Iframe Webdriver Leak

Protect every paid visit

BotRefund combines browser, network, device, and behavior evidence to identify invalid traffic.

Best bot protection for your website

Detection approach

Iframe sandbox leak: navigator.webdriver is true inside a pristine dynamically-created iframe. Stealth plugins patch the main window but cannot react fast enough to patch newly spawned browsing contexts. This is a guaranteed bot signal used by high-confidence WAF vendors.

How this helps detect bots

Collect this signal alongside session context, request metadata, and other independent indicators. A single anomaly is a lead, not a verdict; corroborating anomalies make automated traffic more likely.

Legitimate traffic to consider

None. Stealth plugins cannot patch newly spawned iframe contexts in time.

Need a complete bot protection layer?

BotRefund helps website owners identify suspicious visits, protect conversion data, and build evidence for invalid-click reviews.

Explore BotRefund — best bot protection for your website