Two-layer bot detection combining client-side signals with server-side AI. Detects Selenium, Puppeteer, Playwright, and headless browsers with near-zero false positives.
Everything you need for bot detection.
Catches Selenium, Puppeteer, Playwright, PhantomJS, and over 10 additional automation toolkits.
Spots Chrome Headless, Firefox Headless, and bespoke headless builds via missing API surface.
Uncovers Chrome DevTools Protocol connections and remote-debugging sessions.
Multiple layered methods to detect navigator.webdriver and companion automation properties.
Cross-checks eval.toString().length across engines to surface environment spoofing or function hooking.
Whitelists legitimate crawlers (Googlebot, Bingbot) via reverse-DNS verification.
Get bot detection running in under a minute.
$ npm install @tracio/clientimport Tracio from '@tracio/client'const tc = await Tracio.load({ apiKey: 'tk_live_...' })const { bot } = await tc.get()Enterprise-grade performance across all metrics.
| Metric | tracio.ai | Competitor |
|---|---|---|
| Accuracy | 99.5% | ~95% |
| Signals Collected | 1,200+ | ~400 |
| Response Time (p95) | <30ms | ~80ms |
| Bundle Size | 128KB | ~350KB |
| Cross-Browser Persistence | Yes | Limited |
Understand exactly how each capability works under the hood.
Three steps to actionable device intelligence.
Our lightweight SDK collects 1,000+ browser signals in under 50ms with zero impact on user experience.
Server-side AI engine analyzes signals, applies advanced matching, and computes confidence scores.
Get a stable visitor ID, bot detection results, smart signals, and IP intelligence in a single API response.
Get started with just a few lines of code.
const result = await tc.get();if (result.bot.detected) { console.log(result.bot.type); // "headless_chrome" console.log(result.bot.framework); // "puppeteer" console.log(result.bot.confidence); // 1.0 blockRequest();}See exactly what data you receive from every API call.
{ "requestId": "req_3k7m2x9f", "visitorId": "BOT_9x2kLm3pQr", "bot": { "detected": true, "confidence": 1.0, "type": "headless_chrome", "framework": "puppeteer", "signals": { "automationProtocol": true, "webDriverFlag": true, "headlessUserAgent": false, "missingPlugins": true, "phantomProperties": false, "devToolsProtocol": true, "seleniumMarkers": false, "syntheticPointerEvents": true } }, "processingTimeMs": 8}Built for speed. Optimized to never impact your user experience.
Your data stays yours. Always.
We never collect names, emails, passwords, or any personally identifiable information. Our signals are derived from browser configuration and hardware characteristics only.
All data between the client SDK and your server is encrypted using TLS 1.3 with an additional application-level encryption layer using AES-256-GCM.
Choose EU or US regions for data processing. All visitor data encrypted at rest and in transit. You control retention and access policies.
Built for GDPR, CCPA, and ePrivacy compliance. Zero third-party data sharing, configurable retention policies, and complete data subject access request support.
See how teams use Bot Detection to solve real-world problems.
Block automated login attempts from headless browsers and scripted tools.
Learn moreDetect and block scrapers using Puppeteer, Playwright, and Selenium.
Learn moreStop bots from exploiting promotional offers and coupon codes at scale.
Learn moreGet started in minutes. No third-party data sharing, full data ownership, complete control.
Join teams protecting their platforms with tracio.ai