bots — edge bot intelligence

app.jacobrosenbacher.com/bots →

what it is

a bot-intelligence system i built that runs entirely at the fastly edge. it scores every visitor — human, bot, or spoofed — from ~26 signals a bot can't easily fake (the ja4 tls handshake, the http/2 fingerprint, header ordering, network/asn, and more), works out WHY they're here (a citation crawler, a scraper, or a vulnerability scanner probing for exploits), and verifies WHO a bot really is by checking its ip against the operators' own published crawler-ip ranges plus forward-confirmed reverse dns — so a genuine gptbot is verified and a fake googlebot is caught as an impersonator. it correlates the same bot across my sites, and an operator console can optionally turn away scanners and impersonators (403) or ask unverified scrapers for a license (402) — off by default, verified search and citation crawlers always welcome. the whole engine is packaged so it can drop into any site. see it live at app.jacobrosenbacher.com/bots.

why it matters

most of the web's traffic isn't human, and the tools that tell you who's really hitting your site are locked inside the big cdns. this does it in the open, on my own edge — welcoming to the good bots, honest about the bad ones. background: years on proxies and reverse proxies, designing prevention systems for large enterprises and the proxies on the other end.

← internet projects

what this page can see about you
where
device
you look
signature
visit

computed live. the edge facts come from your own connection — the same thing every server sees. the in-browser signature is computed locally and never leaves your browser.