[{"data":1,"prerenderedAt":782},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":105,"body":200,"description":773,"extension":774,"meta":775,"navigation":776,"path":106,"rawbody":777,"seo":778,"stem":107,"__hash__":781},"docsv3\u002F1.docs\u002Fv3\u002F6.concepts\u002F04.checks.md",{"type":201,"value":202,"toc":753},"minimark",[203,207,221,232,235,240,247,283,287,292,319,323,326,350,354,363,385,388,393,415,419,422,445,449,452,484,488,498,503,565,569,606,610,637,641,668,672,704,708,711,750],[204,205,105],"h1",{"id":206},"checks",[208,209,210,211,215,216,220],"p",{},"Checks are the boolean and numeric facts Rupt derives from ",[212,213,214],"a",{"href":102},"signals"," plus a user's history. They turn raw measurements into the language Rupt reasons about: ",[217,218,219],"em",{},"is this fingerprint new for this user, is this IP a VPN, has this user moved impossibly far since we last saw them",".",[208,222,223,224,227,228,231],{},"A check is deliberately narrow. Each one captures a single fact at a single moment, and on its own each is weak. A new IP isn't suspicious by itself, and neither is a webmail address. The power comes from how they combine into ",[212,225,226],{"href":110},"risks"," and how your ",[212,229,230],{"href":118},"policies"," match conditions across them.",[208,233,234],{},"Here's most of what we check. We keep this in sync with the app as best we can, but it isn't a guarantee. The dashboard policy editor always has the live, complete list.",[236,237,239],"h2",{"id":238},"identity-newness","Identity newness",[208,241,242,243,246],{},"How established the user, IP, or ",[212,244,245],{"href":142},"fingerprint"," is for this account.",[248,249,250,257,265,270,275],"ul",{},[251,252,253],"li",{},[254,255,256],"code",{},"is_new_user",[251,258,259,262,263,220],{},[254,260,261],{},"is_new_ip",": see ",[212,264,173],{"href":174},[251,266,267],{},[254,268,269],{},"is_new_fingerprint",[251,271,272],{},[254,273,274],{},"user_age_days",[251,276,277,280,281,220],{},[254,278,279],{},"fingerprint_user_count",": how many users share this ",[212,282,245],{"href":142},[236,284,286],{"id":285},"network-reputation","Network reputation",[208,288,289,290,220],{},"What kind of network the connection is coming from. See ",[212,291,177],{"href":178},[248,293,294,299,304,309,314],{},[251,295,296],{},[254,297,298],{},"ip_is_vpn",[251,300,301],{},[254,302,303],{},"ip_is_proxy",[251,305,306],{},[254,307,308],{},"ip_is_tor",[251,310,311],{},[254,312,313],{},"ip_is_hosting",[251,315,316],{},[254,317,318],{},"ip_country",[236,320,322],{"id":321},"velocity-and-geography","Velocity and geography",[208,324,325],{},"How the user moves through space and time.",[248,327,328,335,342],{},[251,329,330,262,333,220],{},[254,331,332],{},"impossible_travel",[212,334,129],{"href":130},[251,336,337,262,340,220],{},[254,338,339],{},"concurrent_sessions",[212,341,125],{"href":126},[251,343,344,347,348,220],{},[254,345,346],{},"has_high_velocity",": an unusual rate of actions in a short window. See ",[212,349,185],{"href":186},[236,351,353],{"id":352},"device-counts","Device counts",[208,355,356,357,360,361,220],{},"How many devices a user has piled up. Some of the strongest ",[212,358,359],{"href":158},"account-sharing"," signals there are. See ",[212,362,137],{"href":138},[248,364,365,370,375,380],{},[251,366,367],{},[254,368,369],{},"device_count",[251,371,372],{},[254,373,374],{},"computer_device_count",[251,376,377],{},[254,378,379],{},"tablet_device_count",[251,381,382],{},[254,383,384],{},"mobile_device_count",[236,386,181],{"id":387},"email-quality",[208,389,390,391,220],{},"What kind of email address was provided. See ",[212,392,181],{"href":182},[248,394,395,400,405,410],{},[251,396,397],{},[254,398,399],{},"email_is_disposable",[251,401,402],{},[254,403,404],{},"email_is_webmail",[251,406,407],{},[254,408,409],{},"email_is_invalid",[251,411,412],{},[254,413,414],{},"email_is_accept_all",[236,416,418],{"id":417},"account-state","Account