Home » What is Non-Human Traffic?

What is Non-Human Traffic?

Non-Human Traffic (NHT) refers to any online activity that isn't generated or done by humans. From advanced bots, botnets and web crawlers, among others, NHT can be a significant concern for businesses online because it is becoming so widespread. In fact, bot traffic now makes up nearly half of all internet traffic. Bot traffic can result in inflated traffic, decreased profits, and page optimizations that could lead to a drastically negative impact on your online presence. Fraudulent traffic can also be a precursor to cyberattacks and can be used to steal tickets, attempt phishing, sending spam and malware, and conducting credential stuffing and denial of service attacks.

What is Non-Human Traffic?

Non-human traffic 101

As the name implies, non-human traffic (NHT) is a type of online traffic that is not generated by a human and is typically associated with bots or botnets. While NHT can be used for important purposes such as finding and gathering information automatically, like web crawlers browsing online content, there is also malicious NHT that is harnessed by cybercriminals to launch attacks or commit fraud.

Types of non-human traffic

Non-Human Traffic (NHT) refers to the traffic that visits a website without human interaction, much of which can be broadly categorized as good or bad bot traffic. These visits are usually generated by computer programs known as bots that mimic human behavior, making them difficult to detect. The three types of bots that are important to know include simple bots (like web crawlers), sophisticated bots, and botnets. Simple bots are created for a legitimate purpose, while sophisticated bots can do more tasks like filling out forms or even making purchases. However, illegitimate, or bad, bots are created for fraudulent activities.

While bots, including malicious bots, are responsible for a significant portion of internet traffic, they can be mitigated by using bot mitigation techniques such as CAPTCHAs and honeypots. By implementing these measures, website owners can effectively detect and block bots and botnets, keeping their website and legitimate users safe from malicious NHT.

Good bots

Non-human traffic can take different forms, including good bots that have a legitimate purpose. Good bots include search engine crawlers like Googlebot and Bingbot, which are responsible for indexing web pages for search engines. They can also provide other useful services, such as analytics and website security. Good bots can also come in the form of chatbots that act as an extension to a businesses’ customer service department and help to efficiently answer and triage customer questions and requests.

Good bots can also monitor website performance and collect valuable data that provides in-depth insight into user behavior. For instance, vulnerability scanners and crawlers help website owners identify and fix security weaknesses. Therefore, while non-human traffic may be generally viewed as a negative, good bots can be, and continue to be, beneficial to website owners and businesses.

Bad bots

Non-human traffic, also known as ‘bots’, are computer programs that can mimic human keystrokes and web surfing. They come in a variety of types, including good bots used for web indexing, monitoring, and content delivery. However, bad bots are growing in significance and now make up the most dominant form of non-human traffic. These malicious bots can be used for credential stuffing, data scraping, and launching distributed denial-of-service (DDoS) attacks.

It's estimated that a significant portion of bot traffic consists of malicious bots. As such, businesses are looking for ways to manage the bot traffic coming to their sites and prevent the damage caused by bad bots. This includes implementing advanced bot protection solutions and monitoring web traffic for unusual and anomalous patterns and behaviors.


One type of non-human traffic (NHT) is botnets, which have become a growing threat. Botnets are networks of computers that have been infected by malicious code, usually malware, and become bots often without the human user knowing their device has been hijacked. These bots are organized by a bot herder and then used to carry out malicious activities such as distributed denial-of-service attacks, credential stuffing, and data scraping. They can also be used to send out large volumes of spam emails or generate fake website visits or phishing attempts.

How to detect and block non-human traffic

Detecting and blocking malicious non-human traffic is an essential aspect of maintaining a healthy and secure online presence and protecting your customers from cybercriminals. Detection tools can monitor incoming data such as IP addresses to detect non-human behavior and any known cybercriminals. Moreover, many solutions are backed by AI and machine learning that can help to minimize false positives and can paint a true picture of a non-human's true intent.

How to block malicious non-human traffic

While detecting non-human traffic is important, it is only half the battle. Blocking malicious bot traffic is a key aspect of protecting a business and its customers from cyberattacks and fraud. To block malicious bots of all kinds, including scraper bots and botnets, website owners and security teams can employ tactics such as using CAPTCHA, employing rate limiting or throttling, and blocking known cybercriminals based on IP address, browser fingerprinting, or geofencing. By taking these measures, website owners can protect their site from non-human traffic and ensure that their data and analytics remain accurate and valuable.

Benefits of managing non-human traffic

The management of non-human traffic is important to protect online platforms from malicious bots while protecting genuine human or legitimate customer activity. Bot mitigation solutions help to detect and prevent any unwanted non-human activity, secure confidential or sensitive data, like customer credit card information or login credentials, while maintaining a positive user experience and letting legitimate bots perform their actions unimpeded. By managing non-human traffic, you can ensure that your content reaches the desired audience, and the user's overall experience is not affected by the presence of malicious bots.

That said, not all bot detection and mitigation solutions are created equal and some are more effective than many of the legacy solutions currently available on the market. For instance, many of today’s advanced bots can bypass and solve traditional CAPTCHAs or some solutions may not provide the insights you need in real time.

Arkose Labs secures enterprises from non-human traffic

Bot mitigation with Arkose Labs stops malicious non-human traffic in its tracks. Arkose Labs accurately distinguishes between human and automated traffic to neutralize automated attacks before they can scale and without harming the legitimate user experience. Using a combination of dynamic risk decisioning and targeted friction, through dynamic Arkose MatchKey challenges, Arkose Labs makes the attack incrementally more costly for attackers, which prevents them from scaling up their operations. Once the financial incentive to their bot attack is removed, cybercriminals will look elsewhere to target.

The Arkose Labs solution is so effective at rooting out automated attacks, that it is backed by an SLA guarantee. This provides commercial assurance that it will defeat bots attacks within a set timeframe, protecting your users from phishing scams, malicious messages and other forms of abuse.

If you would like to learn more about how Arkose Labs can partner with you to help secure your business from malicious, non-human traffic, book a meeting with us today.


Some common sources of non-human traffic include automated bots and botnets, search engine bots, spiders, and scrapers.

Non-human traffic can have various consequences for website owners. It can make it difficult to accurately measure website performance. Non-human traffic can also increase server costs, as it consumes server resources, resulting in slower website loading times. Bots have also become a heavily used attack vector for cybercriminals. As such, businesses should invest in a modern and effective bot mitigation solution to get a handle on any non-human traffic.