Skip to content
Knowledge Center

Steps 2–3 — Implement the fraud0 Tag

The Main Tag is the core of fraud0. It fires a 1×1 tracking pixel immediately when the page loads — catching bots that abandon the page before any JavaScript executes — and then loads the full detection script asynchronously.

This page covers two things: choosing the right embed path for your setup (Step 2), then implementing the tag with the correct variant (Step 3).

Step 2 — Choose your embed path

Section titled “Step 2 — Choose your embed path”

There are three supported embed paths. Use your answers from the Pre-flight questionnaire (Q1–Q4) to pick the right one.

Decision matrix

Section titled “Decision matrix”
A. SGTM (preferred when SGTM exists)B. Direct in <body> (preferred when no SGTM)C. Standard GTM (only if GTM loads before consent)D. GTM behind consent gate (not supported)
When to chooseYou already operate a Server-Side GTM endpoint on your own domainNo SGTM and your web team can place a script in the <body> templateGTM container loads unconditionally on every page, no SGTM
UpdatesFast — change in GTM UI, no IT releaseSlow — needs IT release whenever the snippet changesFast — change in GTM UI, no release
IT involvementNone (after one-time SGTM setup)One release for the snippet, then noneNone after initial setup
Bot-blocking riskVery low — proxied through your own domainVery low — only ad blockers targeting api.fraud0.com directlyMedium — googletagmanager.com is on many ad-blocker listsHigh — fraud0 only fires after consent, and bots reject consent
Detection coverageMaximumMaximumReduced — bots blocking GTM are invisible
Works with strict CSPYes (allow-list your SGTM domain)Yes (allow-list api.fraud0.com)Yes (allow-list both googletagmanager.com and api.fraud0.com)

Quick recommendation

Section titled “Quick recommendation”
  • You have SGTM: use Variant A.
  • No SGTM, but you can change website code: use Variant B.
  • Neither: Variant C is acceptable only if your GTM container loads unconditionally (before any consent gate). Otherwise, fix the GTM bootstrap first — Variant D is not supported.

Step 3 — Implement the Main Tag

Section titled “Step 3 — Implement the Main Tag”

The code snippet

Section titled “The code snippet”

Replace {{fraud0 cid}} with your customer ID from the dashboard.

<!-- FRAUD0.com fraud detection BODY TAG -->
<script async src="https://api.fraud0.com/api/v2/fz.js?cid={{fraud0 cid}}"></script>
<script>(function(){var i=document.createElement('img');i.alt=' ';i.src='https://api.fraud0.com/api/v2/pixel?cid={{fraud0 cid}}&cb='+Math.random()+'.'+(new Date()).getTime();
i.width=i.height=1;i.style='width:1px;height:1px;display:inline;position:absolute;margin-top:-1px;';document.body.append(i);})();</script>
<!-- End of FRAUD0 BODY TAG -->

What this does:

  1. Loads fz.js asynchronously — this is the full detection logic.
  2. Immediately creates and appends a 1×1 tracking pixel. The pixel fires whether or not the JavaScript ever finishes loading, which is what allows fraud0 to detect bots that abandon the page in the first few hundred milliseconds.

Variant A — Implement via Server-Side GTM

Section titled “Variant A — Implement via Server-Side GTM”

  1. In your GTM web container, create a new tag → Custom HTML.

  2. Name it fraud0 Main Tag.

  3. Paste the snippet above into the HTML field.

  4. Open Advanced Settings → set Tag firing priority to 1000 (ensures it fires before any other tag).

  5. Set Triggering to All Pages.

  6. Under your SGTM client configuration, ensure that requests to fz.js and the pixel are proxied through your SGTM endpoint (tagmanager.yourdomain.com). Contact support@fraud0.com if you need help with the SGTM proxy configuration.

  7. Publish your container.

Variant B — Implement directly in <body>

Section titled “Variant B — Implement directly in <body>”

  1. Open the master template that renders on every page (e.g. layout.html, _layout.cshtml, WordPress header.php).

  2. Place the snippet immediately after the opening <body> tag, before any CMP or consent script.

  3. Replace {{fraud0 cid}} with your actual customer ID.

  4. Deploy as part of your next release.

Variant C — Implement via standard (client-side) GTM

Section titled “Variant C — Implement via standard (client-side) GTM”

  1. In GTM, create a new tag → Custom HTML.

  2. Paste the snippet above into the HTML field.

  3. Open Advanced Settings → set Tag firing priority to 1000.

  4. Set Triggering to All Pages.

  5. Publish your container.

Once the Main Tag is deployed, continue to the Conversion Tag.

Step 4 — Implement the Conversion Tag Tag your confirmation pages to help fraud0 identify false positives.
Imprint Privacy Policy Terms & Conditions DPA