For what it seems you want to accomplish, based on the initial post, you could just enable “I’m under attack” mode on Dashboard > Firewall > Settings.
Then you should create a few page rules for the desired paths, with a setting “Security Level: High”. You could create one per URL or it could be just one page rule for the whole /billing/ path:
Security Level: High
“I’m under attack” mode bypasses Google and other search engine by default. Also, it does not generate a Firewall Events log entry for each request, something a Firewall Rule will do.
However, any attempt to JS Challenge all visitors, either via the IUA mode or firewall rules is sure to annoy your visitors. Appeasing Google to attract visitors should not be your main goal. Since this seems to be a new website, I’m not sure why it would warrant a “challenge all” approach, especially in a moment when the website is being first launched.
I’d rather create behavior-based firewall rules to block suspicious activities. For that, you should get acquainted the Firewall documentation to get a better understanding of what each action does, how to properly combine conditions etc.