Beyond browser fingerprints, cookie behavior reveals bot patterns that are surprisingly hard to fake.
Cookie-Based Detection Signals
1. Cookie Acceptance Timing
Real users accept cookies at varying speeds. Bots either accept instantly or never.
class CookieAnalyzer:
def analyze(self, session):
signals = {}
# Time from page load to cookie consent
consent_time = session.cookie_consent_ts - session.page_load_ts
signals['consent_speed'] = 'suspicious' if consent_time < 0.5 else 'normal'
# Third-party cookie behavior
signals['third_party'] = self.check_third_party(session)
# Cookie modification patterns
signals['modifications'] = self.track_modifications(session)
return self.score(signals)
2. Session Persistence
Bots rarely maintain sessions across visits. Track:
- Return visitor rate
- Session duration distribution
- Cross-session behavioral consistency
3. Storage API Usage
// Detect if localStorage/sessionStorage behave normally
function checkStorageFingerprint() {
try {
localStorage.setItem('_fp_test', '1');
const val = localStorage.getItem('_fp_test');
localStorage.removeItem('_fp_test');
// Check if storage is actually persistent
const persistent = navigator.storage &&
navigator.storage.persist;
return {
localStorage: val === '1',
sessionStorage: !!window.sessionStorage,
persistent: !!persistent,
quota: navigator.storage?.estimate?.()
};
} catch(e) {
return { blocked: true }; // Privacy mode or bot
}
}
Combining Signals
Cookie analysis alone catches ~30% of bots. Combined with the full three-layer stack:
- IP reputation + Browser fingerprint + Behavior + Cookie = 99%+ detection
Resources
- ads-review — includes cookie analysis module
- WuXiang Shield — full-stack ad fraud detection
Cookies tell stories. Bots tell bad ones.
Top comments (0)