All signals for your request
StyloBot's detection pipeline writes every value it computed into the
request's signal blackboard. The control below renders every entry as
a grouped table with the catalog description for each key. Reload the
page or change the ?demo= preset on
the home page to see how the signals shift
with the verdict.
aiscraper.* (4)
| Key | Value | Description | Source |
|---|---|---|---|
aiscraper.category |
Training |
String: Category of the AI bot (Training, Search, Assistant, ScrapingService) | AiScraperContributor |
aiscraper.detected |
true |
Boolean: true if a known AI scraper/crawler was detected | AiScraperContributor |
aiscraper.name |
ClaudeBot |
String: Name of the detected AI bot (e. | AiScraperContributor |
aiscraper.operator |
Anthropic |
String: Operator of the AI bot (e. | unknown |
attestation.* (3)
| Key | Value | Description | Source |
|---|---|---|---|
attestation.api_key |
false |
Boolean: true if request carries a valid API key | HeaderContributor |
attestation.fetch_metadata |
false |
Boolean: true if request has browser fetch attestation (Sec-Fetch-Site present) | HeaderContributor |
attestation.programmatic |
false |
Boolean: composite - true if ANY programmatic attestation signal is present | HeaderContributor |
behavioral.* (1)
| Key | Value | Description | Source |
|---|---|---|---|
behavioral.anomaly |
false |
Bool: true when behavioural-waveform analysis detected an anomaly (regular timing, lockstep cadence, etc. | BehavioralContributor |
h2.* (5)
| Key | Value | Description | Source |
|---|---|---|---|
h2.behind_proxy |
false |
Bool: true when the request arrived via a proxy (so the observed h2 settings describe the proxy, not the originating client). | Http2FingerprintContributor |
h2.is_http2 |
false |
Bool: true when the request was negotiated as HTTP/2 (false for HTTP/1. | Http2FingerprintContributor |
h2.population_http2_rate |
0 |
Double in [0,1]: rolling fraction of recent requests in the same UA bucket that arrived over HTTP/2 (deployment norm). | Http2FingerprintContributor |
h2.population_samples |
1 |
Int: number of samples contributing to H2PopulationHttp2Rate. | Http2FingerprintContributor |
h2.protocol |
HTTP/1.1 |
String: HTTP protocol version (e. | unknown |
h3.* (2)
| Key | Value | Description | Source |
|---|---|---|---|
h3.is_http3 |
false |
Bool: true when the request was negotiated as HTTP/3 (QUIC). | Http3FingerprintContributor |
h3.protocol |
HTTP/1.1 |
String: HTTP/3 protocol version | Http3FingerprintContributor |
header.* (11)
| Key | Value | Description | Source |
|---|---|---|---|
header.count |
10 |
Int: total number of HTTP headers on the inbound request. | HeaderContributor |
header.has_accept |
true |
Bool: true when the request carries an Accept header. | HeaderContributor |
header.has_accept_encoding |
true |
Bool: true when the request carries an Accept-Encoding header. | HeaderContributor |
header.has_accept_language |
false |
Bool: true when the request carries an Accept-Language header. | HeaderContributor |
header.has_proxy_headers |
false |
Bool: true when the request carries proxy headers (X-Forwarded-For or Via). | HeaderContributor |
header.is_service_worker_fetch |
false |
Bool: true when the request looks like a Service Worker registration fetch (Service-Worker: script). | HeaderContributor |
header.is_websocket_upgrade |
false |
Bool: true when the request is a WebSocket upgrade (RFC 6455) and the omitted Accept-* headers should not be penalised. | HeaderContributor |
header.sec_fetch_dest |
|
String: value of Sec-Fetch-Dest header (e. | HeaderContributor |
header.sec_fetch_mode |
|
String: value of Sec-Fetch-Mode header (e. | HeaderContributor |
header.sec_fetch_same_origin |
false |
Boolean: true if Sec-Fetch-Site is "same-origin" (browser attestation of programmatic fetch) | HeaderContributor |
header.sec_fetch_site |
|
String: value of Sec-Fetch-Site header (e. | HeaderContributor |
header_correlation.* (2)
| Key | Value | Description | Source |
|---|---|---|---|
header_correlation.distinct_signatures |
2 |
Int: number of distinct primary signatures the gateway has seen reuse this header fingerprint (template-reuse detector). | HeaderCorrelation |
header_correlation.header_fingerprint |
FC532CE0 |
String: short hash of the request's full header shape, used to find clients reusing the same header template across rotating IPs/UAs. | HeaderCorrelation |
heuristic.* (3)
| Key | Value | Description | Source |
|---|---|---|---|
heuristic.confidence |
0.5745241039489921 |
Double in [0,1]: confidence of the early heuristic prediction. | HeuristicContributor |
heuristic.early_completed |
true |
Bool: true when the early heuristic was confident enough to short-circuit subsequent detectors. | HeuristicContributor |
