stuck at “…” on routing anomaly path
The routing anomaly branch in showScannerResult() returned early before calling setDetail(), leaving VPN / Proxy / Datacenter / Tor Exit / Country / Risk Score all frozen on the loading ellipsis. The early return now populates all six fields (CLEAR for network flags, country flag + code, amber 50 for risk score) and calls resolveDeviceFallback() so the Device Intelligence row also fills from server-side UA data.
Scanner mobile overflow: ISP / Service and VPN / Proxy values no longer clipped off-screen
Long IPv6 addresses (38+ chars) caused the scanner widget to expand horizontally beyond the viewport on mobile, pushing the right-side values of ISP/Service and VPN/Proxy rows off-screen. Three CSS fixes: overflow:hidden on .scanner-widget clips any overflow; min-width:0; word-break:break-all; flex-shrink:1 on .result-row-val lets flex items shrink and wrap; align-items:flex-start on .result-row handles multi-line IP values. Route mismatch JS also fixed: replaced <br> inside inline-flex (broken) with a proper column layout, and fixed mojibake ↳ arrow.
Scanner result message: HTML entities rendering as literal text
msg.textContent does not parse HTML entities, so “Verified residential &mdash; you&rsquo;re clean.” and “Analysing connection&hellip;” were displayed verbatim with the entity codes visible. Replaced with actual Unicode characters (em dash, right single quotation mark, ellipsis). ISP/Service logo chip also fixed: generic names (Mobile ISP, Residential ISP, Mismatched route, etc.) no longer render a fallback “M” initial chip — unrecognized brand names are now shown as plain text only.
Mojibake: ▌ cursor character in “How It Works” code blocks
The blinking cursor character ▌ (U+258C, LEFT HALF BLOCK) in the three “How It Works” terminal code snippets was double-encoded as Windows-1252, displaying as across all browsers. Replaced all three instances with the correct UTF-8 character.
Mobile performance: font weight pruned, content-visibility, preconnect
Three performance improvements targeting mobile first-paint. (1) Dropped Space Grotesk weight 300 from the Google Fonts request — not used in any CSS rule, saves ~8 KB of font transfer on every cold load. (2) Added content-visibility:auto with contain-intrinsic-size to .value-props, .features-section, and .proof-section — browser skips off-screen layout and paint on first render, measurably reducing LCP on long pages. (3) Upgraded flagcdn.com from dns-prefetch to preconnect, eliminating the full DNS + TCP + TLS handshake before the first flag image renders in the scanner.
Mobile menu redesigned: clean dark overlay with chevron links and neutral CTA buttons
The mobile hamburger menu was restyled to match the site’s aesthetic. Navigation links: white text at 1rem / 600 weight with a right-side chevron arrow, replacing the dim uppercase small-caps. CTA row: LOG IN renders as a muted bordered pill, GET STARTED as a solid white / black button — removing the harsh neon lime that clashed with the dark overlay and was flagged as visually inconsistent with the auth page button redesign.
4 new blog posts: card testing, CAPTCHA farms, loyalty fraud, gaming launches
Four production-ready posts shipped to the blog. Card Testing Attacks covers the full bot operation — proxy routing, antidetect browsers, timing randomization, economics ($5–$50 per live card) — and shows exactly why Stripe Radar alone is insufficient. CAPTCHA Farm Economics documents the $0.0005–$0.002/solve market, how reCAPTCHA v3 gets gamed with warmed profiles, and why CAPTCHA is now only a deterrent against the least sophisticated bots. Loyalty Point Fraud maps dark-market valuations ($0.004–$0.012/mile), all four attack vectors, and a Python integration example. Bots at Product Launches breaks down waitlist hoarding, referral self-referral, SaaS trial stacking, and sneaker-drop scalping with real data. All posts include Article + FAQ + BreadcrumbList schema, newsletter capture, and related-article cross-links.
2 new case studies: iGaming bonus abuse + travel scalper bots
Two full case studies added. EU Sportsbook — iGaming Bonus Abuse: professional bonus hunters using Dolphin Anty + Bright Data residential proxies drained €87K in bonus credits before Sentinel's antidetect detection and device clustering caught the pattern in 48 hours. European OTA — Travel Scalper Bots: Playwright-driven inventory-hoarding bots crashed checkout conversion to 34%; Sentinel's headless artifact detection, ASN classification, and form-fill timing signals shut down the operation without adding CAPTCHA friction. Case-studies index updated with both cards; aggregate stats updated.
