# User Agent

We maintain a list of known automation frameworks command-line clients and headless environments commonly used for bot-driven signups scraping or abuse. If the incoming user agent string matches or contains any substring from this list it is flagged as suspicious and will increase the fraud score accordingly.

The following substrings are examples of known non-browser or automation-related clients we detect:

curl/
Wget/
HTTPie/
python-requests/
Python-urllib/
Go-http-client/
Java/
Apache-HttpClient/
libwww-perl/
LWP::Simple
GuzzleHttp/
PostmanRuntime/
okhttp/
axios/
node-fetch/
HeadlessChrome
puppeteer/
ApacheBench/
feedparser/
Apple-PubSub/
AWS Lambda

This check influences the fraud score as follows: