Skip to content

Client reputation scoring

Servers can use signals such as historic activity about an authenticated client to calculate the client’s reputation score, which estimates how likely it is to be malicious. This can determine which other mitigations to apply (e.g. cryptographic challenges) and how.

Client reputation scoring can complement IP-based reputation systems, used in reverse proxies like Akamai and Cloudflare, by considering signals about the client across devices and IP addresses.

The signals that can be used to calculate the score include:

Private State Tokens

Private State Tokens is a privacy-preserving protocol proposed by Google that allows users to demonstrate their trustworthiness on one website by sharing that they are trusted on another. As an experimental protocol designed to work in browsers and supported solely by Chrome, its applications may be limited for the time being.

See also