Blog UX: category filter bar + reading time badges + card glow hover
Blog index redesigned with three UX upgrades. A sticky filter bar above the grid lets visitors filter by category (Guide, Research, Case Study, Analysis, Deep Dive, Engineering, Industry) — pure client-side JS reading tag text, zero server round-trips. Reading time badges auto-inject into every card footer via a lookup map (7–13 min estimates). Card hover effect gains a subtle accent glow (box-shadow: 0 0 0 1px rgba(204,255,0,0.12)) alongside the existing lift animation. Article count updated to 34.
Device Intelligence loads immediately — removed 3-second artificial delay
The device-intelligence SDK lazy-loader was wrapped in setTimeout(load, 3000) as a safety throttle. Since loadDeviceIntel already awaits the SDK promise, the timeout just stalled the DI panel for 3 full seconds on every dashboard open — even on fast connections. Changed to load() (immediate). Client-side fetch to /api/device-intel now has AbortSignal.timeout(8000) so the DI panel fails gracefully instead of hanging if the upstream device-intelligence API is slow.
bcrypt async in OAuth flow; guard.js 7-day immutable cache; crypto hot-path fix
Three server-side performance wins. bcrypt: Google OAuth new-user creation used bcrypt.hashSync inside a db callback, synchronously blocking the event loop on every first-time Google login. Replaced with await bcrypt.hash() in an async callback. guard.js: Cache-Control changed from no-store to public, max-age=604800, immutable — saves a round-trip on every page load. crypto: parseUaIntel was calling require('crypto') on every invocation; changed to use the module-level crypto import.
Scanner hardening: defense-in-depth output encoding
Hardening pass on the homepage scanner: every dynamic value rendered into the panel (IP, service name, routing details) now goes through a strict HTML-escaping helper as defense in depth. Also added DNS prefetch hints for the device-intelligence CDN and favicon service to shave ~20ms off first-load.
Session, console, and input-validation hardening; dependencies patched
Four hardening improvements shipped together. Admin console sessions now clear automatically when the tab closes. The 2FA enrollment flow gained stricter state checks. Country-code validation tightened to strict two-letter alpha input. Dependency audit run and patched — npm audit now reports 0 known vulnerabilities.
Blog index updated: 34 posts, JSON-LD refreshed, case-studies aggregate
Blog hero stat updated from 16 → 34 articles reflecting the full post fleet. JSON-LD BlogPosting list includes all new posts. Case-studies/index.html aggregate stat updated to account for the two new case studies. Display-name input is normalized server-side before write.
4 new blog posts: ATO playbook, iGaming bonus abuse, headless detection, agentic AI browsers
Shipped four long-form pieces targeting fresh high-intent keywords. Account Takeover Prevention: The 2026 Engineering Playbook covers session-cookie theft, real-time phishing kits, and device-bound sessions. iGaming Bonus Abuse Detection targets sportsbook/casino multi-account fraud with UKGC/MGA regulatory framing. Headless Browser Detection in 2026 documents what works after stealth plugins kill the classical signals. Detecting Agentic AI Browsers covers ChatGPT Atlas, Claude Computer Use, OpenAI Operator, and the policy decision every team needs to make about AI traffic. Each post ships with Article + FAQ + BreadcrumbList schema and inline links into the existing post graph.
Sitemap, llms.txt, and blog-index refreshed
Added the 4 new posts to sitemap.xml with priority 0.95 and a May lastmod. Bumped homepage, blog index, and changelog lastmod to 2026-05-09 so Google and Bing recrawl. Refreshed /llms.txt with the new posts surfaced for ChatGPT/Claude/Perplexity citation discovery, plus an expanded "Capabilities" block that explicitly names ChatGPT Atlas / Claude Computer Use detection. Updated blog-index BlogPosting JSON-LD list with the new headlines.
Internal linking pass — every new post gets 3 inbound contextual links
The four new posts each link into the existing post graph (residential proxies, antidetect browsers, credential stuffing, multi-accounting, Puppeteer/Playwright, AI takeovers) with relevant anchor text rather than navigation-style "read more". Improves crawl depth into the deeper posts and concentrates topical relevance for the cluster keywords. Reciprocal Related-Articles cards added to each new post pointing back at the cluster.
Newsletter capture on every new blog post
"Fraud Brief" newsletter block injected near the article CTA on all 4 new posts. Inline form posts to /api/newsletter with deduplication, fires generate_lead in GA4 on success. Same pattern as the existing post fleet — consistent capture surface across the blog.
