Debug. raw HttpContext.Items state (TagHelper input)
AggregatedEvidence present: True
BotDetectionResult present: True
evidence.RiskBand = Low
evidence.BotProbability = 0.9
evidence.Confidence = 0.8765432098765432
Behaviour-aware Razor
This page is rendered by ASP.NET Core MVC with StyloBot middleware in
process. No gateway, no third-party service, no JavaScript on the
client. Every <sb-*> tag below reads from the same
DetectionDisplayModel the detection pipeline populated
before this view started rendering.
Demo mode. flip the verdict by appending
?demo=<preset> to any URL. Same code path as the
ml-bot-test-mode header; opt-in via
BotDetection:TestModeQueryParam.
1. Your fingerprint card (<bot-detection-details />)
Per-request fingerprint computed by the in-process detection pipeline.
Verdict, bot probability, risk band, recommended action, top reasons,
and the centroid-projection radar. all read from the same
DetectionDisplayModel the detection middleware populated
before this view rendered. The whole upper card links to your
signature's detail page on the embedded dashboard at
/_stylobot.
2. Compact detection card (<sb-summary variant="card" />)
Same detection data, condensed into the inline card the dashboard
uses on dense rows. Drop-in for a sidebar, a row badge, or a wide
inline indicator next to a CTA.
Bot probability
90%
Confidence
88%
Processing
170.0ms
Policy
default
3. Risk-gated content (<sb-risk>)
Welcome back. You scored Low risk. full
access. This block is wrapped in
<sb-risk max="Low"> so it renders only
for visitors the engine classifies as Low or VeryLow.
4. Signal-driven variation (<sb-signal>)
Treated as a human visitor by the User-Agent
detector.
5. Honeypot form (<sb-honeypot />)
This form contains three offscreen trap fields. Humans don't see them;
bots fill them in. View source to confirm they're there.
6. Inline signal table (<vc:sb-all-signals show-descriptions="false" />)
Condensed inline form of the All signals
page. Renders every key/value pair the detection pipeline wrote to
this request's signal blackboard, grouped by namespace prefix. Same
view component the dedicated /Home/Signals page uses, just with the
longform descriptions collapsed for embedding.
All signals for this request
81 keys
risk: Low (90 %)
attestation.* (3)
| Key |
Value |
Source |
attestation.api_key |
false |
HeaderContributor
|
attestation.fetch_metadata |
false |
HeaderContributor
|
attestation.programmatic |
false |
HeaderContributor
|
behavioral.* (1)
| Key |
Value |
Source |
behavioral.anomaly |
false |
BehavioralContributor
|
claimed_identity.* (4)
| Key |
Value |
Source |
claimed_identity.consistency_score |
0.3323076923076923 |
ClaimedIdentityContributor
|
claimed_identity.family |
Chrome |
ClaimedIdentityContributor
|
claimed_identity.has_profile |
true |
ClaimedIdentityContributor
|
claimed_identity.tier |
browser |
ClaimedIdentityContributor
|
correlation.* (3)
| Key |
Value |
Source |
correlation.anomaly_count |
0 |
unknown
|
correlation.anomaly_layers |
|
unknown
|
correlation.consistency_score |
1 |
MultiLayerCorrelationContributor
|
h2.* (5)
| Key |
Value |
Source |
h2.behind_proxy |
false |
Http2FingerprintContributor
|
h2.is_http2 |
false |
Http2FingerprintContributor
|
h2.population_http2_rate |
0 |
Http2FingerprintContributor
|
h2.population_samples |
1 |
Http2FingerprintContributor
|
h2.protocol |
HTTP/1.1 |
unknown
|
h3.* (2)
| Key |
Value |
Source |
h3.is_http3 |
false |
Http3FingerprintContributor
|
h3.protocol |
HTTP/1.1 |
Http3FingerprintContributor
|
header.* (12)
| Key |
Value |
Source |
header.count |
10 |
HeaderContributor
|
header.has_accept |
true |
HeaderContributor
|
header.has_accept_encoding |
true |
HeaderContributor
|
header.has_accept_language |
false |
HeaderContributor
|
header.has_proxy_headers |
false |
HeaderContributor
|
header.is_service_worker_fetch |
false |
HeaderContributor
|
header.is_websocket_upgrade |
false |
HeaderContributor
|
header.population_accept_language_rate |
0 |
HeaderContributor
|
header.sec_fetch_dest |
