Cloudflare's Precursor Analyzes Entire Sessions to Detect Bots Beyond CAPTCHA
As bots become capable of passing CAPTCHA by operating real browsers, Precursor extends detection to the full session, making automated behavior harder to disguise.
Reporting from 1 source: GIGAZINE.
Cloudflare announced Precursor, a verification system that analyzes visitor behavior across entire web sessions to distinguish humans from bots and AI agents. It collects mouse movements, keyboard timing, and page focus data via lightweight JavaScript, evaluating patterns over time rather than at a single checkpoint. Precursor is rolling out to Enterprise Bot Management users and can be used alongside Cloudflare Turnstile.
Precursor works by inserting JavaScript into enabled websites that collects mouse pointer trajectories, keyboard operation timing, input field focus, and page display time. The data is sent periodically to Cloudflare's servers, where it is assessed in combination rather than individually. Keyboard input records only timing and rhythm, not actual characters, and behavioral data is not linked to user accounts or permanent profiles. The analysis results accumulate per session, so a bot reloading the page cannot reset the recorded characteristics. Cloudflare recommends disabling the existing JavaScript Detections feature when enabling Precursor.
Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.