False Positive Analysis for Web Traffic


  • This article provides guidance for how to confirm that Shape Defense is working as expected on your website after it has been enabled for real users. Specifically, you will need to determine if any legitimate traffic is marked as automation.

Return to Integrating Shape Defense



  • Shape Defense for Web



Although this documentation provides some guidance, this is a creative process. Explore your traffic reports and examine anything unexpected. Resolve all issues before you move to blocking mode.


Access Shape Defense Summary



Identify False Positives

Is any traffic marked as non-human? If yes:

  1. What is the automation Type of the non-human traffic? See Automation Types
  2. Does the traffic marked as malicious have a diurnal pattern? Pattern which increases during the day and drops at night? This might be indication of human traffic.
  3. Look at the distribution of IPs and the countries they are from. Does this distribution look like its coming in from your normal user base?
  4. Look at the User-Agent field. Is there any suspicious User-Agents present? You can also identify wanted automation (Test Tools, SEO bots etc.) through this technique.

If you noticed legitimate traffic being flagged as automation, determine if it can be put onto the allowlist.


Contact SOC ( if there are any questions.


Related Content

Return to Integrating Shape Defense

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request