The hardest agents to count are the ones that lie. A headless scraper can send a user-agent that looks exactly like Chrome on a Mac. Rankly runs a proprietary humanity check that catches this disguise, using two ideas: whether the browser behaves like a real one, and whether its user-agent is internally consistent.

The favicon signal

Real browsers automatically fetch /favicon.ico (and icons like /apple-touch-icon.png) when they render a page. Headless scrapers almost never do. Rankly uses that difference as a lightweight signal of a real human:
  • When a request with a browser user-agent fetches a favicon, that’s strong evidence a real browser rendered the page.
  • These favicon fetches are tracked as a humanity signal, not counted as page traffic.
  • If a suspicious request comes from an IP that also fetched a favicon, the suspicious request is cleared as human, because the favicon proves a real browser was there.

User-agent coherence

Modern browsers produce user-agents that are internally consistent. Rankly checks for tell-tale signs that a user-agent was forged or comes from an old automation library, and flags those requests as disguised:
What Rankly catchesWhy it’s suspicious
Not a real browserA modern browser user-agent always starts with Mozilla/5.0. Missing it usually means a forged or very old client.
Dead browserInternet Explorer (MSIE / Trident) reached end of life in 2022. Near-zero real users remain.
Very outdated Chrome or FirefoxModern browsers auto-update within days of a release. A version more than two years old is almost always forged or an old headless engine.
Very outdated AndroidAndroid below 9 has effectively no real-world share.
Fake OS detailsSince 2023, browsers send reduced, fixed OS tokens for privacy (for example Windows NT 10.0, Mac OS X 10_15_7, Android 10; K). A user-agent reporting anything else is incoherent.

How it reads in your dashboard

Disguised hits flagged

The count of requests caught wearing a browser’s clothes but failing a coherence check, broken down by reason.

Cleared as human

Flagged requests that were cleared because the same IP also fetched a favicon, proving a real browser.
This is a defense-in-depth layer. It works alongside identity verification: verification proves a known vendor is who it claims to be, while the humanity check catches anonymous bots trying to pass as ordinary visitors.