Metrics and groups
User agent
User agent is a header that a browser, program, or application sends to a server when accessing a website. The user agent typically contains the browser name, its version, the engine on which the browser is based, the operating system and its version. The user agent can also contain the name and model of the mobile device on which it is running and some other information. In other words, it is a browser's business card.
The problem is that this business card is very easy to fake - using extensions or even just in DevTools. Almost any programming language has the ability to pass any information to the user agent when accessing a server. Therefore, user agents should be treated with caution.
Normally, the browser does not lie about itself. There are, of course, exceptions, such as extensions that help change the user agent, or mobile browsers or applications in which an unchanged user agent is embedded because developers are too lazy to change it. But such cases can be ignored - they are either isolated or can be added to the exceptions.
It's another matter when the transmitted information does not match what we learned about the browser as a result of checking, and this pattern prevails on a slice - through the user agent, we see a variety of browsers, but the analysis shows that these are all accesses from the same browser.
Therefore, the user agent is an "unreliable storyteller" and the information we obtain from it should be treated with a healthy dose of skepticism.
Metrics
Metrics are parameters that allow you to answer the question 'how much?' How many visits did the website have? How many of them were made by bots, and how many by real users?
General metrics
| Name | Description |
|---|---|
| Hits | Total number of checks. |
| Unique users | Number of unique users counted based on IP, user agent and client hints. |
| Good | Number of checks resulting in non-bot, non-suspicious, and non-technical loss traffic. |
| Tech. losses | Number of clicks that we couldn't verify. Reasons include browsers with disabled JS, outdated browsers, etc. |
Invalid traffic (IVT)
Invalid traffic consists of bot traffic and scammers traffic.
A bot is a program or automated script that requests web content (including digital advertising) without user involvement. It could be, for example, a browser on an infected computer that is part of a botnet, or a script written by a programmer that scrapes websites for some purpose.
Scammers traffic is traffic generated by real people who are tricked into requesting web content (including digital advertising) without knowing about it.
| Name | Description |
|---|---|
| IVT total | Number of hits made by bots or caused by scammers. |
| Crawler | Legitimate bots that honestly declare their botness through the user agent. These could be search engine bots indexing the web, social media bots, etc. Despite not having malicious intent, they cannot convert and are not the target audience, so they should be ignored. |
| Spoofing | Bots whose user agent does not match the actual browser version and/or operating system. |
| Automated | Bots using headless browsers or automation tools like Selenium. The original purpose of such solutions is to automate software, website, application testing, etc. Then bot operators realized they could also use them for click fraud, view fraud, etc., and added them to their inventory. |
| Incorrect requests | During the analysis, we found that the impression came from an invisible element. For example, a user clicked on a link, but this click ended up in an invisible iframe that was located on top of the link. So the impression will be counted, but the real user did not see the advertisement and did not know where he was clicking.
Or we found that the impression was not initiated by the user, but by a script without the user’s knowledge.. |
| Bad reputation IP | IPs from which only technical losses come. For example, someone set up a server in a data center, and using CURL, or another tool for http requests (and they are found in all programming languages), parses pages, and then clicks on advertising links using the same tool. |
| Blocked hits | Hits that were blocked according to integration settings. |
Suspicious visits (SV)
We see something suspicious in the analysis results, but it is not enough to confidently state that it is a bot. Possible reasons include the user having a harmless extension that somehow affects our checks, or the user accessing through a VPN.
