How Tapper uses browser fingerprints to detect invalid traffic
Tapper uses advanced browser fingerprinting technology—built on top of tools like CreepJS—to help identify bots, spoofed devices, and other forms of invalid traffic. This guide explains how fingerprint data is used in our system and why it's important for protecting your ad budget.
Modern browsers expose a range of APIs that provide information about the user's environment, including the device, browser, language, screen resolution, and more. We cross-check values between these APIs to identify inconsistencies that may indicate spoofing or automation.
Example checks include:
Comparing navigator.userAgent with navigator.platform and screen dimensions
Cross-referencing window.devicePixelRatio with screen resolution
Matching navigator.languages with HTTP headers like Accept-Language
Inconsistencies across these values often signal bot frameworks or fingerprint spoofers.
Tapper uses fingerprint signals that help flag headless browsers, automation tools, and virtual machines. These indicators may include:
navigator.webdriver set to true
Missing or uniform values from WebGL, Audio, or Canvas APIs
Lack of hardware fingerprint diversity (e.g., fonts, plugins, audio contexts)
These signals are commonly seen in environments running Puppeteer, Selenium, or commercial click farms.
We record how fingerprints behave across sessions. A typical user will have a stable fingerprint over time. Bots, by contrast, often rotate proxies, spoof devices, or reconfigure browser states—resulting in unstable or frequently changing fingerprints.
Tracking this change helps us assess session legitimacy and spot suspicious patterns.
Fingerprints contain timezone and language data that can be compared against the user’s IP address and geolocation. For example, if a browser reports a US timezone but the IP is in Eastern Europe, this mismatch raises a red flag.
This helps uncover residential proxy networks and spoofed geo behavior.
In addition to technical fingerprints, Tapper also captures behavioral data to enhance fraud detection. We analyze:
Scroll speed and movement patterns
Click frequency and placement
Tab focus and visibility changes
Timing between user actions
Bots often produce uniform, unnatural, or too-perfect behavior, which Tapper is trained to detect.
All fingerprint signals are compiled into a composite risk score. This score helps determine how suspicious a given session is and contributes to Tapper’s decision-making on whether to allow, block, or flag the session as potentially invalid.
We classify sessions into tiers (e.g., low, moderate, high risk) based on a weighted assessment of fingerprint quality, behavior, and consistency.
If you’re interested in seeing the fingerprint data Tapper collects or would like to learn how this contributes to our fraud prevention engine, contact our support team or your onboarding specialist.
1. Detecting Inconsistencies Between Browser APIs
Modern browsers expose a range of APIs that provide information about the user's environment, including the device, browser, language, screen resolution, and more. We cross-check values between these APIs to identify inconsistencies that may indicate spoofing or automation.
Example checks include:
Comparing navigator.userAgent with navigator.platform and screen dimensions
Cross-referencing window.devicePixelRatio with screen resolution
Matching navigator.languages with HTTP headers like Accept-Language
Inconsistencies across these values often signal bot frameworks or fingerprint spoofers.
2. Identifying Headless or Automated Browsers
Tapper uses fingerprint signals that help flag headless browsers, automation tools, and virtual machines. These indicators may include:
navigator.webdriver set to true
Missing or uniform values from WebGL, Audio, or Canvas APIs
Lack of hardware fingerprint diversity (e.g., fonts, plugins, audio contexts)
These signals are commonly seen in environments running Puppeteer, Selenium, or commercial click farms.
3. Monitoring Fingerprint Stability Over Time
We record how fingerprints behave across sessions. A typical user will have a stable fingerprint over time. Bots, by contrast, often rotate proxies, spoof devices, or reconfigure browser states—resulting in unstable or frequently changing fingerprints.
Tracking this change helps us assess session legitimacy and spot suspicious patterns.
4. Matching Fingerprints With Geographic Data
Fingerprints contain timezone and language data that can be compared against the user’s IP address and geolocation. For example, if a browser reports a US timezone but the IP is in Eastern Europe, this mismatch raises a red flag.
This helps uncover residential proxy networks and spoofed geo behavior.
5. Behavioral Fingerprinting
In addition to technical fingerprints, Tapper also captures behavioral data to enhance fraud detection. We analyze:
Scroll speed and movement patterns
Click frequency and placement
Tab focus and visibility changes
Timing between user actions
Bots often produce uniform, unnatural, or too-perfect behavior, which Tapper is trained to detect.
6. Generating a Fingerprint Risk Score
All fingerprint signals are compiled into a composite risk score. This score helps determine how suspicious a given session is and contributes to Tapper’s decision-making on whether to allow, block, or flag the session as potentially invalid.
We classify sessions into tiers (e.g., low, moderate, high risk) based on a weighted assessment of fingerprint quality, behavior, and consistency.
If you’re interested in seeing the fingerprint data Tapper collects or would like to learn how this contributes to our fraud prevention engine, contact our support team or your onboarding specialist.
Updated on: 25/05/2025
Thank you!