Velocity Fingerprint
The velocity fingerprint checker measures how regular the time gaps between a visitor's requests are. Human browsing is inherently irregular: users read content, click around, get distracted, and navigate unpredictably. Bots operate on timers or tight loops and produce intervals that are either very consistent or mechanically patterned.
This checker runs in the heavy phase and reads timestamps from the timing cache keyed by canary cookie.
How It Works
The checker stores up to 10 request timestamps per canary cookie in the cache. Evaluation begins once at least 5 timestamps are available.
From the stored timestamps, the checker computes the intervals between consecutive requests. It then calculates the coefficient of variation (CV) of those intervals: the standard deviation divided by the mean.
A CV close to zero means the intervals are nearly identical: the visitor is making requests on a fixed timer. A high CV means the intervals vary widely, consistent with human behavior. When the CV falls below cvThreshold, the checker applies the penalty and attaches TIMING_TOO_REGULAR.
Configuration
await defineConfiguration({
store: { main: { driver: 'sqlite', name: './bot-detector.db' } },
checkers: {
enableVelocityFingerprint: {
enable: true,
cvThreshold: 0.1,
penalties: 40,
},
},
})
true.0.1.40.Reason Codes
| Code | Trigger |
|---|---|
TIMING_TOO_REGULAR | The coefficient of variation of inter-request intervals is below cvThreshold. |
cvThreshold slightly or disabling this checker for those specific endpoints. Fixed-interval programmatic clients that are not bots can trigger this check.