state",[208,420,421],{},"Verification and status flags on the user.",[248,423,424,429,434,439],{},[251,425,426],{},[254,427,428],{},"is_email_verified",[251,430,431],{},[254,432,433],{},"is_phone_verified",[251,435,436],{},[254,437,438],{},"is_suspended",[251,440,441,444],{},[254,442,443],{},"origin_is_new",": first time this request origin has been seen for your project in the last 90 days.",[236,446,448],{"id":447},"device-integrity","Device integrity",[208,450,451],{},"Only populated when you ship the iOS or Android SDK. Web flows leave these unset, and each platform reports only its own flags.",[248,453,454,459,464,469,474,479],{},[251,455,456],{},[254,457,458],{},"jailbroken_ios",[251,460,461],{},[254,462,463],{},"rooted_android",[251,465,466],{},[254,467,468],{},"is_simulator",[251,470,471],{},[254,472,473],{},"is_emulator",[251,475,476],{},[254,477,478],{},"debugger_attached",[251,480,481],{},[254,482,483],{},"ui_testing",[236,485,487],{"id":486},"fingerprint-observations","Fingerprint observations",[208,489,490,491,493,494,497],{},"A separate family of checks derived from the deeper ",[212,492,214],{"href":102}," we collect during fingerprinting. Unlike the checks above, these aren't conditions you match in policies directly. They roll up into the observation-only risks (",[212,495,496],{"href":134},"bots",", tampering, anti-fingerprinting, incognito, and replay attacks) so you can watch them without them forcing a verdict.",[499,500,502],"h3",{"id":501},"bot","Bot",[248,504,505,510,515,520,525,530,535,540,545,550,555,560],{},[251,506,507],{},[254,508,509],{},"bot_framework_globals",[251,511,512],{},[254,513,514],{},"navigator_webdriver_true",[251,516,517],{},[254,518,519],{},"event_istrusted_synthetic",[251,521,522],{},[254,523,524],{},"window_process_present",[251,526,527],{},[254,528,529],{},"mediadevices_absent_modern_ua",[251,531,532],{},[254,533,534],{},"devtools_open_during_flow",[251,536,537],{},[254,538,539],{},"widevine_missing_on_chrome",[251,541,542],{},[254,543,544],{},"webgl_swiftshader_renderer",[251,546,547],{},[254,548,549],{},"uach_missing_on_chrome",[251,551,552],{},[254,553,554],{},"speech_voices_empty_on_desktop_chrome",[251,556,557],{},[254,558,559],{},"screen_frame_all_zero_desktop",[251,561,562],{},[254,563,564],{},"fonts_empty_on_desktop",[499,566,568],{"id":567},"tampering","Tampering",[248,570,571,576,581,586,591,596,601],{},[251,572,573],{},[254,574,575],{},"prototype_integrity_fail",[251,577,578],{},[254,579,580],{},"plugin_prototype_mismatch",[251,582,583],{},[254,584,585],{},"engine_probe_mismatch",[251,587,588],{},[254,589,590],{},"math_random_patched",[251,592,593],{},[254,594,595],{},"uach_vs_ua_mismatch",[251,597,598],{},[254,599,600],{},"notifications_permission_spoof",[251,602,603],{},[254,604,605],{},"deviceorientation_permission_non_ios",[499,607,609],{"id":608},"anti-fingerprinting","Anti-fingerprinting",[248,611,612,617,622,627,632],{},[251,613,614],{},[254,615,616],{},"tor_browser_signature",[251,618,619],{},[254,620,621],{},"safari_itp_lockdown",[251,623,624],{},[254,625,626],{},"firefox_etp_timer",[251,628,629],{},[254,630,631],{},"brave_farbling_detected",[251,633,634],{},[254,635,636],{},"firefox_rfp_detected",[499,638,640],{"id":639},"incognito","Incognito",[248,642,643,648,653,658,663],{},[251,644,645],{},[254,646,647],{},"languages_dedup_incognito",[251,649,650],{},[254,651,652],{},"storage_quota_incognito",[251,654,655],{},[254,656,657],{},"permissions_stuck_prompt",[251,659,660],{},[254,661,662],{},"indexeddb_failures",[251,664,665],{},[254,666,667],{},"notifications_private_spoof",[499,669,671],{"id":670},"replay-attack","Replay attack",[248,673,674,679,684,689,694,699],{},[251,675,676],{},[254,677,678],{},"consumed_nonce",[251,680,681],{},[254,682,683],{},"nonce_session_mismatch",[251,685,686],{},[254,687,688],{},"unknown_nonce",[251,690,691],{},[254,692,693],{},"missing_nonce",[251,695,696],{},[254,697,698],{},"missing_cookie",[251,700,701],{},[254,702,703],{},"session_expired",[236,705,707],{"id":706},"how-checks-are-used","How