Bot Tags
最終更新日:2026-03-25 18:13:56
Overview
Bot Tags provide additional context on why a request was assigned a particular Bot score. By using these tags, you can gain a clearer understanding of your bot traffic and further optimize your security settings.
Bot Tags can also be returned to your origin through custom HTTP request headers, making it easier to combine them with your own business rules for risk control. For details, please refer to the Bot Tagging to the Origin Server section.
Bot Tag Description
The table below explains each Bot tag, including the detection dimension it belongs to, the corresponding log code, what it means, and its risk level.
| Detection Dimension | Bot Tag |
Log Code |
Description |
Risk Level |
|---|---|---|---|---|
| IP Intelligence | Cloud IP |
1 |
TThe IP address belongs to a cloud provider or hosting provider. |
Medium |
Reputation Risk IP |
2 |
The IP address has been associated with DDoS, web, or bot attacks during a certain period of time. |
Medium |
|
Proxy IP |
3 |
This IP Address is classified as a Proxy IP. |
Medium |
|
| User-Agent | Forged User-Agent |
4 |
The User_Agent has version mismatch or missing fields. |
High |
Lower version of browser or operating system |
5 |
The browser or operating system version is very old and differs significantly from modern versions in security and user experience, or may no longer be usable. |
Medium |
|
| HTTP Request Header | Request Headers Inconsistent With User Agent Declared Client Type |
6 |
The request headers do not match the client type claimed by the User-Agent. |
High |
Browser Request Header Integrity Severely Missing |
7 |
The request is missing important browser headers, such as Accept-*. |
Medium |
|
Browser Request Header Integrity Partially Missing |
8 |
The request is missing some browser headers, such as Sec-CH-UA or Sec-Fetch-*. |
Medium |
|
| TLS Fingerprint | JA4 Fingerprint of Known Bot Frameworks |
9 |
The TLS fingerprint matches a known automation or crawler tool. |
High |
Browser JA4 Fingerprint anomaly |
10 |
The JA4 fingerprint does not match the actual client behavior. |
High |
|
| Automated Tool User-Agent | HTTP Libraries |
30 |
A basic HTTP request library used in programs, such as Python requests or urllib. These libraries can be used to build automation scripts or crawlers. |
High |
Browser Automation Testing Tool |
31 |
Tools such as Selenium or Puppeteer that simulate real user interactions in a browser. They are commonly used for testing, but can also be abused for automated account creation, fake transactions, and similar activity. |
High |
|
Command Line Http Tool |
32 |
Tools such as curl or wget that send HTTP requests directly from the command line. They are commonly used for debugging or scripting, but may also be used for simple scraping or probing. |
High |
|
Scan Tool |
33 |
Tools such as Nmap, Dirb, or Burp Suite that are used to probe open ports, directories, or vulnerabilities on a target system. They are often used for security testing, but are also commonly used by attackers. |
High |
|
Crawler Tool |
34 |
Tools such as Scrapy or BeautifulSoup that automatically collect content from websites. They can be used legitimately for data collection, but high-frequency crawling or attempts to bypass anti-bot protections may be considered malicious. |
High |
|
Proxy Tool |
35 |
Tools such as Proxychains and Mitmproxy are used to relay or block network traffic, which can hide the real IP address or analyze communication content. They are often used alongside other tools to bypass restrictions. |
High |
|
| Forged Spider | Forged Spider |
36 |
Requests that impersonate public crawlers such as Googlebot by forging identifiers like the User-Agent in order to evade bot protections. These are typically used for stealthy scraping or attacks. |
High |
| Group Characteristics | Abnormal Aggregation Behavior |
60 |
A large number of requests with the same or similar characteristics appear within a short period of time, indicating unusual clustering behavior. |
High |
Current Limitations
Currently, the Bot tag is only used in Bot Tagging to the Origin Server and Log Analysis. More high-value scenarios will be added in the future to help you better manage Bot traffic.