heuristic.prediction |
bot |
String: early heuristic prediction (e. | HeuristicContributor |
ip.* (4)
| Key | Value | Description | Source |
|---|---|---|---|
ip.address |
10.10.10.1 |
String: client IP address as resolved by the proxy/forwarded-headers chain. | IpContributor |
ip.is_datacenter |
false |
Bool: true when the client IP resolves to a known datacenter / cloud provider ASN. | IpContributor |
ip.is_ipv6 |
false |
Bool: true when the client IP is an IPv6 address. | IpContributor |
ip.is_local |
true |
Bool: true when the client IP is RFC1918 / loopback / link-local (test or internal traffic). | IpContributor |
proxy.* (1)
| Key | Value | Description | Source |
|---|---|---|---|
proxy.topology |
Direct |
String: inferred proxy topology hint (e. | IpContributor |
risk.* (2)
| Key | Value | Description | Source |
|---|---|---|---|
risk.friendly_pin_trace |
fired:bot_type=Internal (network-trusted) |
String: trace of the friendly-bot pin evaluation. | unknown |
risk.justification |
Trusted internal client (network position verified) |
String: human-readable explanation of why this risk band was assigned | unknown |
session.* (1)
| Key | Value | Description | Source |
|---|---|---|---|
session.current_state |
PageView |
String: current request's Markov state (e. | unknown |
signature.* (3)
| Key | Value | Description | Source |
|---|---|---|---|
signature.header_hashes |
{"accept":"AUX_tJpM41ouddM0xxrYJQ","accept-encoding":"IcvRpgU6pLuve_BlYZaAmA","_header_order":"SXhf0tTtTIzy__dkUXn27A"} |
String (JSON): HMAC hashes of discriminatory headers. | unknown |
signature.multifactor |
MultiFactorSignatures(3 factors, primary=r0vQIYZiS2la...) |
MultiFactorSignatures: full per-factor signature set (IP+UA, IP+Plugin, etc. | unknown |
signature.primary |
r0vQIYZiS2laVZvz2Zk7DA |
String: Unified client signature (HMAC-SHA256). | BehavioralWaveformContributor |
tcp.* (1)
| Key | Value | Description | Source |
|---|---|---|---|
tcp.connection_header |
|
String: value of the HTTP Connection header (e. | TcpIpFingerprintContributor |
time.* (4)
| Key | Value | Description | Source |
|---|---|---|---|
time.day_of_week |
tue |
String: short day-of-week token in the configured timezone — "mon" / "tue" / "wed" / "thu" / "fri" / "sat" / "sun". | unknown |
time.hour_of_day |
13 |
Int (0-23): hour of day in the gateway's configured TimeOptions. | unknown |
time.is_business_hours |
true |
Bool: true when TimeHourOfDay is within [TimeOptions. | unknown |
time.is_weekend |
false |
Bool: true when TimeDayOfWeek is "sat" or "sun". | unknown |
tls.* (2)
| Key | Value | Description | Source |
|---|---|---|---|
tls.available |
true |
Bool: true when TLS handshake detail was available for this request (some edge hops strip it). | TlsFingerprintContributor |
tls.is_https |
true |
Bool: true when the request arrived over HTTPS. | TlsFingerprintContributor |
transport.* (7)
| Key | Value | Description | Source |
|---|---|---|---|
transport.headers_trusted |
true |
bool: whether edge transport fingerprint headers were trusted for this request. | unknown |
transport.is_signalr |
false |
Boolean: true if request is part of a SignalR connection (negotiate, connect, or long-poll) | unknown |
transport.is_streaming |
false |
Boolean: true if request uses any streaming transport (WebSocket, SSE, or SignalR) | unknown |
transport.protocol |
http |
String: detected transport protocol (http, websocket, grpc, grpc-web, graphql, sse) | TransportProtocolContributor |
transport.protocol_class |
unknown |
String: protocol class - "document" | "api" | "signalr" | "grpc" | "static" | "unknown" | unknown |
transport.transport_class |
http |
String: transport class - "http" | "websocket" | "sse" | unknown |
transport.trust_reason |
PrivatePeer |
string: reason for the trust verdict (AllowlistedPeer, PrivatePeer, NotAllowlisted, UntrustedPublicPeer, GateOff). | unknown |
ua.* (6)
| Key | Value | Description | Source |
|---|---|---|---|
ua.bot_name |
ClaudeBot |
String: bot product name when ua. | UserAgentContributor |
ua.bot_type |
AiBot |
String: bot category when ua. | UserAgentContributor |
ua.family |
ClaudeBot |
String: parsed browser/agent family from the UA (e. | UserAgentContributor |
ua.family_version |
1.0 |
String: parsed family + major version from the UA (e. | UserAgentContributor |
ua.is_bot |
true |
Bool: true when the UA matches a known automation / bot pattern (UserAgentContributor classification). | UserAgentContributor |
ua.raw |
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) |
User-Agent signature | UserAgentContributor |
Used in code as a tag helper:
<vc:sb-all-signals show-descriptions="true" />.
The show-descriptions attribute is optional and defaults
to false so the dashboard's dense usage stays compact.