checks are used",[208,709,710],{},"Checks feed two systems:",[712,713,714,737],"ol",{},[251,715,716,719,720,723,724,723,727,723,730,733,734,220],{},[717,718,109],"strong",{},": Rupt aggregates the relevant checks into a weighted score per category: ",[212,721,722],{"href":154},"account takeover",", ",[212,725,726],{"href":162},"fake account",[212,728,729],{"href":158},"account sharing",[212,731,732],{"href":166},"scraping",", and ",[212,735,736],{"href":170},"linked accounts",[251,738,739,743,744,746,747,749],{},[717,740,741],{},[212,742,117],{"href":118},": your rules can match conditions over checks directly. A policy can say \"if ",[254,745,332],{}," and ",[254,748,298],{},", challenge\" without ever going through a risk score.",[208,751,752],{},"The complete, current list of checks and their conditions lives in the policy editor in the dashboard.",{"title":754,"searchDepth":755,"depth":755,"links":756},"",2,[757,758,759,760,761,762,763,764,772],{"id":238,"depth":755,"text":239},{"id":285,"depth":755,"text":286},{"id":321,"depth":755,"text":322},{"id":352,"depth":755,"text":353},{"id":387,"depth":755,"text":181},{"id":417,"depth":755,"text":418},{"id":447,"depth":755,"text":448},{"id":486,"depth":755,"text":487,"children":765},[766,768,769,770,771],{"id":501,"depth":767,"text":502},3,{"id":567,"depth":767,"text":568},{"id":608,"depth":767,"text":609},{"id":639,"depth":767,"text":640},{"id":670,"depth":767,"text":671},{"id":706,"depth":755,"text":707},"[object Object]","md",{},true,"---\ntitle: Checks\ndescription: Checks are the boolean and numeric facts Rupt derives from signals plus a user's history: is this fingerprint new, is this IP a VPN, has this user moved impossibly far. They're the building blocks of risks and policies.\n---\n\n# Checks\n\nChecks are the boolean and numeric facts Rupt derives from [signals](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals) plus a user's history. They turn raw measurements into the language Rupt reasons about: _is this fingerprint new for this user, is this IP a VPN, has this user moved impossibly far since we last saw them_.\n\nA check is deliberately narrow. Each one captures a single fact at a single moment, and on its own each is weak. A new IP isn't suspicious by itself, and neither is a webmail address. The power comes from how they combine into [risks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks) and how your [policies](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) match conditions across them.\n\nHere's most of what we check. We keep this in sync with the app as best we can, but it isn't a guarantee. The dashboard policy editor always has the live, complete list.\n\n## Identity newness\n\nHow established the user, IP, or [fingerprint](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints) is for this account.\n\n- `is_new_user`\n- `is_new_ip`: see [New IP](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip).\n- `is_new_fingerprint`\n- `user_age_days`\n- `fingerprint_user_count`: how many users share this [fingerprint](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints).\n\n## Network reputation\n\nWhat kind of network the connection is coming from. See [Anonymizing network](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network).\n\n- `ip_is_vpn`\n- `ip_is_proxy`\n- `ip_is_tor`\n- `ip_is_hosting`\n- `ip_country`\n\n## Velocity and geography\n\nHow the user moves through space and time.\n\n- `impossible_travel`: see [Impossible travel](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel).\n- `concurrent_sessions`: see [Concurrency](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency).\n- `has_high_velocity`: an unusual rate of actions in a short window. See [Velocity](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity).