> For the complete documentation index, see [llms.txt](https://waap.docs.link11.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://waap.docs.link11.com/reference-information/hostile-bot-detection-lwcsi/biometric-behavioral-verification.md). # Biometric behavioral verification Link11 WAAP does not limit its traffic analysis to the user environment and client session. It also performs extensive, continual analysis of the user’s behavior. Every HTTP request that L11WAAP receives is anonymized and then analyzed according to numerous factors, including (partial list): * **Device and software data** (the user’s hardware, its screen resolution and orientation, the software used, battery level, stack trace, fronts and extensions, emulator detection, window size, hidden iframes, etc.) * **User interface and events** (mouse/pointer movements, clicks, taps, zooms, scrolls, keystrokes, speed of entry, etc.) * **Session data** (requests sent, IPs used, timing, frequency, etc.) * **Consumption analytics** (pages viewed, time spent, resources requested, etc.) * **Application-specific events** (and other results of user actions.) L11WAAP understands the patterns, typical values, and common relationships of these metrics for legitimate users of each protected application and API. The system performs this analysis at a granular level: not only per app, but even down to individual pages, screens, and so on. This reveals patterns of behavior unique to that particular context. L11WAAP continually analyzes the activities and behaviors of every requestor in every session. By definition, every hostile user (whether human or bot), must, at some point, deviate from the behavior of a legitimate user. As soon as this occurs, L11WAAP blocks that requestor. Using this approach, the system’s bot detection accuracy is not only high, it is also robust and resistant to reverse-engineering by threat actors. Behavioral profiles are constructed based on private analytics data, and threat actors have no realistic way of obtaining this information. {% hint style="warning" %} Biometric behavioral verification is part of the passive challenge process. To enable behavioral analysis, [passive challenges must be enabled](/using-the-product/best-practices/enabling-passive-challenges.md). {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waap.docs.link11.com/reference-information/hostile-bot-detection-lwcsi/biometric-behavioral-verification.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.