|
HeaderContributor
|
header.sec_fetch_mode |
|
HeaderContributor
|
header.sec_fetch_same_origin |
false |
HeaderContributor
|
header.sec_fetch_site |
|
HeaderContributor
|
headers.* (2)
| Key |
Value |
Source |
headers.missing |
true |
HeaderContributor
|
headers.suspicious |
true |
unknown
|
header_correlation.* (2)
| Key |
Value |
Source |
header_correlation.distinct_signatures |
3 |
HeaderCorrelation
|
header_correlation.header_fingerprint |
FC532CE0 |
HeaderCorrelation
|
heuristic.* (5)
| Key |
Value |
Source |
heuristic.confidence |
0.4196358889196785 |
HeuristicContributor
|
heuristic.early_completed |
true |
HeuristicContributor
|
heuristic.late_confidence |
0.9999008858882041 |
HeuristicContributor
|
heuristic.late_prediction |
bot |
HeuristicContributor, HeuristicLateContributor
|
heuristic.prediction |
bot |
HeuristicContributor
|
intent.* (5)
| Key |
Value |
Source |
intent.ambiguous |
true |
unknown
|
intent.analyzed |
true |
IntentContributor
|
intent.category |
browsing |
unknown
|
intent.threat_band |
None |
unknown
|
intent.threat_score |
0.05 |
unknown
|
ip.* (4)
| Key |
Value |
Source |
ip.address |
10.10.10.1 |
IpContributor
|
ip.is_datacenter |
false |
IpContributor
|
ip.is_ipv6 |
false |
IpContributor
|
ip.is_local |
true |
IpContributor
|
proxy.* (1)
| Key |
Value |
Source |
proxy.topology |
Direct |
IpContributor
|
reactive.* (1)
| Key |
Value |
Source |
reactive.error_event_count |
0 |
ReactivePatternContributor
|
risk.* (2)
| Key |
Value |
Source |
risk.friendly_pin_trace |
fired:bot_type=Internal (network-trusted) |
unknown
|
risk.justification |
Trusted internal client (network position verified) |
unknown
|
session.* (3)
| Key |
Value |
Source |
session.current_state |
PageView |
unknown
|
session.history_count |
0 |
unknown
|
session.request_count |
1 |
SessionVectorContributor
|
signature.* (3)
| Key |
Value |
Source |
signature.header_hashes |
{"accept":"AUX_tJpM41ouddM0xxrYJQ","accept-encoding":"IcvRpgU6pLuve_BlYZaAmA","_header_order":"SXhf0tTtTIzy__dkUXn27A"} |
unknown
|
signature.multifactor |
MultiFactorSignatures(3 factors, primary=9XG91GHObAwH...) |
unknown
|
signature.primary |
9XG91GHObAwHYBzbhQ9E1g |
BehavioralWaveformContributor
|
stream.* (1)
| Key |
Value |
Source |
stream.abuse_checked |
true |
unknown
|
tcp.* (1)
| Key |
Value |
Source |
tcp.connection_header |
|
TcpIpFingerprintContributor
|
time.* (4)
| Key |
Value |
Source |
time.day_of_week |
tue |
unknown
|
time.hour_of_day |
13 |
unknown
|
time.is_business_hours |
true |
unknown
|
time.is_weekend |
false |
unknown
|
tls.* (2)
| Key |
Value |
Source |
tls.available |
true |
TlsFingerprintContributor
|
tls.is_https |
true |
TlsFingerprintContributor
|
transport.* (7)
| Key |
Value |
Source |
transport.headers_trusted |
true |
unknown
|
transport.is_signalr |
false |
unknown
|
transport.is_streaming |
false |
unknown
|
transport.protocol |
http |
TransportProtocolContributor
|
transport.protocol_class |
unknown |
unknown
|
transport.transport_class |
http |
unknown
|
transport.trust_reason |
PrivatePeer |
unknown
|
ua.* (4)
| Key |
Value |
Source |
ua.family |
Chrome |
UserAgentContributor
|
ua.family_version |
120.0.0 |
UserAgentContributor
|
ua.is_bot |
false |
UserAgentContributor
|
ua.raw |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 |
UserAgentContributor
|
versionage.* (1)
| Key |
Value |
Source |
versionage.analyzed |
true |
unknown
|
waveform.* (1)
| Key |
Value |
Source |
waveform.user_agent_changes |
1 |
unknown
|
_system.* (2)
| Key |
Value |
Source |
_system.completed_detectors |
42 |
unknown
|
_system.current_risk |
0.9767749307762991 |
unknown
|
7. Endpoint traffic shaping
The opening Razor view from the talk also wires up three minimal-API
endpoints at the routing layer:
GET /api/data. .BlockBots():
all bots refused. Try it.GET /sitemap.xml.
.BlockBots(allowVerifiedBots: true, allowSearchEngines: true).
Try it.POST /api/login.
.BotPolicy("strict", blockThreshold: 0.5).
Tip: hit /api/data while demo mode is set to
scrapy or curl and watch it 403.