Denne oversettelsen er maskinoversatt og venter på gjennomgang. Bytt til engelsk
Dashbord

Features Reference

Six capabilities. Each one rooted in a real business outcome.

The landing page lists six icons. This page is where each one earns its keep — the thinking behind the line, the trade-off it forces, and where to find it in the product.

01. Risk Scoring

Five-tier calibrated risk. Every score traces back to which signals fired and why.

The risk score is what your code acts on. It comes back as a calibrated risk level — from minimal to critical — together with a confidence measure and the list of reasons behind the score.

We chose five tiers, not three, so the operator console can show you where your population actually sits without flattening the edges. Most traffic lands in the lowest tiers; the interesting line sits between “watch this” and “challenge this.” The top tier is reserved for sessions that are almost certainly automated or fraudulent, and its false-positive rate is benchmarked at a fraction of a percent against our internal reference set.

Where you’ll see this

  • Every verification returns the same shape: a risk level, a confidence measure, and the reasons behind it.
  • The operator console breaks the score down by category — browser intelligence, network, hardware, behavior — so a flagged session can be defended to legal, product, or the customer themselves.
  • If your team wants to build its own classifier on top, the underlying signals are available. We ship the score the way most teams want it, but you’re not locked into our weighting.

02. Bot Detection

Catches headless automation, automation frameworks, and anonymized traffic without blocking real users on privacy browsers.

Bot detection is the bread and butter. Scrapers run invisible, headless browsers; crawlers drive automation frameworks; stealth-mode actors hide behind anonymizing routes. We catch the fast lane and the slow lane both, including the off-the-shelf evasion kits built specifically to look human.

The hard part is doing this without misfiring on Brave, LibreWolf, Tor Browser, or other privacy browsers. Those have distinctive, consistent profiles; they’re not evasion attempts. We recognize them as privacy users and calibrate leniently — not as the bot they aren’t.

Where you’ll see this

  • The reasons behind a score name the specific tells in plain terms: a headless-automation signature, an automation framework’s residue, a tampered drawing test, traffic from an anonymizing route, and dozens more.
  • How much each tell weighs into the score is documented in the threat-categories doc.
  • Privacy-browser handling is calibrated against population data — see threat categories for the per-browser scoring.

03. Operator Console

Search, filter, compare devices. Audit every call. Manage keys, domains, rate limits.

The console is where your fraud team lives day-to-day. The headline surfaces:

  • Profiles list — search across everything collected, filter by risk tier, browser, country, and time window. Compare devices side by side.
  • Profile detail — every signal, every detection, every decision, visible. The receipt for anything Noxtica returned.
  • Aggregate analytics — risk distribution over time, anomaly trends, false-positive rate by browser family and country. The numbers your ops team needs to defend the configuration to product.
  • Audit log — every call and every operator action, at a standard auditors recognize.
  • Configuration — keys, domains, and rate limits, all operator-managed without a support ticket.

The point: the console exists so your team owns the policy. We provide the data; the configuration is yours.

04. Fast Verification

Verification answers in milliseconds at the edge. The collector loads its heavy work lazily and stays light.

Speed is a feature. A fingerprinting service that adds noticeable delay to your login page is one your product team will eventually rip out. Because the full picture travels inside the sealed result, verification is a quick check rather than a fresh round of data-gathering — no extra lookups while a request is in flight. It typically answers in a few milliseconds.

The browser side is just as careful. The first load is small, and the heavy measurements only run when the page actually asks for a score. Returning visitors send an even lighter signal. Everything loads in the background and never delays your page from becoming usable.

Where you’ll see this

  • The operator console has a per-endpoint latency view, broken down by region.
  • The status page (status.noxtica.com) publishes the availability target and rolling uptime.

05. Privacy by Construction

No personal data collected. No third-party calls during verification. What we store is a scrambled, one-way summary, never raw data.

Your data-protection officer sleeps better because we built this for theirs. The collector reads inert browser characteristics — never an email, never a name, never an analytics beacon, never the private data of an unrelated site. What leaves the browser is a scrambled, one-way summary; the raw values stay on the device.

We act as a sub-processor under your data processing agreement. Infrastructure stays in the EU, with no transfers outside it. Hard-delete is available on request through the backoffice, and we can sign agreements within a day.

Where you’ll see this

  • The network traffic is auditable: one sealed result when the page is scored, one verification call from your server. Nothing else.
  • The sealed result can be opened locally — you can see exactly what we send.
  • The subprocessor list lives at /subprocessors.

06. Open Integration

A clean API. A notification on every verification. Self-host the verifier on Enterprise. No vendor lock-in.

Open integration is your protection against lock-in. You can:

  • Call the API directly — no SDK required, just produce a sealed result in the browser and verify it on your server.
  • Subscribe to a notification on every verification for downstream pipelines: a data lake, a training set, a fraud-team alert channel.
  • Self-host the verifier on Enterprise as a signed, self-contained image. Same profile format, same signals, same risk tiers. Air-gapped installs are supported with an offline update bundle.

The point: if you decide to switch providers in two years, the migration is a configuration change, not a re-architecture. We don’t believe in moats built on lock-in.