Open-source adapters — closed brain — zero per-request callouts

Harden your drop.
Stop bots before checkout.

dropify.dev is a three-product edge security suite for high-demand e-commerce drops. Cryptographic request signing, local rate-limiting, and a fair waiting room — on any stack, no DNS hijack required.

Start protecting drops See pricing
<30ms p99 admission latency
$0.004 COGS per 1k queued visitors
0 per-request callouts to our cloud

The suite

Three products. One adapter. One dashboard.

Every product enforces locally using a signed policy blob from the brain. Your origin never exposes its secret logic.

S

Shield

Cryptographic request signing

Each request is signed with an HMAC token derived from a per-tenant base secret that never leaves our brain. The adapter validates the signature locally with a short-lived epoch salt — zero per-request callout, zero replay risk. Works inside a Cloudflare Worker, a WooCommerce plugin, or a Node server.

  • HMAC-SHA256 with epoch-salt rotation (~5 min)
  • Replay prevention via nonce Durable Object
  • Open-source adapters (MIT) for every major stack
  • Forged-policy rejection — brain key never ships
G

Guard

Local rate-limiting + badlist enforcement

Rate limits and bans enforced entirely at the edge by a brain-signed policy blob. No per-request round-trip to our cloud. Cross-tenant intel and updated thresholds are pushed via periodic brain sync. Fail-safe: falls back to last-known-good policy if the brain is unreachable.

  • ECDSA-signed badlist pulled from the brain on a configurable interval
  • ~0.2 µs per-request enforcement overhead (no I/O)
  • Stops inventory hoarding, add-to-cart bots, credential stuffing
  • Tenants can tune thresholds & TTLs in the signed policy
Q

Drop Room

Fair waiting rooms for high-demand drops

Cloudflare Durable-Object waiting rooms with cryptographic fairness. Visitors join a queue, solve a PoW + Turnstile challenge, and receive a signed pass. The adapter validates the pass locally — no callout per checkout page load. Hosted on *.dropify.dev or your own domain (Infinite tier).

  • DO-backed admission with per-tenant serving-rate control
  • PoW + Turnstile challenge blocks automated queue-jumping
  • p99 added latency under 30 ms (Smart Placement + DO sharding)
  • Unlimited simultaneous drop events per tenant

The architecture

Any stack. No DNS hijack. No PCI liability.

Queue-it and Queue-Fair both force a tradeoff: either become their reverse proxy or lose enforcement guarantees. We solved this the same way Queue-Fair did — but for all three products. The brain (signing algorithm, scoring, queue admission) runs in our Cloudflare account. Thin open-source adapters run wherever you already are, validating locally with a signed token.

Your WooCommerce server, your Cloudflare Worker, your Node backend — all protected without routing your traffic through us. No bandwidth liability for us, no performance hit for you, no PCI scope creep.

Get started
Brain (our cloud)
  • Signing algorithm
  • Queue admission
  • Scoring + intel
  • Badlist + policy

signed token / policy
Your CF Worker

validate locally

WooCommerce plugin

validate locally

Node SDK

validate locally

Why dropify.dev

Competitors sell one product. We ship three.

dropify.dev CrowdHandler Queue-it Arcjet
Waiting room / queue Yes (Drop Room) Yes Yes No
Bot / request signing Yes (Shield) No No Yes
Rate limiting + badlist Yes (Guard) No No Yes
Local enforcement (no per-request callout) Yes No No Yes
Open-source adapters (MIT) Yes No No Yes
Works without DNS change Yes Yes Partial Yes
Annual contract required No No Yes No
Mid-market drop price (50k visitors/event) ~$1,749/mo $3,200/mo
(queue only)		 $3,750+/mo
(annual)		 N/A
Most popular
Drop Suite
$499 /mo
+ $25 per 1k queued visitors
Start Drop Suite
Enterprise
Infinite
$1,999 /mo
+ $15 per 1k queued visitors
Start Infinite

Pricing

Flat base. Metered drops.
No surprises.

Two tiers: Drop Suite for established stores, Infinite for enterprise volume and ticketing agencies. Queue usage is metered and billed in arrears at the end of the month — you only pay for the drops you run.

Full pricing breakdown

Your next drop. Protected.

Set up in minutes. Install the open-source adapter for your stack, paste in your adapter key, and you're live.

Create your account Compare plans