Types of honeypots

Types of honeypots, traps embedded in a website’s code or form that real users don’t see or interact with, but bots might. When bots trigger them, Tapper flags or blocks them as likely invalid traffic.

Here’s a breakdown of each:

🕳️ Honeypot Types (What They Are & Why They're Useful)

HIDDEN_FORM_SUBMISSION = 0
A full form that is visually hidden. Bots may autofill and submit it. Legitimate users never see it.

HIDDEN_TEXT_INPUT = 1
A hidden text field (e.g., fake "first name" input). Bots often fill every field they detect, including hidden ones.

HIDDEN_CHECKBOX_INPUT = 2
A hidden checkbox. If it’s checked on submission, likely a bot.

HIDDEN_RADIO_INPUT = 3
Same concept as above but using radio buttons. Bots may randomly select options.

HIDDEN_BUTTON_CLICK = 4
A hidden button. If clicked, indicates bot behavior (e.g., auto-clickers or headless browsers).

FORM_SUBMISSION_TIME_BASED_TRAP = 5
If a form is submitted too quickly after loading (e.g., <2 seconds), it’s suspicious — humans take time to read/fill forms.

JS_VARIABLE_WRITE = 6
A hidden JS variable (e.g., window.__honeypotTriggered = true). Bots that execute JavaScript or manipulate variables might overwrite it — revealing themselves.

HIDDEN_LINK_CLICK = 7
A hidden hyperlink. If clicked, likely a bot navigating DOM elements without visual context.

Updated on: 19/05/2025