Launch Checklist
Step-by-step checklist for setting up ClickFortify on a new account — from workspace creation to first-week verification.
Use this checklist when setting up ClickFortify for the first time or onboarding a new client account. Work through each phase in order — each phase depends on the one before it.
This checklist mirrors the onboarding wizard sequence. If you completed onboarding in order, phases 1–3 are already done. Start at Phase 4 (Protection Config) to verify your settings before going live.
Phase 1: Space Setup
These are the account-level foundations. Done once per workspace.
- Space created — Space name, description, and business category filled in
- Emergency email configured — Set in Space Settings → this is where critical alerts go
- Monthly budget entered — Needed for accurate wasted spend calculations in reports
- Team members invited — If managing for a client or working in a team, add users under Team Management before launch so they receive alerts from day one
Phase 2: Website Configuration
ClickFortify needs to know which domain to protect before it can track anything.
- Website domain added — Added in Website Settings (e.g.,
example.com) - Domain saved — Confirm the domain appears in Website Settings without errors
Phase 3: Tracking Installation
The JavaScript snippet must be present on every page your ads land on. No script = no data.
- Base script copied from Tracking Script page
- Script added to site — In
<head>on all pages (not just the landing page) - Script verified — After installation, visit your site and open browser DevTools → Network tab → look for a request to
clickfortify.comor the tracking endpoint to confirm it fires - Conversion script installed (if using conversion tracking) — Must be on the thank-you or confirmation page only, not site-wide
- Conversion setup completed — Conversion event named and configured in Conversion Setup page
- No console errors — Open DevTools → Console on your landing page; no script-related errors should appear
Phase 4: Google Ads Connection
- Google account authorized — Connected via Connect Google Ads (OAuth flow completed)
- Correct ad account selected — If managing multiple Google Ads accounts, confirm the right account ID is active
- Campaigns visible — In Ads Manager, your active Google Ads campaigns appear in the list
- Auto-sync confirmed — ClickFortify should be able to push IP exclusions to Google Ads; verify this is not blocked by account permissions
Phase 5: Protection Configuration
This is the most important phase. Get these settings wrong and either fraud gets through or legitimate traffic gets blocked.
Action Mode
- Action Mode selected in Protection settings
| Mode | When to Use |
|---|---|
| Observe | New accounts, first 1–2 weeks — see fraud without any blocking. Use this to calibrate. |
| Warn | Standard — flags bad clicks and pushes exclusions to Google Ads for high-confidence threats |
| Strict | High-fraud environments — maximum blocking, may suppress borderline traffic |
Recommended for launch: Start on Warn unless you have specific reason to use Strict. Switch from Observe to Warn after reviewing your first week of data.
Sensitivity Level
- Sensitivity Level set (1–5 scale in Protection settings)
| Level | Behavior |
|---|---|
| 1–2 | Only blocks highest-confidence fraud (obvious bots, repeat IP abuse) |
| 3 | Balanced — recommended default for most accounts |
| 4–5 | Aggressive — flags VPN, proxies, borderline behavior; may affect edge-case real users |
Recommended for launch: Level 3 unless you are in a high-fraud niche (finance, insurance, legal). Adjust after first two weeks based on data.
Automation Rules
- At least one automation rule active — Even default rules provide meaningful coverage
Review the three rule types and enable those appropriate for your traffic:
| Rule Type | What It Does |
|---|---|
| Scout | Targets repeat clickers and IP patterns — good baseline for any account |
| Hunter | Targets data centers, proxies, and bot signatures — recommended for B2C campaigns |
| Custom | Lets you set specific thresholds (e.g., block any IP after 3 clicks in 24h) — use when you see specific patterns in data |
- Rule conditions reviewed — Confirm thresholds match your traffic volume (a site with 50 clicks/day needs different thresholds than 5,000/day)
- Rule actions set — Each rule should have a defined action:
block,flag, ormonitor
Phase 6: Go-Live Verification
Run these checks immediately after turning protection on (switching Action Mode from Observe to Warn or Strict).
- Clicks appearing in Click Traffic — Visit your site from a real device with a real browser; the click should appear in Click Traffic within 1–2 minutes
- Click status is
good— Your own test click should show asgood, notbad(if it shows as bad, check your own IP is not in the blocklist) - Blocklist is empty (for new accounts) — No IPs should be pre-blocked before you have real data
- Ads Manager shows your campaigns — All active Google Ads campaigns are visible
- Exclusion sync test — If in Warn or Strict mode, confirm that when ClickFortify flags an IP, it appears in your Google Ads IP exclusions list within the expected sync window
- Dashboard loads without errors — No broken widgets, missing data, or JavaScript errors
Phase 7: First Week Schedule
| Day | Task |
|---|---|
| Day 1 | Verify clicks are flowing in Click Traffic — check timestamps and IP data look correct |
| Day 2 | Review the Dashboard Threat Summary — are any spikes unusual for your traffic? |
| Day 3 | Open Click Traffic, filter by Status = Bad — review your first flagged clicks; do they look like real fraud? |
| Day 5 | Check Ads Manager — are exclusions appearing in your Google Ads account for the flagged IPs? |
| Day 7 | Review protection settings: is the sensitivity level catching real fraud without blocking legitimate traffic? Adjust if needed. |
Phase 8: Agency / Client Handoff (If Applicable)
If you are setting this up for a client, complete these before handing over:
- Client added to Team Management with appropriate role
- Emergency email is client's email, not just yours
- Alert thresholds reviewed — client should receive alerts at a volume that is actionable, not overwhelming
- Monthly report scheduled — walk the client through how to generate a ClickFortify report for refund claims
- Documentation shared — point client to Weekly Workflow and Monthly Review for ongoing routines
Quick Reference: What to Do If Something Is Off
| Issue | Where to Check |
|---|---|
| No clicks appearing | Tracking Script page — verify script is installed correctly |
| All clicks showing as bad | Protection settings — sensitivity may be too high; review blocklist |
| Google Ads exclusions not syncing | Connect Google Ads — re-authorize if token has expired |
| Conversions not tracking | Conversion Setup — confirm event name matches what's on your confirmation page |
| Team member not receiving alerts | Team Management — confirm email and role are correct |
After clearing this checklist, transition to the Weekly Workflow for ongoing protection management. The first weekly review is the most important — it tells you whether your launch settings are calibrated correctly.