Resources · Glossary
Working definitions for the field.
These placeholder entries establish the reference shape: plain definitions, defensible boundaries, and language candidates can use without inheriting vendor-specific assumptions.
A
- Account farm
- A cluster of created or compromised accounts controlled for abuse campaigns, testing, or resale.
- ASN reputation
- A coarse network signal that uses autonomous system ownership and history to estimate traffic risk.
B
- Behavioral cadence
- The timing pattern behind clicks, scrolls, typing, navigation, and retries.
- Bot score
- A vendor or internal probability estimate that traffic belongs to automation or coordinated abuse.
C
- Challenge fatigue
- The point where legitimate users abandon because friction is repeated, opaque, or poorly placed.
- Credential stuffing
- Automated login attempts using username and password pairs from earlier breaches.
D
- Device graph
- A model that links sessions, accounts, browsers, and networks into suspected device relationships.
E
- Edge enforcement
- Controls applied at CDN, WAF, or reverse-proxy layers before traffic reaches the origin.
- Entropy budget
- The practical uniqueness available from a set of fingerprinting signals.
F
- False positive
- A legitimate user or request incorrectly classified as abuse.
- Fingerprint drift
- Natural or adversarial change in browser, device, or network attributes over time.
- Friction surface
- A user-facing control that raises the cost of abuse, such as a step-up, proof, or challenge.
H
- Headless browser
- A browser controlled without a visible UI, commonly used for automation and testing.
- Honey endpoint
- A route or form element intended to attract automation and mark abusive behavior.
J
- JA3 fingerprint
- A TLS client fingerprint built from handshake characteristics.
M
- Mitigation ladder
- A graduated set of responses that moves from observation to friction to blocking.
P
- Proof of work
- A client computation requirement used to raise the cost of high-volume requests.
- Proxy rotation
- Changing source IPs or networks to avoid rate limits, reputation controls, or linkage.
R
- Replay attack
- Reuse of captured requests, tokens, or flows without following the intended interaction path.
- Residential proxy
- Proxy traffic routed through consumer ISP addresses to look closer to ordinary users.
- Risk holdout
- A small traffic slice preserved for measurement so teams can compare mitigation outcomes.
S
- Session stitching
- Joining events across page views, tabs, devices, or identifiers into a coherent session.
- Signal fusion
- Combining weak indicators into a stronger decision model.
- Step-up
- An additional verification action requested only after risk crosses a threshold.
T
- Token binding
- Tying a token to context so it cannot be reused freely outside the expected client or flow.