Topical cluster expansion: bot detection, ATO, multi-accounting
The blog now has 30 indexed posts across three reinforced clusters: bot & automation (headless, Puppeteer/Playwright, agentic AI, antidetect, captcha-less), network & identity (residential proxies, VPN evasion, ShadowNode, Tor), and platform vertical (iGaming, OAuth signup, ticketing, dating, Stripe, Shopify, fintech, e-commerce, SaaS). Cluster cross-linking is what moves long-tail rankings — each new post strengthens 2–3 existing posts.
Coverage of agentic AI traffic — first-mover content
"Detecting Agentic AI Browsers" is the first piece in our category to address ChatGPT Atlas, OpenAI Operator, and Claude Computer Use as a distinct traffic class with a documented detection surface and a policy framework (block / allow-attribute / explicit-agent-path). Targets a query cluster ("detect chatgpt atlas", "block ai agent traffic", "operator bot detection") with essentially zero established competition as of May 2026.
Smarter VPN/proxy verdicts using dch as ground truth
The scanner now uses the datacenter-ASN flag (dch) to distinguish stale-cache verdicts from real VPN traffic. Matched IPs + vpn=true + residential ASN → CLEAN (cache residue from a previous VPN session). Route mismatch + datacenter ASN → DETECTED (real VPN exit even if our IP DB doesn't have it pinned by name). Eliminates the false-PROTON-VPN labels on residential IPs after VPN toggles, and catches real VPN exits our per-IP database hasn't ingested yet.
Live scanner: RESCAN button + cache-busting
Added a one-click RESCAN action in the scanner card header. Wipes localStorage, sessionStorage, cookies, and IndexedDB entries for the scanner's cache namespaces, then reloads with a unique ?_rescan=<ts> query so no cache layer (browser disk, BFCache, service worker, Cloudflare edge) can serve stale state. /api/verify calls now also send a fresh nonce per request and explicit cache: 'no-store'.
Route mismatch surfaced in network row
When our network edge sees a different visitor IP than what reaches our origin via Cloudflare (Brave + Proton TCP routing splits, CF WARP, etc.), the panel now shows both IPs stacked: A.B.C.D via CF + ↳ X.Y.Z.W via edge (VPN exit). The split itself is recorded, and the verdict reflects the underlying ASN signals rather than guessing.
Scanner can no longer hang on "Analysing now"
The legacy two-state machine had no exit when the network engine returned scanInconclusive=true twice. Bot poll now waits the full 4-second window and uses the LATEST device token (catches the engine's mid-window assessment refresh). Master 5-second safety timeout force-resolves if anything else stalls. Loading panel cross-fade switched from absolute positioning to CSS grid stacking — no more overflow behind the scanner foot when the details panel expands.
Device-intelligence reliability upgrade
Moved our device-intelligence integration to a Cloudflare-backed custom subdomain, improving load reliability in browsers with strict content blockers, with an automatic CDN fallback if DNS hasn't propagated. Applied across all pages that load the agent.
Dark editorial homepage restored, white-theme experiment reverted
A short-lived white redesign experiment clashed with the rest of the site (login, signup, dashboard, contact all run dark Space Grotesk + neon green). Restored the editorial dark theme so the homepage and post-signup flows share one visual system. Added a centered "Customer Voice" testimonial block with the residential-proxy quote, styled to match the existing crosshair / grid-overlay language.
Device-intelligence loader no longer hangs Device Intel on blocked browsers
When Brave Shields, Proton NetShield, or strict uBlock dropped the device-intelligence agent, the Device Intel rows were stuck on SCANNING… indefinitely. Hard 3-second timeout now resolves the row to a neutral state. Verify endpoint distinguishes "SDK genuinely blocked" (private/missing IP) from "stale public IP" so the panel paints an honest verdict either way.
Loading-state placeholders are loading-state-shaped
Detection signal rows used to ship as a literal ", " empty value, which read as broken-rendered output if a visitor opened the details panel during the bot-poll window. Replaced all 12 placeholders with "…" so the loading state reads as loading.
Smoother scanner cross-fade and row reveal
Loading→result transition uses cubic-bezier(0.22, 1, 0.36, 1) easing on opacity and Y-translate. Score-circle pops with a soft bounce. Result rows cascade in at 40/100/160/220 ms. Detail-grid items fade in staggered when the panel expands. Header colour swaps go through 0.4 s eased transitions instead of instant — feels like a polished SaaS product, not a 90s page reload.
Device-intelligence API key rotation
Routine credential rotation: server-side device-intel calls now use a freshly rotated secret managed entirely in environment configuration. Server CSP script-src, worker-src, and connect-src directives updated for the device-intelligence subdomain.
