Frequently Asked Questions

Browsify is a Shopify security app that protects your store from fraud, bots, and unwanted traffic. It uses Visitor ID (browser fingerprinting) to identify visitors by their device — not just their IP address. This means even if a fraudster uses a VPN, clears cookies, or switches to incognito mode, Browsify still recognizes them and can block them automatically.

Yes! Browsify offers a free plan with IP/country blocking (4 rules), Visitor ID blocking (4 rules), and analytics for the first 200 visitors per month. No credit card required. Paid plans start at $6.99/month and unlock unlimited blocking rules, fraud scoring, auto-blocking, and more.

Install Browsify directly from the Shopify App Store — it takes less than 2 minutes. The app adds itself to your store automatically. No theme editing, no code to paste, no developer needed. Once installed, you'll start seeing visitor data in your dashboard within minutes.

Absolutely. All paid plans come with a 3-day free trial. You can explore all features risk-free before being charged. You can upgrade or downgrade at any time from your Shopify admin.

Visitor ID is a unique identifier generated from 50+ browser and device signals — screen resolution, installed fonts, graphics card, timezone, and more. Unlike an IP address (which changes with VPNs, proxies, or every few days automatically), a Visitor ID stays the same no matter what. Think of it this way: an IP address is like a phone number — easy to change. A Visitor ID is like a fingerprint — it stays with you.

No. Incognito mode only prevents cookies from being saved — it does not change your device fingerprint. Clearing cookies, switching browsers, or using private browsing mode does not affect the Visitor ID. The fingerprint is based on hardware and software characteristics of the device itself, not on stored data like cookies.

Yes. A VPN only changes the IP address — it does not change anything about the device or browser. Browsify's Visitor ID tracks the device, not the connection. So even if someone switches between 10 different VPN servers, their Visitor ID remains the same, and Browsify recognizes them every time.

Browsify analyzes multiple signals for every visitor: their Visitor ID (device fingerprint), IP address, location, VPN/proxy usage, browsing behavior, and order patterns like multiple card attempts or billing/shipping mismatches. All these signals are combined into a risk score from 0 to 100 that tells you how likely the visitor is to be fraudulent.

The risk score goes from 0 to 100. Scores 0–33 are Low Risk (green) — these orders are almost always safe. Scores 34–66 are Medium Risk (yellow) — worth a quick look but often legitimate. Scores 67–100 are High Risk (red) — multiple red flags are present and the order should be reviewed carefully or blocked automatically.

Common risk factors include: multiple card attempts (someone tried several different cards), card country mismatch (card from one country, visitor from another), VPN or proxy detected, known fraud device (this Visitor ID has been linked to fraud before), TOR network usage, mismatched billing and shipping addresses, and disposable email addresses. No single factor determines the score — it's the combination that matters.

The dashboard shows flagged visitors with their Visitor ID, risk score, and specific risk factors. You can see a country breakdown (where suspicious traffic comes from), a timeline view (when fraud attempts happen — often at 2–5 AM), and detailed session data for each flagged visitor. Each risk factor is explained in plain language so you know exactly what triggered the flag.

No — about 31% of internet users use VPNs for legitimate reasons (privacy, work, travel). Blocking all VPN traffic means losing real customers. Instead, use smart blocking: block TOR traffic entirely (almost never legitimate shopping), block datacenter proxies (used by bots, not shoppers), allow iCloud Private Relay (used by millions of Apple users), and combine VPN detection with risk scoring so VPN users with no other red flags can still purchase.

VPN ($3–$12/month) encrypts all your traffic and routes it through another server — used by millions of regular people for privacy. Proxy (often free or pennies per IP) is a simpler middleman server — datacenter proxies are very suspicious, residential proxies are harder to detect. TOR (free) bounces traffic through multiple random computers worldwide for maximum anonymity — almost no legitimate shopper uses TOR to buy products.

Not if you configure it correctly. Apple's iCloud Private Relay (used by iCloud+ subscribers on iPhone, iPad, and Mac) looks like a proxy to detection systems. Browsify recognizes iCloud Private Relay separately and always allows it through, so your Apple customers are never blocked.

You set a risk score threshold (default is 80 out of 100). Every visitor to your store is scored in real time. Anyone above your threshold is automatically blocked before they can checkout — no manual review needed. You can also set up auto-cancellation for orders that slip through with high risk scores. Both features work 24/7, even while you sleep.

Block shows the visitor an 'access denied' page — the door is shut. Use it for known bad actors and very high-risk visitors. Redirect sends them to a different URL (like a verification page or 'contact us' page). Use it for borderline cases where you want to add friction without completely shutting someone out. Think of it as: Block = locked door, Redirect = detour.

If a real customer contacts you saying they can't access your store, look up their Visitor ID in your Browsify dashboard, check why they were blocked, and if they're legitimate, add them to your whitelist. They'll never be blocked again. To minimize false positives, start with a high threshold (90+) and lower it gradually as you monitor the results.

It depends on what you sell. High-value items ($200+): lower to 60–70 because one chargeback hurts a lot. Low-value items ($10–$30): keep at 80–85 since blocking too many customers costs more than occasional fraud. Digital goods: lower to 50–60 because they're the #1 fraud target with instant delivery and no shipping proof.

Content Protection stops people from easily copying your product photos and descriptions. It turns off right-click (so they can't 'Save Image As'), blocks text selection and copying (so they can't grab your product descriptions), and disables the keyboard shortcuts tech-savvy users rely on to view or copy your page code (like F12 and Ctrl+U). It stops 95% of casual content theft.

For 95% of visitors, it's completely invisible — most people never right-click or press F12 on a product page. We recommend enabling it selectively: turn it on for product pages (where your valuable content lives) and leave it off for blog posts, FAQ pages, and informational pages where customers might legitimately want to copy text like your return policy.

The free plan includes IP/country blocking (4 rules), Visitor ID blocking (4 rules), and analytics for the first 200 visitors per month. It's enough to get started with basic fraud protection. No credit card required.

Base ($6.99/month) includes Visitor ID tracking, fraud scoring, and unlimited blocking rules for up to 5,000 visitors. Advance ($12.99/month) adds VPN, proxy, and TOR detection, custom Risk Score settings, the ability to block visitors by their internet provider or the site they came from, automatic fraud-order blocking, and content protection (right-click & copy prevention) for up to 20,000 visitors.

Yes. You can upgrade or downgrade your plan at any time directly from your Shopify admin. Changes take effect immediately and billing is prorated — you only pay for what you use.

Browsify focuses on anonymous identifiers like Visitor IDs and IP addresses — not personal customer data. It complies with Shopify's privacy guidelines and follows industry-standard security practices. We do not sell or rent any data to third parties.

Any fraud detection system can have false positives, but Browsify minimizes them through multi-signal risk scoring (no single factor triggers a block). If someone is blocked incorrectly, you can whitelist their Visitor ID or IP address instantly. You can also increase your risk score threshold to reduce sensitivity, or set borderline cases to 'flag for review' instead of auto-block.

Go to the Configuration section in your Browsify dashboard, find the customer's IP or Visitor ID in your block list, and remove it. You can also add them to a whitelist so they're never blocked again, regardless of their risk score.