One line of HTML. Add a live ExistBefore badge to any website, blog, portfolio or news article. The badge always reflects the current proof status (T0 → T1 → T2). Nothing about your visitors is sent to ExistBefore — only the public attestation ID is fetched.
Quick start
Replace att_28525 with your attestation ID. The anchor stays a clean navigable link if the badge script fails to load.
<a href="https://existbefore.com/proof/att_28525"
class="existbefore-badge"
data-att="att_28525">ExistBefore certified</a>
<script async src="https://existbefore.com/embed.js"></script>Live preview
Below is a real, live badge. Click it to open the proof page in a new tab.
Why use it
- Always live. The badge re-fetches the current state on every page view, even on cached or archived pages — no stale snapshots.
- Auto-upgrades. When the attestation reaches T1 (eIDAS TSA) or T2 (Bitcoin anchor), the badge updates automatically. You never need to edit the embed.
- Zero tracking. No cookies. No localStorage. No analytics. The script reads only the
data-attattribute on its own anchor. - Privacy by design. The script never reads any other DOM content of the host page and never sends anything from the host page to ExistBefore.
- Graceful fallback. If the network call fails, the anchor stays a navigable link to the proof page — no broken UI.
- Lightweight. ~5 KB gzipped, no dependencies, modern browsers only.
Security and privacy contract
- The script is shipped verbatim from
https://existbefore.com/embed.jsover TLS. - It validates the
data-attvalue against a strict regex (^[a-zA-Z0-9][a-zA-Z0-9_-]{1,255}$) before any network call. - It calls only
GET https://existbefore.com/api/attestation/<id>/status. This endpoint is public, anonymous, rate-limited per IP, and never accepts user content — only the (already public) attestation ID. - It does not use
innerHTMLwith any value sourced from the API; status text is set viatextContentonly. - It does not pollute the global namespace (no
window.ExistBefore, just side effects). - It cannot bypass the host page's Content-Security-Policy: if the host page restricts
connect-src, the badge will fall back gracefully.
Recommended host CSP additions:
script-src 'self' https://existbefore.com;
connect-src 'self' https://existbefore.com;
style-src 'self' 'unsafe-inline'; (the badge injects one <style> tag)Customisation
The badge inherits font-family from the host page and respects prefers-color-scheme. To override the visual style, override the CSS rules scoped to .existbefore-badge in your own stylesheet — they have low specificity and will lose to host rules. Themes, sizes, and a Markdown/README-friendly SVG endpoint are planned for a future release.
Attribution
By default the badge advertises its provenance to assistive technologies via aria-label / title (the visible label is unchanged). The text appended is “ · Powered by CertiSigma”. To opt out, set data-attribution="hidden" on the anchor:
<a href="https://existbefore.com/proof/att_28525"
class="existbefore-badge"
data-att="att_28525"
data-attribution="hidden">ExistBefore certified</a>The opt-out is purely cosmetic for screen readers — it never disables the live status check, never changes the visible badge, and never adds extra DOM nodes.
Why no nested link to CertiSigma in the badge: <a> inside <a> is invalid HTML and breaks keyboard / screen-reader navigation. The CertiSigma CTA lives below on this page instead.
FAQ
Does the badge work on Markdown / GitHub READMEs? Not yet — Markdown parsers strip <script> tags and forbid arbitrary HTML on most platforms. An SVG endpoint /badge/<id>.svg for image-based embedding is planned.
Does the badge cost anything? No. ExistBefore is a free public service operated by CertiSigma.
Can I run multiple badges on the same page? Yes. Each .existbefore-badge[data-att] element triggers one independent fetch. The script is idempotent: loading it twice does not re-render.
What happens if my attestation ID is invalid? The badge renders an "Invalid badge ID" fallback that links to /verify. No network call is made.