\n\n## Device counts\n\nHow many devices a user has piled up. Some of the strongest [account-sharing](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing) signals there are. See [Devices](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices).\n\n- `device_count`\n- `computer_device_count`\n- `tablet_device_count`\n- `mobile_device_count`\n\n## Email quality\n\nWhat kind of email address was provided. See [Email quality](\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail).\n\n- `email_is_disposable`\n- `email_is_webmail`\n- `email_is_invalid`\n- `email_is_accept_all`\n\n## Account state\n\nVerification and status flags on the user.\n\n- `is_email_verified`\n- `is_phone_verified`\n- `is_suspended`\n- `origin_is_new`: first time this request origin has been seen for your project in the last 90 days.\n\n## Device integrity\n\nOnly populated when you ship the iOS or Android SDK. Web flows leave these unset, and each platform reports only its own flags.\n\n- `jailbroken_ios`\n- `rooted_android`\n- `is_simulator`\n- `is_emulator`\n- `debugger_attached`\n- `ui_testing`\n\n## Fingerprint observations\n\nA separate family of checks derived from the deeper [signals](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals) we collect during fingerprinting. Unlike the checks above, these aren't conditions you match in policies directly. They roll up into the observation-only risks ([bots](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots), tampering, anti-fingerprinting, incognito, and replay attacks) so you can watch them without them forcing a verdict.\n\n### Bot\n\n- `bot_framework_globals`\n- `navigator_webdriver_true`\n- `event_istrusted_synthetic`\n- `window_process_present`\n- `mediadevices_absent_modern_ua`\n- `devtools_open_during_flow`\n- `widevine_missing_on_chrome`\n- `webgl_swiftshader_renderer`\n- `uach_missing_on_chrome`\n- `speech_voices_empty_on_desktop_chrome`\n- `screen_frame_all_zero_desktop`\n- `fonts_empty_on_desktop`\n\n### Tampering\n\n- `prototype_integrity_fail`\n- `plugin_prototype_mismatch`\n- `engine_probe_mismatch`\n- `math_random_patched`\n- `uach_vs_ua_mismatch`\n- `notifications_permission_spoof`\n- `deviceorientation_permission_non_ios`\n\n### Anti-fingerprinting\n\n- `tor_browser_signature`\n- `safari_itp_lockdown`\n- `firefox_etp_timer`\n- `brave_farbling_detected`\n- `firefox_rfp_detected`\n\n### Incognito\n\n- `languages_dedup_incognito`\n- `storage_quota_incognito`\n- `permissions_stuck_prompt`\n- `indexeddb_failures`\n- `notifications_private_spoof`\n\n### Replay attack\n\n- `consumed_nonce`\n- `nonce_session_mismatch`\n- `unknown_nonce`\n- `missing_nonce`\n- `missing_cookie`\n- `session_expired`\n\n## How checks are used\n\nChecks feed two systems:\n\n1. **Risks**: Rupt aggregates the relevant checks into a weighted score per category: [account takeover](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover), [fake account](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account), [account sharing](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing), [scraping](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping), and [linked accounts](\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts).\n2. **[Policies](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies)**: your rules can match conditions over checks directly. A policy can say \"if `impossible_travel` and `ip_is_vpn`, challenge\" without ever going through a risk score.\n\nThe complete, current list of checks and their conditions lives in the policy editor in the dashboard.\n",{"title":105,"description":779},{"Checks are the boolean and numeric facts Rupt derives from signals plus a user's history":780},"is this fingerprint new, is this IP a VPN, has this user moved impossibly far. They're the building blocks of risks and policies.","B1iuGpwy-Q6ENC0d5Dnd2Cy8-NQ9xB8xW0k8YH75jvQ",1780344893235]