Suspicious clicks require an individual approach, for example, to determine where to attribute suspicious traffic based on conversions - to fraudulent or good traffic.
| Name | Description |
|---|---|
| SV total | Number of suspicious clicks. |
| Proxy | Users accessing through VPN, proxy, or Tor. These are live clicks, but they come from non-targeted geo. If you are buying traffic from a specific geo, and there are a lot of proxies on it, then the traffic is bad. |
| Suspicion of spoofing | We suspect that user agent spoofing techniques are being used in the browser. If this metric is low, there is nothing to worry about. But if its percentage is high and you are not buying any specific mobile traffic, then there is a reason to think about it. |
| Suspicion of automated | We suspect that automation tools are being used in the browser. |
| Suspicion of fraud | Other types of suspicious activity, such as a too-wide screen, can be the result of poor layout or an attempt to hide ads outside the screen. |
Feature
Some browser features that we detect.
| Name | Description |
|---|---|
| AdBlock | Whether AdBlock is installed in the user's browser or not. Note that we only check for the presence of AdBlock; whether it is turned on or off is not checked. |
| Is mobile | Checking by characteristic features (not by user agent) whether the device is mobile (smartphones, tablets) or not (desktops, TVs). |
| WebView | Number of visits with Chrome WebView. Chrome WebView is a greatly reduced functionality version of mobile Chrome that is used in apps to view web pages, as well as many mobile browsers for Android, which are customized WebView. Most WebViews cannot display pushes. Therefore, if there is a high percentage of WebView on push traffic, the traffic may be bad. |
| IFrame | Number of visits made via iframe. <iframe> tag HTML element represents a nested browsing context, embedding another HTML page into the current one. |
| Push notifications | Number of visits from browsers that support push notifications. |
Behavioral analysis
Metrics based on the analysis of how the user behaved on the page.
| Name | Description |
|---|---|
| Visible page | The number of visits when the page received focus, meaning it was open in the foreground rather than in the background tab of the browser. |
| Active page | The number of visits when there was at least minimal activity on the page. Activity is defined as clicks, touches, scrolls, mouse movements. |
| Accepted page | The number of visits when the time from page opening to its closure exceeded 15 seconds. |
Groups
Groups are parameters that allow you to answer the question "which?". From which countries were the clicks? Which browsers did users use?
Time
| Name | Description |
|---|---|
| Hour | Groups statistics by hours. |
| Day | Groups statistics by days. |
| Week | Groups statistics by weeks. |
| Month | Groups statistics by months. The maximum period that can be selected is two months. |
Tags
| Name | Description |
|---|---|
| Integration | Kaminari integration ID. |
| Bot type | Grouping by bot types. |
| Referer | URL of the page from which the user landed on the page. |
| Sub1..Sub7 | Tags set by the client. |
Geo
| Name | Description |
|---|---|
| Language | User's preferred language, i.e. UI language set in the browser settings. |
| Timezone | User's timezone data obtained from IP address. |
| Country | Country data obtained from IP address. |
| City | City data obtained from IP address. |
| Provider | Internet service provider data obtained from IP address. |
| IP | IP without the last octet, i.e. there will always be zeros at the end, for example: 192.168.1.00. |
Device
| Name | Description |
|---|---|
| Real browser engine | All modern browsers are based on three open-source engines:
There are also three old unsupported engines that are still present on the internet in the form of Internet Explorer, in MS Edge up to version 18 and in Opera up to version 12. We can determine all 6 engines by their characteristic features, as well as determine the specific version of the engine. It is the browser engine that we write this data to. |
| Real OS | The current OS without version. |
| Browser from UA | Browser name and version taken from user agent. |
| OS from UA | Operating system and its version taken from user agent. |
| Device from UA | Mobile device manufacturer obtained from user agent. |
| Device type from UA | Device type (desktop, smartphone, smart TV, etc.) obtained from user agent. |
| Connection type | The type of connection that the device uses to connect to the network (Bluetooth, Wi-Fi, mobile internet). |
Screen
| Name | Description |
|---|---|
| Screen width | Screen width in pixels. |
| Screen height | Screen height in pixels. |
| Screen orientation | Screen orientation is relevant for mobile devices - portrait, upside-down, turned left, turned right. |
| Pixel density | How many screen pixels will be used to render one CSS pixel, i.e. this is actually the screen resolution. |