Session Enrichment.
Detect anonymized sessions and coordinated abuse in real time.

Monocle Session Enrichment enables your security and fraud teams to log, filter, or block bad traffic – defending your digital platforms with minimal user friction.

[View Pricing]

Spur Monocle Session Enrichment passively correlates IP intelligence with live session telemetry to detect automation, anomalies, and abuse in real time. Deployed via a lightweight JavaScript snippet, it operates entirely at the edge – without cookies, tracking, or centralized storage.

Modern abuse doesn’t occur in isolation; it unfolds across distributed sessions and devices. By combining session data with Spur’s global IP intelligence, Monocle exposes coordinated fraud and automation that traditional IP or device fingerprinting tools can’t detect.

Benefits:

Detect coordinated automation and credential abuse in real time.
Correlate behavioral and network indicators to identify hidden threats.
Strengthen investigations and response workflows without adding friction for legitimate users.

How Spur Detects Anonymized Sessions

01
Assess:
Passive JavaScript snippet collects session-level telemetry at the edge.
02
Correlate:
Spur enriches each session with IP intelligence and anonymization context in real time.
03
Act:
The encrypted session assessment is returned to your web server for automated decisions or investigations.

Why Teams Choose Spur Session Enrichment

Assesses individual sessions and devices in real time to detect anonymization, AI, and bots.

Real-Time Session-Level Detection

Assesses individual sessions and devices in real time to detect anonymization, AI, and bots.

Quick Insights

Includes a live dashboard for visibility into session attributes and network behavior.

Privacy-First Design

Runs assessments at the edge, not in centralized stores – no cookies, no user tracking, and no monetization of session data.

Broad Coverage

Detects new infrastructure on first use, extending Spur’s global intelligence of hundreds of millions of anonymized IPs and more than 1,100 VPN and proxy services.

Rule-Based Actions

Enables real-time policy decisions – restrict or block sessions based VPN/proxy, bot or AI attributes.

Integrations for Edge Enforcement

Security policies can be applied to assessments at your CDN for automated edge enforcement.

Fast, Flexible Deployment

Deploys via a lightweight JavaScript utility in minutes; integrates with common front-end frameworks..

Depth of Attributes

Delivers transparent session attributes at an individual device level, reducing false positives on busy IPs.

Gain Deep, Actionable Insights into User Behavior

Monocle session enrichment delivers session insights that can accelerate your perimeter defense initiatives against growing anonymization threats.

01
Traffic Intelligence
Traffic Intelligence provides insights into assessment volume and anonymity distribution metrics across your network.
02
Service & Infrastructure Intelligence
Service & Infrastructure Intelligence reveals proxy services and other infrastructure interacting with your network.
03
Geo Intelligence
Geo Intelligence reporting identifies geographic patterns and anomalies in your traffic.
04
Time of Day Behavior
Time of Day Behavior examines traffic peaks and unusual patterns.
05
Cloudflare Integration
Our no-code Cloudflare integration enables you to deploy Monocle in-line with your application and actively allow or block requests in real time based on your policy configuration.

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Use Cases

—

Reveal proxy-driven payment, identity, and transaction abuse.

Customer Success

Trusted by Teams Who Need to See What’s Real.

Social Media Platform:
Stopped account farming by correlating residential proxy detection with session behavior.
Read Case Study
Online Retailer:
Detected coordinated scalping by correlating anonymized sessions during major product releases.
Read Case Study
Gaming Company:
Exposed proxy-backed abuse by enriching sessions with infrastructure and provider attribution.
Read Case Study

Identify VPN services used in authentication and fraud workflows.

[Learn More]

Detect automation and abuse hidden behind residential IPs.

[Learn More]

Map connections with verified geographic accuracy.

[Learn More]

Detect agentic activity and automation.

[Learn More]

Review Spur’s 20+ enrichment attributes for transparency and precision.

[Learn More]

FAQs About Spur Session Enrichment

A lightweight JavaScript snippet integrates into any web framework; assessments are performed passively at the edge.

No. Monocle performs all analysis without storing user identifiers or session cookies.

Over 20 attributes combining IP enrichment (geo, ASN, proxy/VPN type) and behavioral telemetry.

All processing occurs at the edge; encrypted results are sent to your web server for controlled evaluation.

Monocle uses a Policy API to enable blocking decisions in real-time. For example, custom, granular rules enable you to block all anonymous users; connections that come from VPNs, proxies, datacenters, or RDP; when there is a mismatch in IP information; assessments from specific countries, and more.

With this level of granularity, security teams can flexibly apply user friction policies based on ground truth data, reducing the risk of blocking legitimate user sessions.

See What's Happening Inside Each Session.

Detect automation, abuse, and anonymized access across user sessions with real-time, privacy-first session enrichment from Spur.

Request a Demo View Pricing

Session Enrichment.​Detect anonymized sessions and coordinated abuse in real time.

How Spur Detects Anonymized Sessions

Assess:

Correlate:

Act: