By default, Castle assumes that events are tracked from a web server environment, more specifically all events coming from your backend needs to reference the
However, if you have activity generated from other sources, such as a mobile app or a REST API, you will need to set the
X-Castle-Source header in order to tell Castle to make adjustments to its threat detection logic.
||The backend library requires the tracking cookie to be set and try to match activity and properties tracked from the client and the backend.|
||When you are not using Castle.js to track client activity. Instead you track events, and optionally page views, from your backend. In this mode Castle will not look for a tracking cookie.|