Skip to main content

botScore

botScore (number): A number ranging from 1 to 5, indicating the likelihood that the browser is being controlled by a bot or similar automated software.

Important: Old browsers are more likely to be flagged as bots. Additionally, users with uncommon or atypical browsers may also be flagged as suspicious.

Score Description

  • 5 (Bot): High confidence; strongly suggests automation.
  • 4 (Bot): Medium confidence; environment suggests automation.
  • 3 (Human): Low confidence; environment is ambiguous.
  • 2 (Human): Medium confidence; likely human.
  • 1 (Human): High confidence; user is probably a human.

Usage Recommendations

All Applications

  • Delayed Execution: Execute opjs() after user interaction (e.g., button click) for better bot detection results.
  • Data Privacy: Ensure compliance with applicable privacy laws when collecting and storing fingerprint data.
  • Server-Side Verification: Use the authToken to verify data with OverpoweredJS servers to prevent forgery.
  • Logging: Keep detailed logs of blocked attempts for further analysis and to help fine-tune the detection criteria over time.

Low-Risk Applications

  • Blocking Criteria: Block users with a botScore of 5.
  • Rationale: This conservative approach minimizes the risk of falsely blocking legitimate users—even if they are using outdated or uncommon browsers.

Standard Applications

  • Blocking Criteria: Block users with a botScore of 4 or higher.
  • Rationale: This is the recommended option for most applications, only blocking the most suspicious browsers with little cross over with real humans.

High-Risk Applications

  • Blocking Criteria: Block users with a botScore of 3 or higher.
  • Rationale: This setting strikes a balance by targeting high-risk environments while accepting a higher chance of false positives, particularly from users with older or unusual browsers.

Very High-Risk Applications

  • Blocking Criteria: Block users with a botScore of 2 or higher.
  • Rationale: This aggressive policy is designed for environments with strong security requirements. It targets any even remotely suspicious browser with high levels of false positives.