Security Edge now provides JA4 TLS client fingerprinting to identify bots and automated tools regardless of IP address or User-Agent spoofing. JA4 analyzes TLS handshake characteristics (cipher suites, extensions, supported groups) to create unique client identifiers that reveal the actual implementation, not just what the client claims to be.

Key Capabilities

• Passive extraction during TLS handshake with zero latency impact
• Threat detection for known malicious tools (Burp Suite, sqlmap, scrapers)
• Bot classification distinguishing legitimate from malicious automation
• Rate limiting by fingerprint to prevent IP-rotation attacks
• Forensic logging for audit trails and incident investigation

Use Cases

Credential Stuffing Prevention
Detect automated tools even when attackers rotate IPs and User-Agents.

API Abuse Prevention
Block scraping tools and unauthorized clients that appear as legitimate traffic.

Multi-Cloud Security
Consistent client identification across hybrid deployments regardless of network topology.

Compliance Logging
PCI-DSS compliant connection logging with forensic-grade client identification.

JA4 fingerprinting is enabled by default in Security Edge with node version 6.7.4-1 and later. For additional information, check out our documentation.