Customer voice section on the homepage
Added a centered testimonial block above the final CTA: residential-proxy detection drove the integration ROI in week three for a Series-A fintech. Styled in the editorial DM Mono / neon-green typography to match the rest of the site, with crosshair markers and a grid overlay matching the comparison and CTA bands.
April 2026 21 updates
Mobile polish — duplicate logo fix, overflow cleanup
Removed the duplicate Sentinel logo that appeared on /login and /signup on phones (top-bar + split-panel brand rendered twice). Fixed horizontal overflow on the blog listing for small screens — comparison-table text scales down instead of clipping, CTA buttons stack full-width, tight containers no longer push content past the viewport on ≤420 px devices.
4 new blog posts targeting high-intent keywords
Added Stripe Fraud Detection API, Shopify Bot Detection, OAuth Signup Fraud, and How to Detect Residential Proxies in 2026. Each ships with Article + FAQ + BreadcrumbList schema, internal links to related posts, and its own canonical + OG cards.
BreadcrumbList schema across all 21 blog posts
Every blog post now emits BreadcrumbList JSON-LD alongside the existing Article and FAQPage schemas. Qualifies every post for breadcrumb rich snippets in Google SERPs and tightens site-wide structured-data coverage.
Dashboard + login load: instant first paint
Dashboard-init now fires from <head> before scripts parse (saves 50-200 ms cold) and stale-while-revalidate paints cached state instantly on returning visits. Redundant /api/user 2FA fetch removed. Device-intel call now uses requestIdleCallback. Login page preconnects accounts.google.com and prefetches /dashboard.
Dashboard chart redesign — SVG line + area with tooltip
Replaced stacked bars with a smooth SVG line + gradient-area chart for Clean vs. Threat traffic. Crosshair + floating tooltip on hover and tap. Skeleton shimmers while loading. Stronger empty states on the chart and the Recent Activity table. Staggered card fade-up, threat-row edge indicator, tighter row hover — all respecting prefers-reduced-motion.
Four dashboard bugs fixed
1. Chart range selector now re-renders with full 30-day window (server returned 14). 2. Playground validates the client token before firing so late SDK loads don't send empty requests. 3. Date-group headers in Recent Activity no longer orphaned after filtering. 4. Row hover moved from inline onmouseover to CSS :hover — no flicker on filter changes.
Typography + mobile polish sitewide
"API & Docs" renamed to "API Docs" across all 43 pages — the ampersand glyph under uppercase rendered visibly heavier than neighbouring nav items. Footer links dropped text-transform:uppercase so "IP Lookup" and "Integrations" read cleanly. Added a 400-px breakpoint for tiny phones; CTA buttons stack full-width; footer columns wrap to two-across.
X + LinkedIn footer links + SEO meta on legal pages
Visible X (Twitter) and LinkedIn SVG icons injected into the footer across 44 marketing pages. Added OG + Twitter card + Organization sameAs schema to integrations, privacy, terms, cookies, login, signup, and forgot-password. Removed noindex from legal pages — they were in the sitemap but blocked from indexing, inconsistent SEO signal now resolved.
Scanner IP check: trust the client token, fall back only on failure
Reverted an over-aggressive IP override that was masking legitimate VPN / proxy results. The scanner now trusts the decrypted client token as the source of truth for IP, country, and VPN/proxy flags — which reflects the client's actual connection at scan time. CF-Connecting-IP is used only when the token couldn't resolve (antidetect browser blocking the SDK). Result: toggling VPN on/off now shows correctly every time.
12-point security hardening — secrets, auth, 2FA
Secrets management moved fully to environment configuration. Face login now requires a server-verified liveness check. Admin endpoint uses a separate key with constant-time comparison. 2FA setup requires password re-auth. Stricter validation on upstream lookups. Scan IDs use crypto.randomBytes.
Core Web Vitals overhaul — 6 optimizations
The liveness-check SDK (1.97 MB) lazy-loaded on demand instead of blocking page render. Device intelligence deferred to first user interaction. Blog hero images preloaded with explicit dimensions. Shared CSS extracted to external cacheable files — 136 KB of duplicated inline CSS removed across 31 pages. Google Tag Manager moved out of critical rendering path.
WCAG compliance — focus indicators, skip-link, form labels
Global :focus-visible accent outlines on all interactive elements. Skip-to-content link on every page. Contact form labels properly associated with inputs. Heading hierarchy violations fixed.
Custom 404 page + branded error handling
Unknown routes now return a branded 404 page with popular destination links instead of a raw text error. API routes return structured JSON errors.
