Skip to main content

Trust Score

The Trust Score is a single integer that represents the risk level of a browser session. It is calculated in real time from multiple independent signals and delivered to your server via webhook. Higher score = more suspicious.

Score ranges

ScoreRisk LevelDescriptionRecommended Action
0CleanResidential IP, matching OS, STUN passedAllow
10–15LowVPN user with clean browserAllow / soft monitor
20–39MediumOne suspicious signalMonitor
40–69ElevatedMultiple flags or weak anti-detectRequire 2FA / CAPTCHA
70–99HighAnti-detect + STUN failedBlock or manual review
100+BotHeadless browser or automationBlock
999BannedRate limit exceeded (>10 req/min)Temporary block — 1 hour

How scores are calculated

Scores from individual signals are added together. There is no cap — a session can score above 100 if multiple high-value signals fire. 
Score = sum of all fired signal values

Example (headless bot):
  Is datacenter:           +20
  UA OS is not detected:   +30
  Network OS not detected: +30
  Stun is not checked:     +30
  ─────────────────────────────
  Total:                   110

Score examples

Score 0 — Clean user

{
  "Score": 0,
  "Details": []
}
Residential IP · matching OS · STUN passed · timezone matches

Score 15 — VPN user

{
  "Score": 15,
  "Details": [
    { "Value": 15, "Description": "Is vpn by base ip" }
  ]
}
Using NordVPN/Surfshark/corporate VPN — but browser is genuine (STUN OK, OS matches). This is an override rule result — see Override Rules.

Score 42 — Suspicious session

{
  "Score": 42,
  "Details": [
    { "Value": 20, "Description": "Is datacenter" },
    { "Value": 10, "Description": "Browser timezone ≠ IP-timezone" },
    { "Value": 12, "Description": "..." }
  ]
}
IP from a cloud/datacenter range + timezone mismatch. Could be a script, mobile proxy, or corporate network.

Score 70 — Anti-detect browser

{
  "Score": 70,
  "Details": [
    { "Value": 10, "Description": "Is VPN" },
    { "Value": 30, "Description": "Fail by windows os detect" },
    { "Value": 30, "Description": "Stun is not checked" }
  ]
}
VPN + OS mismatch (User-Agent says macOS, TCP fingerprint says Windows) + STUN blocked. Override Rule 3 did not apply because STUN was not checked.

Score 110 — Headless bot

{
  "Score": 110,
  "Details": [
    { "Value": 30, "Description": "Is proxy" },
    { "Value": 20, "Description": "Is abuser" },
    { "Value": 30, "Description": "Stun is not checked" },
    { "Value": 30, "Description": "UA OS is not detected" }
  ]
}
Puppeteer/Playwright with a proxy. No real OS in User-Agent, STUN blocked, proxy IP with abuse history.

Score 999 — Rate limit ban

{
  "Score": 999,
  "Details": [
    { "Value": 999, "Description": "User has been banned 1H, to many requests" }
  ]
}
More than 10 requests per minute from the same DeviceID. Auto-ban for 1 hour.

Using thresholds

Different actions call for different thresholds:

Registration

ScoreAction
0–15Allow
16–50Allow + monitor
51–80Email verification / CAPTCHA
81+Reject

Login / Authentication

ScoreAction
0–30Allow
31–60Require 2FA
61+Block session

Withdrawal / High-value action

ScoreAction
0–15Allow
16+Additional verification
50+Manual review