Anti-Bot

What Is Forter?

By the Scrappey Research Team

What Is Forter? — conceptual illustration
On this page

Forter is a fraud-and-trust platform that runs at e-commerce checkout — it is not a traditional anti-bot product. Instead of blocking scrapers from reading pages, it scores each transaction for fraud risk (fake identities, hijacked accounts, payment abuse) and instantly tells the store whether to approve or decline the order. Most scrapers never meet it, because Forter only fires at checkout, not on product pages. If you are monitoring prices or pulling catalog data, you can ignore it. But if you automate account sign-ups, checkout, or refunds, you will hit Forter on the second request and be quietly turned away.

Quick facts

CategoryFraud / identity — not pure bot protection
Where it firesCheckout, account creation, payment, post-purchase
Detection cookiesfortertoken, ftr_blst_* (device-identity blob)
Decision styleReal-time approve / decline returned to merchant via API
Visibility to scrapersSilent — failed requests look like merchant-side payment failures

What Forter sees and what it decides

Forter is called by the store's checkout backend, not by the CDN (the network of edge servers that usually sits in front of a site). When a shopper clicks "Place Order", the store sends Forter the cart, payment details, a device fingerprint, and a fortertoken. Within a few hundred milliseconds Forter answers: approve, decline, or review. The piece that matters for automation is the device fingerprint — a snapshot of the browser collected by a Forter JavaScript SDK (a script the checkout page loads) that includes canvas/WebGL fingerprints (tiny rendering quirks unique to your graphics hardware), your accept-language header, timezone, and a hardware-tied identity blob.

The key point: Forter scores identity, not just the session. A clean fingerprint is not enough — the identity also has to look real, meaning the IP location matches the billing address, the account has history, and the payment card has a good reputation. That is why scrapers that solve every CAPTCHA still get declined at checkout: the fingerprint says "human" but the identity says "made up".

When scrapers actually encounter Forter

Scrapers doing pure data extraction — price monitoring, listings, reviews — never see Forter; those pages don't call it. You only run into it when you automate an action that touches money or identity:

  • Automated checkout flowsSneaker bots, ticketing bots, retail arbitrage
  • Account creation at scaleBulk sign-ups from the same fingerprint or IP range
  • Coupon & promo-code redemptionOne-per-customer offers claimed in volume
  • Returns & refunds automationProgrammatic refund or chargeback flows

The failure is silent

Checkout just says "Payment declined, please try a different card" — identical to an ordinary card rejection. The real reason is that Forter declined the transaction on identity grounds, not because anything was wrong with the card.

What works against Forter

Hardening your browser fingerprint alone won't help, because Forter scores identity, not fingerprints. The countermeasures are operational, not technical: match the billing address to the IP location, use payment cards with a clean track record, let accounts age and build up real activity before checking out, and avoid the velocity patterns (for example, 10 accounts in 10 minutes from the same IP block) that Forter watches for. Importantly, Forter shares decline signals across every store that uses it — an identity declined at one Forter customer is flagged at all the others.

Related terms

Concept map

How Forter connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · Anti-Bot
Building map…

Frequently asked questions

Is Forter an anti-bot product?

No — it's an anti-fraud / identity-trust product. It doesn't stop scrapers from reading pages. It only fires at checkout, where it decides whether to approve a transaction. Scrapers doing plain data extraction can ignore it.

Why does Forter show up in anti-bot articles then?

Because the line between "bot" and "fraud" blurs at checkout. Sneaker-bot operators, ticket scalpers, and retail-arbitrage automation all hit Forter on the second request, and the usual page-level anti-bot tricks (fingerprint hardening, residential IPs) aren't enough — Forter scores identity, not session.

Can I detect Forter on a target site before checkout?

Yes — check the checkout page for a script tag loading from cdn.forter.com, or look for a fortertoken cookie after you submit cart details. If either is present, expect identity scoring when you place the order.

Last updated: 2026-05-31