Timezone Consistency
The timezone consistency checker compares the timezone declared in an HTTP header against the timezone resolved from the client IP's geolocation. Real browsers operating without a VPN or proxy will produce a timezone that matches their IP's geographic location. A mismatch is a reliable indicator that the request is routed through an anonymizing service or that the User-Agent is spoofed.
This checker runs in the cheap phase. It reads geolocation data already resolved from the MMDB database and inspects a single header.
How It Works
The checker reads the timezone from the Sec-CH-UA-Timezone or X-Timezone headers, then compares it to the timezone field from the geolocation lookup result. The comparison is case-insensitive.
If the declared timezone and the geolocation timezone differ, the checker applies the configured penalty.
Sec-CH-UA-Timezone when the server has requested it via the Accept-CH response header. If neither header is present, this checker does not fire. It only penalizes when a timezone is declared but conflicts with geo data.Configuration
await defineConfiguration({
store: { main: { driver: 'sqlite', name: './bot-detector.db' } },
checkers: {
enableTimezoneConsistency: {
enable: true,
penalties: 20,
},
},
})
true.20.Reason Codes
| Code | Trigger |
|---|---|
TZ_HEADER_GEO_MISMATCH | The timezone in the request header does not match the timezone resolved from the client IP. |
Accept-CH: Sec-CH-UA-Timezone response header on your application. This prompts Chrome, Edge, and other Blink-based browsers to include the timezone hint on subsequent requests.