Trust Score

The Trust Score is a single integer representing the risk level of a browser session. It is calculated from independent signals and delivered via webhook (Phase: "initial", optionally updated with Phase: "update" after WebRTC). Higher score = more suspicious for that session.

Traffic Score (aggregate)

On the dashboard Overview, Traffic Risk shows the average session score across all checks in a period (displayed 0–100), plus volume and distribution by band. That is separate from any single webhook score. See Traffic Score for the Overview card and GET /api/overview/traffic-score.

Score ranges

Dashboard analytics use these bands (0–100 scale):

Score	Dashboard band	Description	Recommended action
0–9	Clean	Residential IP, matching OS, STUN passed	Allow
10–29	Low	VPN or minor flag	Allow / monitor
30–59	Medium	Multiple flags or browser VPN	Monitor / soft challenge
60–99	High	OS mismatch, antidetect, STUN fail combos	2FA / CAPTCHA / review
100+	Bot	Headless + proxy + automation signals	Block
999	Banned	IP rate limit (>10 req/min, 1h ban)	Temporary block

How scores are calculated

Individual signal values are added together (with exclusive rules for Tor/Privacy Relay/VPN). There is no hard cap before delivery — multiple high signals can exceed 100.

Example (headless bot):
  Is datacenter:           +10
  UA OS is not detected:   +30
  Network OS not detected: +30
  Stun is not checked:     +30
  ─────────────────────────────
  Total:                   100

See Reasons for point values and Scoring Rules for VPN and collapse logic.

Score examples

Score 0 — Clean user

{ "Score": 0, "Details": [] }

Residential IP · matching OS · STUN passed · no flags

Score 15 — VPN user

{
  "Score": 15,
  "Details": [{ "Value": 15, "Description": "Is VPN" }]
}

VPN confirmed by 2-of-3 rule (IP API + TCP hint or STUN fail).

Score 30 — Browser extension VPN

{
  "Score": 30,
  "Details": [{ "Value": 30, "Description": "Browser VPN/Proxy" }]
}

Datacenter IP + OS mismatch collapsed to single browser proxy signal.

Score 60 — OS mismatch (anti-detect)

{
  "Score": 60,
  "Details": [{ "Value": 60, "Description": "Fail by Mac OS detect" }]
}

UA says macOS, TCP fingerprint says Windows.

Score 90+ — Headless / noscript

{
  "Score": 90,
  "Details": [{ "Value": 90, "Description": "JavaScript disabled (WebRTC)" }]
}

WebRTC API absent — noscript beacon or headless browser.

Score 999 — Rate limit ban

{
  "Score": 999,
  "Details": [
    { "Value": 999, "Description": "User has been banned 1H, to many requests" }
  ]
}

More than 10 REST requests per minute from the same IP. Auto-ban for 1 hour.

Using thresholds

Adjust for your risk tolerance:

Registration

Score	Action
0–9	Allow
10–29	Allow + monitor
30–59	Email verification / CAPTCHA
60+	Reject or manual review

Score	Action
0–29	Allow
30–59	Require 2FA
60+	Block session

Withdrawal / High-value action

Score	Action
0–9	Allow
10+	Additional verification
60+	Manual review

​Trust Score

​Traffic Score (aggregate)

​Score ranges

​How scores are calculated

​Score examples

​Score 0 — Clean user

​Score 15 — VPN user

​Score 30 — Browser extension VPN

​Score 60 — OS mismatch (anti-detect)

​Score 90+ — Headless / noscript

​Score 999 — Rate limit ban

​Using thresholds

​Registration

​Login / Authentication

​Withdrawal / High-value action