Each gate type is independent, configurable, and tracked separately in the session timeline. Combine them into multi-step flows. Every visit generates a complete event record - no third-party trackers, no data leaving the platform.
Example pipeline - runs left to right
The builder shows the sequence for your active gates before you publish. A failure at any step stops the visitor there.
Password gate
The password gate places a form between the visitor and your destination URL. They enter a passphrase and, if it matches, they proceed to the next step in the pipeline. If it doesn't, they see an error and can try again.
You set a maximum attempt count. After that many wrong entries, the link blocks the visitor completely - no more attempts are accepted from that browser. The destination URL is never exposed in the page source or in any network response visible to the visitor.
All text on the gate page is customizable: the title, the input placeholder, the submit button label, the error message shown on a wrong attempt, and the lockout message shown when the attempt limit is reached. Custom CSS gives you full control over the visual presentation.
What you configure
Geolocation filter
The geolocation gate uses the browser's location permission flow to determine the visitor's country. When a visitor hits the gate, the browser requests GPS permission on Route Entry's behalf. If the visitor grants it, the returned coordinates are reverse-geocoded to an ISO 3166-1 alpha-2 country code, which is then checked against your allowlist.
Visitors from countries not on the list see a denial page. If a visitor declines the location permission prompt or their browser blocks it, they see a block page with step-by-step instructions for enabling location access - tailored to their specific browser and operating system.
GPS coordinates can optionally be stored in the session record if you've added a geolocation capture step. This feeds the interactive heatmap in your analytics dashboard, which plots up to 2,000 coordinate pairs with accuracy radius indicators.
What you configure
Bot challenge
The bot challenge gate integrates Cloudflare Turnstile, a privacy-preserving visitor verification widget. Unlike traditional CAPTCHAs that present visual puzzles, Turnstile runs behavioral checks in the background. Most legitimate visitors pass without any interaction. Automated scripts and bots fail consistently.
When a visitor reaches the bot challenge gate, a Turnstile widget loads on the gate page. If verification passes, the visitor proceeds. If it fails after a configurable number of attempts, they're blocked. The outcome - passed or failed, and the number of attempts - is logged as events in the session timeline.
Because Turnstile doesn't fingerprint visitors with cookies or persistent identifiers beyond what's necessary for the challenge, it's one of the more privacy-friendly CAPTCHA alternatives available. Bot challenge results appear in the session timeline alongside all other gate events.
What you configure
Consent gate
The consent gate presents visitors with a disclosure form they must respond to before the pipeline continues. They can approve or decline. Both decisions are logged in the session record with a precise timestamp - not just that consent was asked for, but what the visitor chose and when.
Placing the consent gate first in your pipeline means no other gate runs until the visitor has explicitly responded. This makes it a natural precursor to any step that collects data - IP capture, device fingerprinting, or geolocation - if your use case requires documented visitor approval before collection.
The consent page is fully editable. The title, body text, approval button label, decline button label, and the post-decline message are all translatable fields. Custom CSS gives you the same visual control as every other gate type.
What you configure
IP capture
The IP capture step records the visitor's IP address at the point it runs in the pipeline. The address is stored in the session record and visible in the visitor detail view on your dashboard.
IP capture can optionally require consent before collecting. If you want documented consent prior to logging IP addresses, place a consent gate earlier in the pipeline and configure the IP capture step to check for prior consent.
The step itself is transparent to the visitor - there's no UI prompt. It simply records the IP address and logs the capture event in the session timeline before passing the visitor to the next step.
What you configure
Device capture
The device capture step collects five data points from the visitor's browser environment: browser name and version, operating system, device type (desktop, mobile, or tablet), preferred language, and viewport width in pixels. All five are stored in the session record and visible in the visitor detail view.
Like IP capture, the device capture step is transparent to the visitor - no UI is shown. The step executes, records the data points, logs a capture event in the session timeline, and passes the visitor forward. It can optionally require consent before collecting.
Device and browser data is useful for understanding whether your audience is on mobile or desktop, identifying patterns across sessions, and cross-referencing device types with gate outcomes in your analytics.
What you configure
Every session through your redirect generates an event timeline. You can see exactly what each visitor encountered - which gates ran, what they chose, how long each step took, and whether they reached the destination.
23
Tracked event types
Every gate outcome, attempt, capture, and redirect
7
Day visitor chart
Daily breakdowns with bot vs. human classification
2k
Heatmap GPS points
Interactive map with cluster support and accuracy rings
10k
Sessions stored per route
Oldest sessions auto-trimmed when the cap is reached
Click any session in the visitor list to open a full event timeline. See every gate the visitor hit, every attempt they made, and exact timestamps for each event. IP address and device details surface here if those steps are active.
The overview panel shows total visits, bot challenge pass rate, consent grant rate, and average session duration for the selected time window. All computed from your route's own data - no sampling, no approximation.
If you've enabled geolocation capture, GPS coordinates are plotted on an interactive Leaflet map. Points cluster when zoomed out. Accuracy radius is shown per point. Up to 2,000 coordinate pairs per route are visualized.
Every step in the pipeline has its own translation fields and custom CSS slot. You control the layout without touching a stylesheet or a deployment pipeline.
Every visible string on every gate page is overridable. Titles, body text, input labels, button labels, error messages, and block screens. More than 15 editable fields per step - no character limits beyond a reasonable ceiling. Translate into any language or rephrase into any tone.
Paste raw CSS into any step's style slot. It's sanitized server-side to prevent script injection, but within that boundary you have full visual control: fonts, colors, layouts, backgrounds, spacing. Each step's CSS is scoped to that step's page - changes don't leak to other steps or to the redirect destination.
Enable query forwarding on a route and every visitor's original query string passes through to the destination URL intact. If a visitor arrives at your redirect with UTM parameters, campaign tracking, or any other query data, it arrives at your destination with the same parameters appended.
Save your in-progress route builder configuration as a shareable URL. Anyone who opens that link gets the builder pre-loaded with your configuration - they can review it, adjust it, and publish as their own route. Drafts are URL-encoded snapshots of the builder state, up to 64KB, versioned against the current schema.
Route creation gives you a management token link for that route. Use it to update gate settings, review visitor activity, and disable or delete the route later. There are no user accounts, shared workspaces, or separate credentials to provision.
Route settings
Visitor insights
Access model
Missing something? Request a feature - feature requests directly shape our roadmap.
Create your first protected redirect in under a minute. Pick a domain, choose your gates, and your link is live on a global edge network immediately.
