Live · Blocking threats globally

The fingerprint
they can't fake.

Snared fingerprints every request at the network and application layer before your code runs. 199 signals. One verdict. Under 50ms.

< 50ms

Edge verdict latency

199

Detection signals

99.99%

Uptime SLA

snared.intelligence.console

LIVE

19:22:0134.102.136.180

ALLOW

19:22:08185.220.101.5

BLOCK

19:22:1452.14.209.11

CHALLENGE

19:22:2193.184.216.34

ALLOW

POST /events/submit·34ms

ip34.102.136.180

asnAS15169 Google

fpsnx_4a1b...f209

nsp_idnsp_a1b2c3d4...

omni_risk11.2

verdictALLOW

Signal Depth

199 signals across every layer of the stack.

Four collection planes — each independently scoring, each cross-validating the others.

25 signals

Network & Transport

Transport-layer and connection stack analysis that identifies the true operating environment — even across proxies, VPNs, and spoofed headers.

58 signals

Runtime Integrity

Deep environment validation that distinguishes real browsers from automated tools, tampered configurations, and orchestrated headless environments.

36 signals

Hardware Identity

Hardware-level signals build a stable device fingerprint that persists across sessions, browsers, and network changes — independent of cookies or storage.

10 signals

Behavioral Analysis

Real-time interaction patterns that reveal the difference between human intent and programmatic execution — impossible to fake at scale.

199

Total signals

181

Validated

Device-ID signals

Server-injected

Architecture

Set once. Runs everywhere.

A 12kb client script. An encrypted payload. A verdict from the edge. No servers to manage, no latency added to your stack.

Collect

A 12kb snippet silently gathers 199 hardware, runtime, and behavioral signals without blocking the main thread.

snared.js (12kb gzip)

Obfuscate

Signals are encrypted into a tamper-proof, opaque payload before leaving the device. The telemetry is unreadable in transit.

E_8aF9...2xZ{enc}

Decide

Decrypted at the Cloudflare edge. Three scoring layers run in parallel. A deterministic verdict fires in under 50ms.

ALLOWBLOCK

Risk Engine

Three layers. One verdict.

Each layer scores independently. The strictest action wins.

Device Identity

Layer 1

Builds a stable, durable device identity from multi-layer environmental signals. Survives IP rotation, proxy chains, and browser attribute spoofing.

Environment Integrity

Layer 2

Runs a comprehensive battery of integrity checks across every layer of the browser and connection stack. Automation tools and tampered environments cannot pass.

ATO Session Risk

Layer 3

Scores account-takeover risk using historical session patterns, challenge outcomes, and identity continuity signals correlated across the operator graph.

Assessment Response

effective_action: challenge

{
  "device_id": "sne_9aX7b2cZk...89A",
  "nsp_id":    "nsp_8f9a2b3c4d5e6f7a",
  "omni_risk":  72.4,
  "env_action": "challenge",
  "ato_action": "allow",
  "effective":  "challenge",
  "flags": [
    "headless_env_detected",
    "datacenter_ip_range"
  ],
  "latency_ms": 34
}

nsp_identity_computation

Network Stack Fusion

HTTP/2 Settings Frame

Window size, header table, stream concurrency, frame order

TLS

TLS Fingerprint (JA4)

Cipher suites, extensions, ALPN, elliptic curves

TCP

TCP SYN Passive OS

Window size, MSS, TTL, timestamp — passive OS detection

Fused Identity Output

murmurhash3(h2|tls|tcp)

ROOT ACTOR

nsp_8f9a2b3c4d5e6f7a8b9c0d1e2f3a4b5c

Identity Graph

One operator.
Every session they've ever run.

Clear cookies, rotate proxies, randomize user agents. Bridge v3 sees through all of it. Transport-layer fingerprints survive every evasion technique we've seen. We cluster cross-session signals into a single root actor identity.

API

One line of code.
Complete threat intelligence.

Drop the snippet. Fetch the payload. POST to our edge. You get a deterministic verdict, a durable device ID, anomaly flags, and network intelligence — all in one response.

POSTapi.snared.com/v1/analyze

{
  "request_id": "req_88f92z",

  "verdict": "challenge",
  "score": 73.5,
  "action_recommended": "require_mfa",  "device": {
    "id": "sne_99BxL...89A",
    "confidence": 0.99,
    "is_new": false
  },  "flags": [
    "env_integrity_fail",
    "datacenter_ip_range",
    "runtime_anomaly_detected"
  ],  "network": {
    "ip": "185.220.101.5",
    "location": {
      "city": "Frankfurt",
      "country": "DE",
      "is_proxy_or_vpn": true
    }
  }
}

The fingerprintthey can't fake.