Skip to main content

botScore

botScore (number): A number ranging from 1 to 5, indicating the risk that the browser is being controlled by a bot or similar automated software.

Most legitimate browsers will score 1 or 2, indicating little risk. Most bots will score 4 or 5, indicating a concrete risk of automation backed by hard signals. Browsers that score 3 are ambiguous: no definitive automation signals, but an elevated (not conclusive) risk. Typical cases include legacy browsers/OS versions and other heuristic red flags.

Score Description

  • 5 (Bot): High confidence; strongly suggests automation.
  • 4 (Bot): Medium confidence; environment suggests automation.
  • 3 (Human): Low confidence; environment is ambiguous.
  • 2 (Human): Medium confidence; likely human.
  • 1 (Human): High confidence; user is probably a human.

Usage Recommendations

All Applications

  • Delayed Execution: Execute opjs() after user interaction (e.g., button click) for better bot detection results.
  • Data Privacy: Ensure compliance with applicable privacy laws when collecting and storing fingerprint data.
  • Server-Side Verification: Use JWT Signatures to verify data with OverpoweredJS servers to prevent forgery.
  • Logging: Keep detailed logs of blocked attempts for further analysis and to help fine-tune the detection criteria over time.

Low-Risk Applications

  • Blocking Criteria: Block users with a botScore of 5.
  • Rationale: This conservative approach minimizes the risk of falsely blocking legitimate users—even if the browser environment is otherwise rather suspicious.

Standard Applications

  • Blocking Criteria: Block users with a botScore of 4 or higher.
  • Rationale: This is the recommended option for most applications, only blocking the most suspicious browsers with little cross over with real humans.

High-Risk Applications

  • Blocking Criteria: Block users with a botScore of 3 or higher.
  • Rationale: This setting strikes a balance by targeting higher-risk environments while accepting a higher chance of false positives, particularly from users with older or unusual browsers or devices.

Very High-Risk Applications

  • Blocking Criteria: Block users with a botScore of 2 or higher.
  • Rationale: This aggressive policy is designed for environments with strong security requirements. It targets any even remotely suspicious browser with high levels of false positives.