Timetrap is a stealthy, time-based security measure employed by Comfyform to thwart automated spam submissions. It accomplishes this by keeping track of when a form is loaded and then comparing this time to when the form is submitted. If a submission occurs impossibly quickly after a form is loaded—faster than a human could normally complete it—Timetrap flags it as potential bot activity. This protection operates unnoticed by users, making it an ideal blend of efficiency and subtlety.
Integrate Timetrap into your forms with this HTML input:
Replace the placeholder PAGELOAD_TIMESTAMP_HERE
with the actual timestamp at the moment the page loads. Timetrap utilizes the standard RFC 3339 format for datetime values to monitor the time interval between form load and submission. Comfyform expects submissions to include a timestamp in either of these precise examples of RFC 3339 formats:
2024-01-22T10:36:59.906157Z
2024-01-22T11:36:59.906157+01:00
Generate the timestamp on the backend and pass the value to the final HTML code of the page. Below is an example implementation in PHP. If you changed your timetrap field name, you need to update the name
attribute to the correct field value.
Generate the timestamp on the backend and pass the value to the final HTML code of the page. Below is an example implementation in PHP. If you changed your timetrap field name, you need to update the name
attribute to the correct field value.
Assign the current timestamp using JavaScript. Note that if the user has disabled JavaScript, the submission will be marked as spam.
For static websites, including those built with static site generators or manually written in pure HTML, Timetrap necessitates JavaScript to dynamically set the current timestamp in the hidden field. If JavaScript is disabled in the user’s browser, Timetrap validation will not function, and the submission could be erroneously marked as spam.
You can use this piece of code for adding the timestamp value to the hidden input field. If you changed your timetrap field name, you need to update the field
variable to the correct field name.
name
attribute of the field from the Step 1.How to Determine the Ideal Time Threshold
Choosing the right time threshold for Timetrap involves a balance between security and user experience. Consider the complexity of your form—longer forms may require more time to fill out. A common starting point is 5-10 seconds, but you can adjust this based on testing:
Remember, the goal is to catch bots, not frustrate users. A well-chosen threshold means better protection with minimal impact on genuine submissions.
Ensure Timetrap functionality meets your standards:
By performing these tests, you verify that Timetrap effectively discriminates against bot activity without hindering real users.
Should you need any support with Timetrap setup or have questions, our Comfyform support team is readily available to assist you. Get in touch at support@comfyform.com or through our Comfyform Discord server. Our aim is to ensure your forms remain secure and user-friendly with minimal spam interruptions.
Timetrap is a stealthy, time-based security measure employed by Comfyform to thwart automated spam submissions. It accomplishes this by keeping track of when a form is loaded and then comparing this time to when the form is submitted. If a submission occurs impossibly quickly after a form is loaded—faster than a human could normally complete it—Timetrap flags it as potential bot activity. This protection operates unnoticed by users, making it an ideal blend of efficiency and subtlety.
Integrate Timetrap into your forms with this HTML input:
Replace the placeholder PAGELOAD_TIMESTAMP_HERE
with the actual timestamp at the moment the page loads. Timetrap utilizes the standard RFC 3339 format for datetime values to monitor the time interval between form load and submission. Comfyform expects submissions to include a timestamp in either of these precise examples of RFC 3339 formats:
2024-01-22T10:36:59.906157Z
2024-01-22T11:36:59.906157+01:00
Generate the timestamp on the backend and pass the value to the final HTML code of the page. Below is an example implementation in PHP. If you changed your timetrap field name, you need to update the name
attribute to the correct field value.
Generate the timestamp on the backend and pass the value to the final HTML code of the page. Below is an example implementation in PHP. If you changed your timetrap field name, you need to update the name
attribute to the correct field value.
Assign the current timestamp using JavaScript. Note that if the user has disabled JavaScript, the submission will be marked as spam.
For static websites, including those built with static site generators or manually written in pure HTML, Timetrap necessitates JavaScript to dynamically set the current timestamp in the hidden field. If JavaScript is disabled in the user’s browser, Timetrap validation will not function, and the submission could be erroneously marked as spam.
You can use this piece of code for adding the timestamp value to the hidden input field. If you changed your timetrap field name, you need to update the field
variable to the correct field name.
name
attribute of the field from the Step 1.How to Determine the Ideal Time Threshold
Choosing the right time threshold for Timetrap involves a balance between security and user experience. Consider the complexity of your form—longer forms may require more time to fill out. A common starting point is 5-10 seconds, but you can adjust this based on testing:
Remember, the goal is to catch bots, not frustrate users. A well-chosen threshold means better protection with minimal impact on genuine submissions.
Ensure Timetrap functionality meets your standards:
By performing these tests, you verify that Timetrap effectively discriminates against bot activity without hindering real users.
Should you need any support with Timetrap setup or have questions, our Comfyform support team is readily available to assist you. Get in touch at support@comfyform.com or through our Comfyform Discord server. Our aim is to ensure your forms remain secure and user-friendly with minimal spam interruptions.