Block bots.
Keep real users.

Drop one JS snippet into your site. Botardo watches behavior across every form, builds a model of what your real users look like, and scores each session in real time.

Get the snippet See how it works
npm i @botardo/client
sess_b40e91/signup
scanning…
bot score0
the problem

To your forms, every submission looks real.

Bots poison your forms. Fake leads flood your CRM. Spam overwhelms your support queue. Fraudulent signups inflate your metrics. Generic bot detection treats your checkout the same as every other checkout on the internet.

47%
of all web traffic in 2024 came from bots, the highest share in a decade.
Imperva, Bad Bot Report 2025
37%
of internet traffic is now classified as malicious automation.
Imperva, 2025
$186B
in annual losses globally from automated fraud and account abuse.
Juniper Research, 2024
73%
of businesses say bot attacks on their sites are getting harder to detect.
Netacea, State of Bots 2024
how it works

Three layers. One score.

Every session passes through three independent detection layers. Each emits its own signal. The combined score and confidence level land on a single API response, which you can act on however fits your product.

01   public signalsall plans

Reputation and fingerprint.

IP reputation, known bot signatures, device fingerprinting, and headless-browser detection. The baseline every customer gets out of the box.

ip.reputationua.signaturefp.devicetls.fingerprintheadless.detect
02   behavioralall plans

Behavioral patterns.

Mouse paths, keystroke rhythm, scroll curves measured against behavioral baselines across the web. Catches automation that looks human but doesn't move like one.

mouse.entropykbd.cadencescroll.curvefocus.dwellpaste.bursts
03   custom modelpaid

Trained on your traffic.

A model trained exclusively on your site's sessions, per form. The more your traffic flows in, the sharper it gets. Catches what general baselines miss about your specific users.

form.embeddingflow.shapeab.adaptdrift.detectretrain.weekly
why generic detection falls short

Global models miss what's normal for you.

Cloudflare, DataDome, and Kasada train on internet-wide behavior. They don't know that your users are enterprise ops teams who move slowly and deliberately, or that your checkout has an unusual multi-step pattern. Deviations from your normal get missed. Normal-looking bots sail through.

Capability
Cloudflare
DataDome
Kasada
Botardo
Trained on your traffic
●  no
●  no
●  no
●  yes
Per-form model
●  no
●  no
●  no
●  yes
No proxy or DNS change
●  no
●  no
●  no
●  yes
Adapts to your flow's shape
●  no
●  no
●  no
●  yes
Exposed score and confidence
○  partial
○  partial
○  partial
●  yes
You decide allow / challenge / block
○  partial
○  partial
●  no
●  yes
Generic global model
●  yes
●  yes
●  yes
○  partial

// a separate model per form, per site. calibrated to your users, not the internet's average.

drop in

One snippet. Every form.

Add the tag to your <head> and Botardo attaches to every form on the page, including ones rendered client-side. The score returns synchronously on submit, with a confidence level you can route on.

html · index.htmlcopy
<script
  src="https://cdn.botardo.com/v2.js"
  data-site="acme_prod"
  data-mode="score"
  defer
></script>

// every form on this page is now scored.
ts · servercopy
import { sentinel } from "@botardo/server";

export async function POST(req) {
  const { score, confidence, layers } =
    await sentinel.verify(req.headers["x-bot-token"]);

  if (score > 85) return block();
  if (score > 55) return challenge();
  return allow();
}
who it's for

Built for every product

From a brand-new SaaS to an established marketplace, if your product has forms, it has a bot problem waiting to happen. Botardo protects every one of them without making your real users jump through hoops.

01

Any product with a form that matters.

Signup, checkout, contact, lead capture, support. If users type into it, bots will eventually find it.

02

Teams that ship snippets, not policy.

Your developers can drop a tag in the head. You don't have, or want, a dedicated fraud team.

03

Products that respect their users.

You want strong detection without throwing CAPTCHAs at every visitor. Real users should never feel it.

pricing

Start free.
Get better as you grow.

Free up to 100k sessions a month. Upgrade to Pro for unlimited volume, a custom-trained model, and priority support. No surprise invoices either way.

Freeforever
$0/ month
  • Up to 100,000 sessions / month
  • Public and behavioral detection on every form
  • Real-time score and confidence in your response
  • Custom challenge and block rules
  • 30-day session timeline
  • Unlimited forms, unlimited sites
Start free
Proflat monthly
$149/ month
  • Everything in Free
  • Custom model trained per form, retrained weekly
  • Higher accuracy, fewer false positives
  • Drift detection and A/B-aware retraining
  • Priority Slack and on-call support
  • Unlimited sessions. No usage caps.
Start free trial
the core promise

Every form. One snippet. Detection that learns your users.

Stop paying for global models that don't know what your normal looks like. Get scoring for your real users, and decide for yourself what to do with the bots.

Get the snippet Read the docs