Detecting proxies, VPNs, and Tor usage with ease is a critical component of risk scoring and identity verification. Fraudsters and cybercriminals frequently use proxies to mask their real-world locations, spoof their IP addresses, or otherwise hide their online activity. Detecting proxy connections can help reduce fraud, improve compliance, and decrease the cost of fraud detection.
Detect Proxies, VPNs, and Tor Usage with Ease
Identifying if someone is using a proxy can be difficult, as many proxies obscure the IP headers that contain corroborating information, like browser type and version or OS. Fortunately, there are a number of tests you can execute on the request to determine if it has passed through a proxy server. One of the most popular tests is to check for X-Forwarded-For entries in the HTTP request headers. However, this method can be unreliable, as it doesn’t take into account that cellular networks, content delivery networks (CDNs), and some ISPs also add these headers to a connection.
A more accurate way to determine if an IP is connecting through a proxy is to look for the presence of specific IP reputation API data points. This data can provide valuable clues about a user’s true location, including whether they are attempting to mask their location by using a VPN or TOR exit node. In addition, best-in-class IP reputation APIs can even detect private VPN networks used exclusively by fraudsters and provide additional confirmation by detecting the host of the connecting device. This level of detail helps to identify risky connections faster and more reliably, without penalizing legitimate users or sacrificing privacy.