SYSTEM OPERATIONAL
SPARK L3
NETSPECTRA.ORG© 2026FORMALLY VERIFIED
[ PASSIVE FINGERPRINT ENGINE / ADA + SPARK ]
◆ HOW IT WORKS / DOC_FLOW

Traffic enters here.Origin stays private.

NetSpectra sits between your visitor and your application — at the edge, before HTTP reaches your code. The rest of this page shows where we stand, what we read, what your users feel, and what knobs stay in your hands.

// FLOW

Three protocol streams. One verdict per request.

Three kinds of traffic hit your edge: a real browser, a headless cluster, and a crafted client. NetSpectra reads what each one is already saying — TLS fingerprint, header order, protocol-side signals — and decides in microseconds. One passes. Two get dropped. No CAPTCHAs, no cookies, no JavaScript.

no CAPTCHAs · no cookies · no JavaScriptPROTOCOL-LAYER VERDICTS · NOT BEHAVIORAL GUESSWORKSIGNALJA4 t13d1516h2_UA Chrome/124ECH enabledREAL BROWSERUA POOLChrome/124gptbot/1.0claudebot/1.0JA4: t13d0_no_extHEADLESS CLUSTER16 03 03 02 00no SNI · no ALPNANOMALYTLS ext missingheader orderALPN spoofCRAFTED CLIENTNetSpectra · edge verdictYOUR APPDROPPEDJA4 · HEADER ORDER · TLS EXT · ALPN → ONE VERDICT
// EXPERIENCE

What your users actually see.

TWO PATHS
DETERMINISTIC
// REAL USER

The page just loads

  • No CAPTCHA, no challenge, no extra round-trip
  • No JavaScript or SDK forced onto the page
  • Your application returns the real response
// AUTOMATED TRAFFIC

Stopped at the edge

  • Blocked before HTTP reaches your app
  • Your origin IP never appears in DNS or logs
  • Optionally returned a stub response — your call, per site
// OBSERVE

What we read before your app sees a byte.

LYR_01 → LYR_03
READ AT THE EDGE
LYR_01

Network signature

Every operating system writes its packets slightly differently. TTL, TCP window size, segment size — the kernel-level details that user-space code cannot fake. We read them from the first SYN packet, before TLS even starts.

Examples
  • Initial TTL
  • TCP window size
  • MSS / TCP options order
LYR_02

Encryption signature

Every browser builds its TLS handshake in its own order — the set of ciphers, the order of extensions, the way it signals supported groups. That ordering is the JA4 fingerprint. Two visitors with the same User-Agent will have identical JA4 if they really are the same browser.

Examples
  • JA4 / JA3 fingerprint
  • Cipher suite order
  • TLS extensions, ALPN
LYR_03

Application signature

HTTP/2 lets clients announce settings frames and choose pseudo-header order. Real Chrome, Firefox, Safari all do this differently. Headless and scripted clients leave noticeable patterns that no UA-string spoofing can hide.

Examples
  • HTTP/2 SETTINGS frame
  • Pseudo-header ordering
  • Real header order
// CONTROL

What you actually control.

CTRL_01 → CTRL_03
ALL TRANSPARENT
CTRL_01

How strict per site

Set the line between «let through» and «block» for each domain. Lenient for marketing pages, strict for checkout or sign-in. Changes apply within seconds — no redeploy, no code change.

CTRL_02

Watch the edge live

See every connection, every verdict, every fingerprint — in real time. Drill into a single session, export a per-connection forensic report, mark a connection as verified if you disagree with the edge.

CTRL_03

Wire signals into your stack

Pull verdicts and fingerprints over HTTPS. Stream them into your fraud pipeline, your analytics warehouse, or your own dashboards. Webhooks for real-time, REST for batch.

// END OF DOC_FLOW

You've seen the path. Now turn on the edge.

▸ Start freevs the world
How NetSpectra Works — Passive Edge Detection | NetSpectra