Security Features

The dtect Security API helps you gather valuable insights about your visitors, improving the quality of your data by returning a Security Result with checks that classify each visitor as good, suspicious, or bad.

dtect Score

Every visitor is assigned a dtectScore:

good: No bad or suspicious checks were triggered.

suspicious: At least one suspicious check was triggered, but no bad checks.

bad: At least one bad check was triggered.

Results

The results object contains a set of boolean checks that evaluate different aspects of a visitor's session. Each check is classified as either Bad or Suspicious, and together they determine the dtectScore assigned to the visitor.

Category	Check	Variable	Description
🔴 Bad	Location Lock	`isLocationBlocked`	Uses the list of allowed countries (`countriesAllowed`) you provided to ensure the visitor is located in an approved location.
🔴 Bad	Device Deduplication	`isDuplicateDevice`	Identifies whether the visitor's device has already been captured in your project (`projectId`).
🔴 Bad	IP Deduplication	`isDuplicateIp`	Identifies whether the visitor's IP address has already been captured in your project (`projectId`).
🔴 Bad	Duplicate ID	`isDuplicateId`	Identifies whether the `visitorId` has already been captured in your project (`projectId`).
🔴 Bad	Automation Detection	`isAutomationDetected`	Indicates whether automation or bot-like behavior was detected.
🔴 Bad	Untrusted Browser / OS	`isUntrustedBrowserOrOS`	Flags browsers or operating systems used for fraudulent behavior.
🔴 Bad	IP Blocklist	`isBlockedIP`	Flags if the visitor's IP address is found in our threat intelligence blocklist.
🔴 Bad	AI Detection	`isAIUsageDetected`	Flags if AI tools or behavior patterns were detected during the session. The value will be `null` unless you call `.isAIUsageDetected()`
🔴 Bad	Quality Questions	`isQualityRejected`	Flags if the participant failed validation through quality questions. The value will be `null` unless you call `.checkQualityQuestions()`
🟡 Suspicious	Location Validation	`isLocationInvalid`	Verifies the visitor's location by cross-referencing their IP address, device, and browser details. This helps detect if they are trying to mask their location.
🟡 Suspicious	VPN Usage	`isVpnDetected`	Flags visitors whose connection is routed through a VPN provider.
🟡 Suspicious	Device Tampering	`isDeviceTampered`	Detects evidence of device or browser tampering (e.g., spoofed user-agent).
🟡 Suspicious	Virtual Machine	`isVirtualMachine`	Indicates the session is running inside a virtual machine environment.
🟡 Suspicious	Dev Tools	`isDevToolsOpened`	Flags visitors with browser developer tools open.
🟡 Suspicious	Privacy-Focused Settings	`isPrivacySettingsEnabled`	Detects hardened or privacy-focused settings/extensions that block us from capturing browser details.
🟡 Suspicious	Tor Exit Node	`isTorDetected`	Flags traffic coming from Tor exit nodes.
🟡 Suspicious	High-Activity Device	`isHighActivityDevice`	Detects devices generating an unusually high volume of activity in a short time window.
🟡 Suspicious	Incognito Mode	`isIncognito`	Detects private/incognito browsing mode in the visitor's browser.

Extended Response

In addition to the core security checks, the response includes categories and signals that provide more context about what was detected and why.

ℹ️ Categories and Signals are only returned when using getSecurityResult, or when calling isAIUsageDetected or checkQualityQuestions with includeResults set to true on init(). These fields will also be added to Retrieve Security Result with Security Token in future updates.

Category	Description	Triggered when any of these are `true`
`REPEAT_SUBMISSION`	The same device, IP, or visitor ID has been seen before in this `projectId`.	`isDuplicateDevice`, `isDuplicateId`, `isDuplicateIp`
`LOCATION_MISMATCH`	The visitor's location signals are inconsistent or don't match expected patterns.	`isLocationInvalid`, `isLocationBlocked`
`NETWORK_MASKING`	The visitor is obscuring their true network origin using anonymization or relay services.	`isVpnDetected`, `isTorDetected`
`BOT_ACTIVITY`	The session shows signs of automation or bot-like behavior.	`isAutomationDetected`, `isHighActivityDevice`, `isBlockedIP`
`SETUP_MANIPULATION`	The visitor's device or browser environment appears altered or restricted.	`isDeviceTampered`, `isVirtualMachine`, `isDevToolsOpened`, `isPrivacySettingsEnabled`, `isIncognito`, `isUntrustedBrowserOrOS`
`UNUSUAL_BEHAVIOR`	The visitor's interaction patterns suggest inauthentic or low-quality engagement.	`isAIUsageDetected`, `isQualityRejected`

Signals

Signals provide detailed data that gives transparency into why certain checks were triggered, including details about the visitor's location and network.

Location

The location object provides the IP-based timezone alongside the browser-reported timezone, so you can understand whether the visitor's location signals are consistent.

Name	Type	Description
`ipTimezone`	string	The timezone inferred from the visitor's IP address
`browserTimezone`	string	The timezone reported by the visitor's browser

Network

The network object reveals whether the connection was routed through a data center, relay service (e.g. Apple Private Relay from iCloud), or shows a timezone mismatch, helping you understand more about the visitor's network.

Name	Type	Description
`ip`	string	The visitor's detected IP address
`timezoneMismatch`	boolean	Whether the IP timezone and browser timezone do not match
`dataCenter`	boolean	Whether the visitor's IP originates from a data center
`relay`	boolean	Whether the visitor's connection is routed through a relay service

Technical Reference

You will be able to get a Security Result by using our Frontend SDKs or by sending a security token to Retrieve Security Result with Security Token.

Security Result

dtect Score#

Results#

Extended Response#

Categories#

Signals#

Technical Reference#

dtect Score

Results

Extended Response

Categories

Signals

Technical Reference