Blog: How Residential Proxies Bypass Cloudflare Bot Fight Mode
New analysis piece covering the three specific bypasses (clean ASN, real TLS fingerprints, valid JS execution) and why detection must move from the network layer to the device layer.
SEO audit — 16 title truncations fixed, all JSON-LD validated
Shortened 16 page titles and 13 meta descriptions to avoid Google SERP truncation. Validated all 50 structured data blocks site-wide — zero errors. Case study Article schemas fixed with missing required fields.
Accessibility improvements across all pages
Added <main> landmarks to all pages, removed user-scalable viewport restrictions, and improved ARIA labels across 34 pages for better screen reader and keyboard navigation support.
Mobile PageSpeed 79 → 93 via async font loading
Switched Google Fonts to non-blocking async preload across all pages. Mobile PageSpeed score improved from 79 to 93, reducing render-blocking resources and improving LCP on low-bandwidth connections.
CSP headers hardened, Mozilla Observatory score → A
Fixed Content Security Policy headers to properly allowlist Google Ads and GTM. Added Permissions-Policy header to disable the deprecated FLEDGE API. Mozilla Observatory security score improved to A.
3 new high-volume blog posts published
Published "IP Reputation API Guide", "Device Fingerprinting API", and "Proxy Detection" — targeting high-volume search keywords with 1K–10K monthly searches. All pages include structured data and optimized meta.
OTP email redesign with individual digit boxes
Redesigned OTP verification emails with a cleaner layout featuring individual digit boxes for each character. Improved visual hierarchy and copy to reduce confusion during the signup flow.
Google OAuth now uses proper RS256 JWKS signature verification
Google OAuth tokens are now cryptographically verified with RS256 signatures against Google's JWKS public key endpoint on every auth request, pinning issuer, audience, and expiry.
HSTS preload, CORP headers, and CSP violation reporting
Added HSTS preload directive, Cross-Origin-Resource-Policy header, and a CSP violation reporting endpoint to capture and monitor any policy breaches in production.
March 2026 5 updates
Organization schema added to homepage
Added JSON-LD Organization schema markup to the homepage, including name, URL, logo, contact point, and social profiles. Improves Google Knowledge Graph presence and enables rich results in search.
Footer expanded to 4-column layout
Redesigned the site-wide footer with a 4-column layout including dedicated sections for comparison pages (/vs/), industry landing pages (/for/), legal, and platform links. Improves internal linking for SEO.
5 competitor comparison pages launched
Launched dedicated comparison pages for vs IPQS, vs SEON, vs Sift, vs Kount, and vs minFraud. Each page includes an objective feature matrix, pricing comparison, and Sentinel's advantages.
4 industry landing pages launched
Launched tailored landing pages for SaaS, Fintech, E-Commerce, and Gaming verticals. Each page addresses the specific fraud vectors and use cases relevant to that industry with targeted CTAs.
10 SEO blog posts covering modern fraud vectors
Published 10 in-depth blog posts covering antidetect browsers, credential stuffing, proxy evasion, threat intelligence, and residential proxy abuse. Total indexed blog content now at 15 posts.
February 2026 4 updates
Migrated to Turso cloud database
Replaced local SQLite with Turso cloud database for persistent, multi-region storage. Eliminates data loss on container restarts and enables low-latency reads across global edge locations.
Rate limiting with per-IP and per-endpoint controls
Added configurable rate limiting across all API endpoints. Controls are applied per IP and per endpoint independently, with exponential backoff headers returned on limit breach.
New /api/device-intel endpoint launched
Launched /api/device-intel combining device smart signals with network intelligence. Returns a unified risk score with device-level and network-level signals in a single call.
Open Beta — 10,000 requests/month, free, no card required
Sentinel entered public Open Beta. All features available for free with a limit of 10,000 API requests per month. No credit card required to sign up. Rate limits apply to prevent abuse.
January 2026 3 updates
Closed alpha with first 50 testers
Ran a closed alpha with 50 hand-picked testers from SaaS, fintech, and e-commerce backgrounds. Feedback directly shaped the v1 API schema, response format, and signal set.
Infrastructure setup on Railway with Cloudflare CDN and DNSSEC
Initial production infrastructure deployed on Railway with Cloudflare as CDN and DNS provider. DNSSEC enabled on the sntlhq.com domain. Global edge caching configured for static assets.
Sentinel founded
Started building the fraud detection API we wished existed — one that catches residential proxies, antidetect browsers, and bot farms that every legacy vendor misses. Day zero.