What is a website render blocking resource?
An explanation of blocking resources on websites.
TLS Fingerprinting is a technique used to identify and categorize the TLS configurations of clients connecting to a server. It involves analyzing the unique aspects of the TLS handshake process – the initial negotiation between client and server when establishing a secure connection. During this handshake, the client sends a "ClientHello" message containing specific details like TLS version, supported cipher suites, and other TLS extensions. The collective characteristics of this message form what is known as a TLS fingerprint.
How Does TLS Fingerprinting Work?
The process of TLS Fingerprinting revolves around examining the ClientHello message. Each client, be it a web browser, an API, or a custom application, often has a unique way of constructing this message. By analyzing the order and presence of various elements in the ClientHello, one can generate a fingerprint that is distinct to that client or a group of similar clients. These fingerprints can then be cataloged and used for various purposes.
Applications of TLS Fingerprinting
- Enhancing Security: TLS Fingerprinting can detect anomalies in network traffic. If a known malicious client has a specific fingerprint, network security systems can flag or block connections from clients with the same fingerprint.
- Traffic Management: It aids in identifying different types of traffic. For instance, distinguishing between traffic from a web browser and an automated script.
- User Identification: While it doesn’t identify individual users, it can help in recognizing traffic patterns associated with specific client types or software versions.
TLS Fingerprinting is a powerful way of identifying classes of connecting clients, eg GO, Python, Java, Curl, Chrome etc. When combined with Advanced Rate Limiting it provides strong protection against Layer 7 DDoS attacks, scraping, and account takeover attacks which typically use the same connecting client distributed amongst thousands of different IPs, usually via residential proxies.
Related Articles
What is Bot Management?
Discover what Bot Management is all about.
What are browser hints?
An overview of the different types of browser hints and how they help with website performance
What is the Critical Rendering Path?
A quick description of the critical rendering path for browsers
What is an invisible javascript device challenge?
Invisible javascript device challenges are a frictionless alternative to CAPTCHAs
What does RUM stand for/mean?
What is RUM (Real User Measurement)?