Latency Best Practices
At Arkose Labs, we've identified a set of proven changes that can significantly reduce Client API latency in customer integrations. When applied together, these recommendations have reduced latency by as much as 50% in real-world implementations.
Quick Fixes
These changes are low-effort and should be applied to all integrations.
Remove async and defer from the Script Tag
async and defer from the Script TagDo not use the async or defer attributes on the Client API script tag. Testing shows that omitting these attributes significantly reduces load latency.
Your script tag should look like this:
<script
src="https://<COMPANY>-api.arkoselabs.com/v2/<YOUR_PUBLIC_KEY>/api.js"
data-callback="setupEnforcement">
</script>Replace <COMPANY> and <YOUR_PUBLIC_KEY> with your actual values. Contact your Customer Success Manager if you are unsure of these fields.
Avoid requestIdleCallback When Injecting the Script Dynamically
requestIdleCallback When Injecting the Script DynamicallyIf you are adding the Client API script to the page via JavaScript, do not use requestIdleCallback to do so. This method intentionally defers execution until the browser is idle, which can introduce unpredictable delays into the loading process and impact our ability to protect your workflow.
Use a direct script injection or trigger initialisation at a predictable point in your page lifecycle instead.
Load the Client API Early
For Single Page Applications (SPAs), load the Client API before the point at which it is actually needed. This allows the script to initialise in the background while the user is completing earlier steps.
Example: Multi-Screen Login Flow
An example of a login flow that uses the following three steps:
- Email entry
- Password entry
- Arkose Titan run
Initially, the loading of our Client API was only happening when the user reached the Arkose Titan part of the flow, which forced users to wait for the script to load before they could proceed.
By moving the Client API load to the email entry screen, the script had fully initialised by the time users reached the challenge, reducing user perceived latency to nearly zero.
Add Prefetch and Preload Tags
Adding resource hints to the <head> of your page allows the browser to prepare connections and begin loading the Client API script early. These tags must be placed before the Client API script tag loads, ideally as early in the <head> as possible.
Connection Warm-Up
If you are loading the Client API from an Arkose Labs domain or from a subdomain that is different to the current integration page, add these two tags to pre-resolve DNS and establish the connection early:
<link rel="dns-prefetch" href="https://<company>-api.arkoselabs.com">
<link rel="preconnect" href="https://<company>-api.arkoselabs.com" crossorigin>Script Preload
This tag instructs the browser to start loading the api.js file for a given public key before it is explicitly needed.
<link
rel="preload"
href="https://<URL>/v2/<YOUR_PUBLIC_KEY>/api.js"
as="script"
crossorigin
>Replace <URL> with either <COMPANY>-api.arkoselabs.com or your vanity URL subdomain, and <YOUR_PUBLIC_KEY> with the public key for the integration you want to preload.
Note: The
crossoriginattribute is required on the preload tag. Omitting it will cause the browser to download the script twice, increasing latency rather than reducing it.
For best results, include this tag in the static HTML of your <head>. It can also be injected dynamically, provided it is added to the page before api.js begins loading.
Reduce Page Load Complexity
When the Client API loads alongside many other assets, browsers assign it lower loading priority because it is a third-party script (served from an external domain). Reducing the number and size of assets loading in parallel directly improves Client API load and initialisation time.
Why Third-Party Scripts Load Slower
Browsers treat scripts from external domains at a lower priority than scripts from your own domain. This means the Client API often loads and executes after your own scripts, adding latency before the onReady callback fires. This effect is amplified on older and lower-powered devices.
Real-World Example
A customer reported higher-than-expected latency. Investigation found:
- 94 assets loading simultaneously alongside the Client API
- The Client API was flagged as low priority by the browser
- 14.7 MB of assets loading at page load
After reducing to 59 assets, bringing total page weight down to 5.7 MB, and loading the Client API earlier in the asset sequence:
- Overall Client API latency dropped by 50%
- Latency on low-powered devices dropped by 60%
Recommendations
- Minimise the number of assets loading in parallel with the Client API
- Keep the total file size of concurrently loading assets as low as possible
- Load the Client API earlier in your asset loading sequence
Use a Vanity URL
Arkose Labs supports Vanity URLs, which allow you to serve the Client API from a subdomain of your own domain (e.g., arkose.yourdomain.com).
When assets are served from your own domain, browsers treat them as first-party scripts and assign them higher loading and execution priority. The result is faster load times and lower latency, particularly noticeable on slower networks and lower-end devices where third-party script de-prioritisation has the most impact.
Contact your Customer Success Manager to enable Vanity URLs for your integration.
Integration Type Considerations
Some integration configurations introduce additional network calls that increase latency. If latency is a priority, review the following.
Hosted Iframes
Hosted iframes are useful for code isolation and prevent scripts within the iframe from manipulating the DOM where the iframe was loaded. The tradeoff is performance: each iframe requires an additional network call and loads a self-contained HTML document, including its own CSS and JavaScript, which adds to total load time compared to our standard integration.
Subresource Integrity (SRI)
Arkose Labs supports end-to-end Subresource Integrity checks, which verify the Client API script before execution. This requires an extra network call to retrieve the integrity hash, adding latency.
Using SRI together with a hosted iframe adds two extra network calls compared to a standard integration.
Note: SRI and hosted iframes offer meaningful security benefits. Weigh these carefully against your latency requirements before making changes.
Summary
Achieving minimal Client API latency is rarely the result of a single change — it is the cumulative effect of good integration decisions at multiple levels.
| Recommendation | Effort | Impact |
|---|---|---|
Remove async / defer from script tag | Low | High |
Avoid requestIdleCallback for script injection | Low | Medium |
| Load Client API earlier in the user flow | Low–Medium | High |
| Add prefetch / preconnect / preload tags | Low | Medium |
| Reduce parallel assets at page load | Medium | High — up to 50% reduction |
| Enable Vanity URL | Medium | High |
| Evaluate hosted iframe / SRI usage | Medium | Medium |
Need help implementing any of these recommendations? Contact your Arkose Labs Customer Success Manager or reach out to our support team.