Advanced Usage
SPA re-identification, storage hints, and the CHIPS cookie.
The CDN tag covers most integrations. These topics are for finer control.
Re-identifying in single-page apps
The CDN tag fingerprints once per full page load. To re-run on a client-side route change, re-insert the script (the simplest reliable approach), then read window.AAArgus again:
function reidentify(siteId) {
document.querySelector('script[data-argus]')?.remove();
delete window.AAArgus;
const s = document.createElement('script');
s.src = 'https://fpcdn.api-armor.com/js/dfs.min.js';
s.async = true;
s.setAttribute('site-id', siteId);
s.setAttribute('data-argus', '1');
document.body.appendChild(s);
}Do you need this?
A device's argus_visitor_id doesn't change between routes, so most apps fingerprint once and reuse the value. Re-identify only if you want a fresh bot_score/match_score per view.
How re-recognition works: hints
To recognize a returning device cheaply, Argus stores the argus_visitor_id in two places and sends them back on the next request:
- Cookie — the
aa_fpCHIPS cookie (see Response reference). Sent automatically because the request usescredentials: 'include'. - localStorage — a fallback the SDK reads and sends as the
X-AA-FP-Storageheader when the cookie is missing (e.g. cookies cleared but storage intact).
If either hint matches, id_source is cookie or storage. Otherwise Argus falls back to signal-similarity matching.
Cross-origin credentials
Argus is hosted on a different origin than your site, so the cookie is cross-origin. The SDK sends requests with credentials: 'include'; the service echoes your Origin and sets Access-Control-Allow-Credentials: true. Browser settings that block all third-party/partitioned cookies will force the localStorage hint or signal-matching path.