Short, honest answers to the questions ad publishers ask most. Where something is on the roadmap rather than shipped, this page says so plainly — that's a product principle, not a disclaimer.
What is PubSentry?
PubSentry is the AI Security Engineer for ad publishers: real-time invalid-traffic (IVT) prevention. It scores every visitor in real time and blocks the invalid ones before the ad fires ("block-before-serve"), protecting two things at once — your ad revenue and your AdSense/ad-network account from invalid-traffic penalties. It installs as one async JavaScript tag. No SDK, no WordPress plugin, no build step on your side.
How does block-before-serve work?
The tag runs a sub-5ms verdict in the browser before any ad call. On a block it suppresses the ad request across Google Publisher Tag, AdSense, Amazon apstag, and Prebid, plus a universal MutationObserver fallback for anything else — so the ad slot never fires for an invalid visitor. In parallel, the tag sends a beacon to our ingest service, which enriches the request, scores it server-side, updates reputation, and persists the event for your dashboard. The local gate is what protects the impression; the server loop is what learns.
What does PubSentry actually catch?
Be precise here, because we are. The deterministic engine catches obvious, general invalid traffic (GIVT) — known bots, datacenter IPs, automation tells, declared crawlers — at near-100% recall with zero false positives. That's the bulk of the junk hitting most publishers, and it's gone the moment you're in Block mode.
Sophisticated invalid traffic (SIVT) — bots running from residential IPs with no behavioral tells — is harder. Today only a fraction is caught, by design: blocking it aggressively would risk blocking real humans, which violates our first principle. That gap closes as the reputation network and the ML moat accumulate real traffic. We will never claim "100%." Anyone who does is selling you false positives.
Will PubSentry ever block a real human?
The #1 principle is FPR = 0 — never block a real human. A false positive (turning away a real reader) is the worst possible failure because it costs you the impression and the relationship. Defaults are deliberately conservative, and the calibration gate asserts zero false positives on a human corpus before any release ships. You also get a safety mode dial (conservative / balanced / aggressive) and a Measure mode to watch verdicts accumulate without suppressing anything, so you can build confidence before letting it act.
How do I install it?
Paste one async tag into the <head> of every page you want protected, replacing st_xxxx with your real site ID from the dashboard:
<script async src="https://pubsentry.com/t.js" data-site="st_xxxx"></script>That's the entire install. The tag is under 15KB gzipped, loads async, and fails open — if anything goes wrong (network hiccup, parse error, an ad stack we didn't expect), its hard rule is to serve the ad anyway. It will never throw into your page or delay an impression. You add the tag once per page; there's no per-ad-unit snippet.
Which ad networks does it work with?
PubSentry sits in front of your ad stack, not inside any one network's SDK, so it's ad-network-agnostic. The same tag protects AdSense, Google Ad Manager, Amazon apstag, and Prebid / header-bidding setups, with a MutationObserver fallback for anything outside those.
Do I need WordPress, a plugin, or an SDK?
No. It's a single <script> tag. If you can edit your site's HTML head — directly, through a theme, or through any tag manager — you can install PubSentry. There's nothing to compile and no server component for you to run.
What about my visitors' privacy?
The tag sends only client-knowable fields. On the server, ingest enriches geo, ASN, and datacenter signals from the request IP and device hints from the User-Agent — then raw IP and User-Agent are hashed with HMAC-SHA256 and dropped. They are never stored in the clear. Device fingerprints the tag computes client-side use a non-reversible fnv1a hash and aren't PII. Metering counts scored events, never identifiable people.
How fast is it? Will it slow my page down?
The local gate returns a verdict in under 5ms, and an edge worker can serve a cached-reputation verdict in under 50ms. Because the tag is async and fail-open, it's off the critical path: it never delays render and never holds up an ad. If our services are unreachable, the tag serves the ad and moves on.
What does it cost? Is there a free plan?
Every account starts on the free plan: 500 lifetime pageviews (a hard budget, counted all-time across your sites — not a monthly reset and not a time-limited trial). It includes 1 site and 7 days of history, and it ships the full product so you can prove the loop on real traffic. Paid plans — Starter ($199/mo), Growth ($499/mo), Scale ($999/mo) — differ only by volume (pageviews, sites, history retention). Every detection and DEFEND feature is on every plan, free included. The only feature gate is the Enterprise contractual set (SSO, SOC 2 DPA, data residency, SLA, priority support). Billing runs through DodoPayments (not Stripe), self-serve by card.
What happens when I hit the free 500-pageview limit?
The dashboard paywalls the data screens (Overview, Live Feed, Threats, and the rest) behind an upgrade prompt, while billing and account screens stay reachable so you can pick a plan. Your tag keeps running and beacons keep being recorded — you just can't read the analytics until you upgrade. On paid plans, going past your monthly pageview ceiling is a warning, not a lockout: we keep protecting your site and prompt an upgrade rather than failing closed on a busy month.
How is this different from Traffic Cop?
PubSentry is built around three commitments most tools won't make: FPR = 0 (a real-human block is the worst failure, so defaults stay conservative), block-before-serve (the verdict lands before the ad fires, not after), and radical honesty about the detection boundary (we publish what we catch and what we don't, and never claim 100%). On top of that sits a Sentry.io-grade dashboard that explains why each verdict happened, plus an AI agent that narrates what changed and recommends rules — which it applies only after you approve. The AI explains; it never decides a verdict on the hot path and never invents a number.
Is there an API or webhooks?
Not as a public, documented product yet. PubSentry exposes read and DEFEND endpoints under /v1/* that power the dashboard (overview, timeseries, rules, alerts, the agent sweep), but these are session-scoped to your account — they back the UI, not a stable public integration, and may change. A documented public API and outbound webhooks are on the roadmap (coming), not shipped. (Today's one public endpoint is the billing webhook, which is signature-verified.) If you need programmatic access now, tell us what you're building so we can scope it honestly rather than point you at endpoints that may shift.
Do you send email notifications?
In-dashboard alerts, Slack, and generic webhook delivery work today — you can configure threshold alerts, backtest them, and test-fire before arming. Outbound email delivery is still being wired up (coming). When it's live, you'll be able to route alerts and digests to email as well.
How do I get started?
Sign in at app.pubsentry.com, create a site, drop the one async tag into your <head>, and use the Install screen to verify your first beacon. Leave it in Block mode and you're protected — every visitor scored, every invalid one stopped before the impression, and every decision explained. See Getting Started for the full walkthrough.