Each page-load request is allocated a ‘fingerprint’ prior to browsing your site’s content.
This fingerprint takes into account parameters from the client-side device and browser environment. The server-side HTTP request profile is also taken into account.
Clients must solve an asymmetric cryptographic challenge as a proof of work for successful form and AJAX data submissions.
The difficulty of the challenge increases exponentially for malicious requests. This results in expensive CPU work for bots.
Threat research and real time request analysis reveal patterns in bot behavior.
Algorithms match requests with a rapidly expanding database of known bad bots.