How Tapper uses browser fingerprints to detect invalid traffic

Tapper uses advanced browser fingerprinting technology—built on top of tools like CreepJS—to help identify bots, spoofed devices, and other forms of invalid traffic. This guide explains how fingerprint data is used in our system and why it's important for protecting your ad budget.

1. Detecting Inconsistencies Between Browser APIs

Modern browsers expose a range of APIs that provide information about the user's environment, including the device, browser, language, screen resolution, and more. We cross-check values between these APIs to identify inconsistencies that may indicate spoofing or automation.

Example checks include:

• Comparing navigator.userAgent with navigator.platform and screen dimensions
• Cross-referencing window.devicePixelRatio with screen resolution
• Matching navigator.languages with HTTP headers like Accept-Language

Inconsistencies across these values often signal bot frameworks or fingerprint spoofers.

2. Identifying Headless or Automated Browsers

Tapper uses fingerprint signals that help flag headless browsers, automation tools, and virtual machines. These indicators may include:

• navigator.webdriver set to true
• Missing or uniform values from WebGL, Audio, or Canvas APIs
• Lack of hardware fingerprint diversity (e.g., fonts, plugins, audio contexts)

These signals are commonly seen in environments running Puppeteer, Selenium, or commercial click farms.

3. Monitoring Fingerprint Stability Over Time

We record how fingerprints behave across sessions. A typical user will have a stable fingerprint over time. Bots, by contrast, often rotate proxies, spoof devices, or reconfigure browser states—resulting in unstable or frequently changing fingerprints.

Tracking this change helps us assess session legitimacy and spot suspicious patterns.

4. Matching Fingerprints With Geographic Data

Fingerprints contain timezone and language data that can be compared against the user’s IP address and geolocation. For example, if a browser reports a US timezone but the IP is in Eastern Europe, this mismatch raises a red flag.

This helps uncover residential proxy networks and spoofed geo behavior.

5. Behavioral Fingerprinting

In addition to technical fingerprints, Tapper also captures behavioral data to enhance fraud detection. We analyze:

• Scroll speed and movement patterns
• Click frequency and placement
• Tab focus and visibility changes
• Timing between user actions

Bots often produce uniform, unnatural, or too-perfect behavior, which Tapper is trained to detect.

6. Generating a Fingerprint Risk Score

All fingerprint signals are compiled into a composite risk score. This score helps determine how suspicious a given session is and contributes to Tapper’s decision-making on whether to allow, block, or flag the session as potentially invalid.

We classify sessions into tiers (e.g., low, moderate, high risk) based on a weighted assessment of fingerprint quality, behavior, and consistency.

If you’re interested in seeing the fingerprint data Tapper collects or would like to learn how this contributes to our fraud prevention engine, contact our support team or your onboarding specialist.

Updated on: 25/05/2025