Smart Signals
Smart signals are server-computed enrichment signals that add risk and identity context to a visit, covering areas like bot confidence, VPN detection, incognito detection, and suspect scoring. They are calculated server-side so they cannot be spoofed by the client the way raw browser values can.
How Smart Signals works
Where basic fingerprinting reports what the browser says about itself, smart signals derive higher-level conclusions on the server from the combination of client signals and data the client cannot see. The server evaluates the incoming request against IP reputation databases, known evasion patterns, and internal history to produce interpreted outputs rather than raw attributes.
Each smart signal answers a specific question: Is this session automated? Is the visitor behind a VPN, proxy, or Tor exit? Is private browsing in use? How suspicious is this visit overall? Because these are computed centrally, they draw on continuously updated threat intelligence and cross-customer patterns that a purely client-side script could never access.
Computing the signals server-side is a deliberate security choice. A sophisticated attacker can patch their browser to lie about client-visible values, but they have far less control over how their traffic looks from the outside, its network origin, timing, and reputation, which is exactly what the server-side signals key on. The result is enrichment that is hard to forge.
Why Smart Signals matters for fraud prevention
Raw fingerprint data tells you what a device claims to be; smart signals tell you whether to believe it and how risky it is. That interpretation layer is what lets a fraud team act on network anonymization, automation, and evasion without building and maintaining their own threat-intelligence pipeline. Because the signals resist client-side spoofing, they hold up against the sophisticated attackers who defeat naive fingerprinting.
How TRACIO handles it
Smart Signals is one of TRACIO's four products, delivering 24 server-computed signals including bot confidence, VPN, proxy and Tor detection, incognito detection, and the Suspect Score. Because they are computed on the server and returned through the API, integrators receive tamper-resistant enrichment they can feed directly into their own decisioning within the platform's real-time latency budget.
Related terms
Frequently asked questions
Identify every device with confidence
Start with a free plan of 2,500 API calls per month. No credit card required.