Bot Detection Glossary
Plain-language definitions of the terms behind modern bot detection and enforcement.
Honeytoken
A honeytoken is a planted link, credential, or record no legitimate user should ever touch — any access to it is deterministic proof of a bot or intruder.
JA4 Fingerprint
A JA4 fingerprint identifies a client from its TLS handshake, exposing the real software behind a spoofed user agent and correlating actors across IPs.
Session Clearance
Session clearance is an enforcement model where real sessions earn a signed pass that travels with the client — so IP rotation no longer resets a bot's slate.
Web Bot Auth
Web Bot Auth is a cryptographic standard that lets bots and AI agents prove their identity by signing HTTP requests with published keys under RFC 9421.
Ready to put the concepts to work?
WebDecoy combines deterministic honeypot detection with rotation-proof enforcement.