Categories
Environment
Detects automation frameworks and headless browser indicators. Checks for:- WebDriver API presence (
navigator.webdriver) - Automation globals (
__playwright,__selenium,cdc_*) - Headless browser markers (zero plugins, missing APIs)
- Stealth plugin artifacts
Fingerprint
Analyzes the device’s hardware and software configuration for consistency:- WebGL renderer and extensions
- Canvas and audio fingerprinting
- Screen geometry anomalies
- Anti-detect browser noise patterns
Behavioral
Observes how the user interacts with the page:- Mouse movement patterns (linearity, speed, Fitts’ Law compliance)
- Keyboard timing (inter-keystroke intervals, rollover patterns)
- Touch dynamics (for mobile devices)
- Form interaction timing
inconclusive verdicts.
Timing
Measures temporal patterns:- Time to first interaction
- Form completion speed
- Suspiciously regular intervals (100ms, 250ms, 500ms)
Anti-tamper
Server-side cross-validation of client-reported data:- User-Agent vs HTTP headers consistency
- TLS fingerprint (JA4) vs claimed browser
- Network characteristics vs device claims
How categories combine
The scoring pipeline weights each category and combines them:- Short-circuit — definitive signals (e.g.,
navigator.webdriver === true) immediately produce abotverdict - Weighted combination — non-definitive signals are combined with category weights
- Corroboration — behavioral signals alone cannot produce a
botverdict without deterministic corroboration - Normalization — final score mapped to 0–1 range via sigmoid function
What’s next
- Verdicts & scoring — how scores map to verdicts
- How it works — the full detection pipeline