CHEQ

CHEQ

CHEQ is an ad fraud prevention and go-to-market security platform. Its scripts analyze visitor behavior, device fingerprints, and network signals in real time to detect bot traffic, invalid ad clicks, and fake form submissions, blocking fraudulent interactions before they corrupt analytics data.

Back to Vendor Library

Overview

CHEQ is a go-to-market security and ad fraud prevention platform. Its scripts are deployed on advertiser and publisher websites to analyze incoming traffic in real time, distinguishing human visitors from bots, scrapers, and invalid click sources. CHEQ is commonly found on landing pages, paid-search destinations, and lead generation forms where fraudulent traffic causes direct financial harm to advertisers.

What This Script Does

The CHEQ script (typically cheq.js or loaded from a *.cheqzone.com domain) executes behavioral and environmental analysis in the browser immediately on page load. It collects a wide range of signals to build a risk assessment for each visitor session.

Signals analyzed include: browser fingerprint characteristics (user agent, canvas rendering, WebGL renderer, installed fonts, screen dimensions), mouse movement patterns and interaction velocity, network characteristics (IP address, ASN, whether the connection appears to be a proxy or datacenter), page referrer, and timing of user interactions relative to page load. These signals are submitted to CHEQ's real-time classification API, which returns a risk verdict used to allow, flag, or block the visitor.

CHEQ may set a session cookie or a short-lived identifier to avoid re-analyzing the same browser within a session. Device fingerprinting is a core component of CHEQ's detection methodology and does not rely on cookie consent to function — fingerprints are computed from browser environment properties without writing to persistent storage.

The CHEQ script operates primarily as a fraud-signal collector; it does not display content or modify the page for legitimate visitors.

Consent & Compliance

CHEQ's consent posture is nuanced. The fraud-prevention function has a legitimate business rationale, but the technical implementation involves extensive device fingerprinting, which regulators — particularly the CNIL and the ICO — have determined requires consent when used for any purpose beyond strictly necessary security functions.

Under ePrivacy Article 5(3), any reading of or writing to a user's terminal equipment requires consent unless strictly necessary. CHEQ argues its processing falls under the security necessity exemption, but this position is contested when the same fingerprint data is used to enrich advertiser analytics dashboards or retargeting suppression lists, rather than solely blocking individual bot sessions.

Under GDPR, the legal basis for real-time fraud detection is typically legitimate interest (Article 6(1)(f)), provided the processing is genuinely limited to security purposes and a balancing test is documented. If CHEQ data feeds marketing or attribution reporting, the legitimate-interest basis becomes harder to defend.

Under CCPA/CPRA, device fingerprinting data constitutes personal information. Security-purpose processing may be exempt from opt-out rights, but only if the data is not used for advertising or commercial profiling.

The consent category is mixed (essential/analytics). Pure bot-blocking is essential; analytics enrichment requires consent.

Should You Block This Without Consent?

Conditional. If CHEQ is deployed strictly for real-time bot blocking and invalid-click prevention with no data feeding marketing or analytics pipelines, it can be treated as essential and loaded without prior consent. If CHEQ data contributes to analytics dashboards, retargeting lists, or ad-performance attribution, it must be gated behind analytics or marketing consent. Review your CHEQ data processing agreement to determine which use cases are active.

Visit website

Consent Categories

Essential
Analytics

Also Known As

cheq ad fraudcheq bot detectioncheq trackingcheq go-to-market securitycheq invalid clicks

Industries

Computers Electronics and TechnologyBusiness and Consumer ServicesMarketing and AdvertisingFinance

Tracked Domains (1)

cheq.aiEssential

Frequently Asked Questions

Is cookie consent required for CHEQ bot detection?

Partially. CHEQ's core bot detection scripts are considered essential security infrastructure, but its analytics and behavioral profiling components may require consent. Since CHEQ collects device fingerprints, browser characteristics, and behavioral signals, the analytics aspects fall under consent requirements in GDPR jurisdictions.

What data does CHEQ collect to detect fraud?

CHEQ analyzes a broad range of browser signals on every page load: user agent strings, canvas rendering patterns, WebGL fingerprints, mouse movement dynamics, keystroke timing, and network characteristics. It builds a risk score for each visitor session to distinguish human traffic from bots, scrapers, and invalid click sources in real time.

How does ConsentStack handle CHEQ fraud prevention scripts?

ConsentStack identifies CHEQ's scripts loading from cheqzone.com domains and classifies them across essential and analytics categories. The core fraud detection components are allowed as essential security tools, while the behavioral analytics and fingerprinting aspects are gated behind the analytics consent category for full regulatory compliance.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for CHEQ

ConsentStack automatically detects and manages CHEQ trackers so your site stays compliant with global privacy regulations.

Get started free