The pipeline
Load the SDK
Your page imports
t.js and calls Tripwire.start(). The SDK opens an encrypted session and begins collecting signals immediately.Collect signals
The SDK runs environment probes, fingerprinting, and behavioral observation. All data is encrypted and streamed to Tripwire’s servers in real time.
Freeze the fingerprint
Once enough data is collected, the SDK freezes a durable device fingerprint. The browser learns that fingerprinting is ready, but never receives the fingerprint itself.
Get a session handoff
When the user performs a sensitive action, your code calls
getSession(). Tripwire flushes pending observations, evaluates the session, and returns { sessionId, sealedToken }.What gets scored
Tripwire combines 350+ signals across 8 detection categories:| Category | What it detects | Examples |
|---|---|---|
| Environment | Automation frameworks, headless browsers | navigator.webdriver, Playwright globals, stealth artifacts |
| Fingerprint | Spoofed or manipulated device profiles | WebGL anomalies, canvas noise, anti-detect patterns |
| Event trust | Synthetic vs real user events | isTrusted === false, clicks without mousemove |
| Mouse | Automated mouse movement | Linear paths, teleported cursor, Fitts’ Law violations |
| Keyboard | Automated typing | Uniform timing, paste-only input, missing rollover |
| Timing | Inhuman speed patterns | Sub-50ms first interaction, >800 CPM form entry |
| Touch | Synthetic touch events | On mobile: speed variance, multi-touch ratios |
| Anti-tamper | Client/server mismatches | UA vs TLS fingerprint, HTTP headers vs JS claims |
Why scoring is server-side
Tripwire intentionally keeps all scoring logic off the browser:- Thresholds stay server-side — nothing in the browser reveals scoring logic
- Observations are encrypted — binary payloads, not readable JSON
- Server cross-validates — compares browser claims against TLS fingerprint, IP context, and request headers
- The browser never sees results — no verdicts, scores, or visitor IDs leak to the page
- Your backend is the policy point — you decide what to do, not the browser
Evaluation phases
| Phase | When it runs | What it uses | Confidence |
|---|---|---|---|
| Snapshot | Immediately | Environment, fingerprint, anti-tamper | Catches obvious automation fast |
| Behavioral | After user interaction | Mouse, keyboard, touch, timing | Higher confidence for ambiguous sessions |
getSession(). If the user has interacted with the page, the behavioral phase adds significantly stronger signals.
What’s next
- Detection categories — deeper look at each signal family
- Verdicts & scoring — how scores map to verdicts
- Browser SDK — the client-side API