Integration Guides
Bot Detection
Detect and block automated bots, scrapers, and headless browsers.
VerifyStack combines browser signal analysis, behavioral biometrics, and TLS fingerprinting to detect bots with high accuracy, even when they mimic human behavior.
Bot Detection Signals
| Signal | Detection Method | Evasion Difficulty |
|---|---|---|
| WebDriver flag | navigator.webdriver property check | Easy to spoof |
| Headless indicators | Chrome DevTools protocol detection | Medium |
| Behavioral biometrics | Mouse/keyboard patterns, timing analysis | Very Hard |
| TLS fingerprint | JA3/JA4 hash comparison against known bots | Hard |
| Canvas/WebGL | Rendering inconsistencies vs claimed browser | Hard |
| Timing analysis | Event timing distribution (bots are too consistent) | Very Hard |
Integration
Bot check on page loadjavascript
import { VerifyStack } from 'https://verifystack.io/sdk/browser.mjs';
const vs = new VerifyStack({
apiKey: 'pk_live_xxxxxxxxx',
endpoint: 'https://verifystack.io'
});
const result = await vs.decide({
action: 'custom',
userId: 'anonymous_' + crypto.randomUUID(),
metadata: {
type: 'page_view',
page: window.location.pathname,
referrer: document.referrer
}
});
if (result.decision === 'deny') {
window.location.href = '/blocked';
}Edge-Level Bot Blocking
For edge protection, call /api/v1/decide from middleware or your edge function to block bots before they reach your app:
Next.js middlewaretypescript
// middleware.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export async function middleware(request: NextRequest) {
const response = await fetch('https://verifystack.io/api/v1/decide', {
method: 'POST',
headers: {
'X-API-Key': process.env.VERIFYSTACK_KEY!,
'Content-Type': 'application/json'
},
body: JSON.stringify({
action: 'custom',
userId: request.ip || 'unknown',
ip: request.ip,
metadata: {
type: 'page_view',
userAgent: request.headers.get('user-agent')
}
})
}).then(r => r.json());
if (response.data.decision === 'deny') {
return new NextResponse('Blocked', { status: 403 });
}
return NextResponse.next();
}VerifyStack detects Puppeteer, Playwright, Selenium, PhantomJS, and headless Chrome/Firefox. The TLS fingerprint layer catches bots even when browser APIs are perfectly spoofed.