← Glossary

Anti-Bot Glossary

How modern bot-detection systems work — fingerprinting, behavioral signals, and the challenges that block automated traffic.

What Is Cloudflare Turnstile?

Cloudflare Turnstile is a CAPTCHA-replacement service that verifies a visitor is a human without showing a traditional puzzle.

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to distinguish automated traffic from human users — and to block, challenge, or throttle the automated half.

What Is TLS Fingerprinting (JA3/JA4)?

TLS fingerprinting is a technique that identifies an HTTP client from its TLS handshake — before the server reads a single request byte.

What Is Canvas Fingerprinting?

Canvas fingerprinting is a browser-identification technique that asks the browser to draw an invisible image and hashes the resulting pixel data.

What Is DataDome?

DataDome is a bot-protection vendor used on roughly 1,200 enterprise sites, scoring more than 5 trillion signals per day.

What Is Akamai Bot Manager?

Akamai Bot Manager is an enterprise bot-protection product used by roughly 30% of the Fortune 500 — airlines, banks, retailers, ticketing.

What Is PerimeterX (HUMAN)?

PerimeterX, now operating as part of HUMAN Security, is a bot-protection vendor whose biggest asset is its network.

What Is Kasada?

Kasada is a gatekeeper-proxy bot defense used by major retailers, ticketing platforms, and sneaker drops.

What Is F5 Shape Security?

F5 Shape Security is the most sophisticated anti-bot product on the market — F5 paid $1 billion to acquire Shape in 2020 and the price reflects what it does.

What Is WASM Fingerprinting?

WebAssembly fingerprinting is a 2026 detection layer that probes the actual CPU through WASM SIMD instructions and uses WebAssembly.Memory({shared:true}) as a high-resolution timer.

What Is HTTP/2 Fingerprinting?

HTTP/2 fingerprinting identifies an HTTP client from its SETTINGS frame and frame-level behaviour, independent of the TLS layer.

What Is a WebRTC IP Leak?

A WebRTC IP leak is the most-overlooked failure mode in browser-based scraping in 2026: WebRTC reveals your real local and public IP via STUN candidates even when all your HTTP tra.

What Is a DOM Honeypot?

A DOM honeypot is an invisible form field or link that humans never see but bots fill in or click.

What Is Scraper Data Poisoning?

Data poisoning is when a site detects a likely scraper and silently serves different data: fake prices, fabricated reviews, wrong stock counts, slightly altered product description.

What Is Anubis (Anti-AI-Scraper Firewall)?

Anubis is an open-source MIT-licensed reverse proxy that issues a SHA-256 proof-of-work challenge before serving HTTP requests, built specifically to slow down AI scrapers that ign.

What Is Behavioural Bot Detection?

Behavioural bot detection is the layer of anti-bot scoring that asks "how does this client act?" rather than "what is it?".

What Is a Session Cookie?

A session cookie is an HTTP cookie that has no Max-Age or Expires attribute, so the browser stores it only in memory and deletes it when the browsing session ends.

How Do Websites Detect Web Scrapers?

Websites detect scrapers by collecting hundreds of signals across the network, transport, browser, and behavioral layers, then scoring the combination against models of known-good .

What Is an Anti-Scraping Mechanism?

An anti-scraping mechanism is any technical control a website uses to detect, slow, or block automated requests.

What Is Headless Browser Detection?

Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real user's browser.

What Is Browser Fingerprinting Evasion?

Browser fingerprinting evasion is the practice of configuring an automated browser so that the combined fingerprint it presents — canvas, WebGL, audio, fonts, navigator probes, TLS.

Anti-Bot Vendor Detection Cheatsheet

The first step of any scrape against a protected site is identifying which anti-bot vendor is in front of it.

What Is Cloudflare Bot Management?

Cloudflare Bot Management is the enterprise-tier ML scoring system Cloudflare runs on every request to a protected zone.

What Is Imperva Incapsula?

Imperva Incapsula is the enterprise WAF and bot-protection product from Imperva (acquired by Thales in 2023).

What Is AWS WAF Bot Control?

AWS WAF Bot Control is the managed rule group inside AWS WAF that classifies and blocks bot traffic.

What Is Forter?

Forter is an identity-and-trust platform used at e-commerce checkout, not a traditional anti-bot product.

What Is Riskified?

Riskified is a chargeback-guarantee platform for e-commerce checkout.

What Is WebGL Fingerprinting?

WebGL fingerprinting reads identifying information directly from the GPU.

What Is AudioContext Fingerprinting?

AudioContext fingerprinting plays a silent waveform through the Web Audio API, then reads back the resulting floating-point samples and hashes them.

What Is Function.toString() Inspection?

Function.prototype.toString() inspection is the technique anti-bot scripts use to detect runtime JavaScript patches.

What Is Font Fingerprinting?

Font fingerprinting identifies a device by discovering which fonts are installed and measuring how the system renders text.

What Is Math & JS Engine Fingerprinting?

Math fingerprinting identifies a runtime by computing transcendental functions (sin, cos, tan, exp, log, pow) at fixed inputs and reading the least-significant bits of the results.

What Is Fingerprint Lie Detection?

Fingerprint lie detection is the practice of verifying that the signals a browser reports are internally consistent and untampered, rather than trusting them at face value.

What Is Favicon Fingerprinting (Supercookies)?

Favicon fingerprinting (the “Supercookie” technique) abuses the browser’s separate, long-lived favicon cache to store a persistent identifier that ordinary cookie controls do not c.

What Is Browser Extension Detection?

Browser extension detection infers which extensions are installed by probing for the resources and side effects they expose to web pages.

What Is Sensor Fingerprinting?

Sensor fingerprinting identifies a mobile device from the minute calibration errors in its motion and environment sensors.

What Is Battery Status API Fingerprinting?

Battery Status API fingerprinting used the precise charge level and charging/discharging times exposed by navigator.getBattery() as a short-lived device identifier.

What Is Timing & Cache Side-Channel Fingerprinting?

Timing-based fingerprinting uses high-resolution clocks to measure how long operations take, turning microarchitectural and rendering behaviour into a hardware signature.

What Is Fingerprint Clustering?

Fingerprint clustering is the practice of grouping fingerprints from millions of real visitors by similarity, then rejecting any new visitor whose fingerprint does not fall inside .

How to Build an Anti-Bot Challenge

An anti-bot challenge is a client-side test — proof-of-work, fingerprint collection, or a behavioural probe — that a server issues to separate real browsers from automation before .

What Is JA4 Fingerprinting?

JA4 is a TLS client fingerprint that replaced JA3 after Chrome began randomising the order of its TLS extensions.

What Is Residential Proxy Detection?

Residential proxy detection is the set of techniques anti-bot systems use to flag traffic that is being routed through a residential proxy pool, even though the visible IP address .

What Is Fingerprint Entropy?

Fingerprint entropy measures how much identifying information a browser attribute carries, expressed in bits.