tracio.aidocs

Getting Started

  • Overview
  • Quick Start
  • How It Works

SDK & API

  • Device Identification JS Agent
  • Trace API Reference
  • Trace Webhooks

Features

  • Device Identification Engine
  • Bot Detection
  • Trace Signals
  • IP Intelligence

Advanced

  • Cloud Deployment
  • Privacy & GDPR
  • Migration from FPJS

Reference

  • Changelog
  • Troubleshooting
  • Error Handling
  • Testing

Bot Detection

Bot Detection engine — multiple detection methods for Playwright, Puppeteer, Selenium, and 24+ other automation frameworks

tracio.ai bot detection identifies automated browsers, headless tools, and scripted attacks with near-zero false positives. It automatically allowlists legitimate search engine crawlers. Bot detection runs on every identification request and is included as the botd product in the API response.

The system uses multiple independent detection methods that cross-validate each other. Even sophisticated bots that attempt to disguise themselves are caught through layered analysis.

How It Works

The JavaScript SDK collects browser signals and sends them to the server. The server runs multiple independent detectors and returns a verdict. Detection covers:

  • Automation frameworks — Selenium, Puppeteer, Playwright, PhantomJS, and 20+ more
  • Headless browsers — Headless Chrome, headless Firefox, and other headless environments
  • Browser integrity — Checks for tampering, instrumentation, and spoofing attempts
  • Behavioral analysis — Rate patterns and interaction anomalies
  • Good bot verification — Legitimate crawlers (Google, Bing, etc.) verified via reverse DNS

Response Format

{
  "products": {
    "botd": {
      "data": {
        "bot": {
          "result": "notDetected",
          "probability": 0.0
        }
      }
    }
  }
}

Result Values

ResultDescription
notDetectedNormal human visitor. No automation indicators found.
goodVerified search engine bot (Google, Bing, etc.). IP verified via reverse DNS.
badAutomation or scripted access detected. Includes bot type.

Bot Types

Result TypeDescription
seleniumSelenium automation detected
puppeteerPuppeteer automation detected
playwrightPlaywright automation detected
headlessHeadless browser environment detected
unknownAutomation detected but specific framework not identified
rateBotAbnormal request patterns detected

Good Bot Allowlisting

Legitimate search engine crawlers (Google, Bing, Apple, Yahoo, Yandex, DuckDuckGo, and others) are automatically verified via reverse DNS and allowlisted. They return result: "good" with the bot type.

Integration Examples

Blocking Bots at Login

const result = await tracio.get({ extendedResult: true });
if (result.bot.result === 'bad') {
  console.warn(`Bot detected: ${result.bot.type} from ${result.ip}`);
  showCaptcha();
  return;
}
// Proceed with login
await login(credentials);

Server-Side Bot Check

const event = await fetchEvent(requestId);
const bot = event.products.botd.data.bot;
if (bot.result === 'bad') {
  await db.blockedRequests.insert({
    visitorId: event.products.identification.data.visitorId,
    botType: bot.type,
    ip: event.products.identification.data.ip,
    timestamp: new Date(),
  });
  return res.status(403).json({ error: 'Automated access detected' });
}

False Positive Handling

The detection system uses multiple independent signals cross-validated against each other. No single signal triggers a bot classification. This multi-layered approach ensures near-zero false positives. Browser extensions, accessibility tools, VPNs, and corporate security software do not trigger false bot detections.