Traffic quality filters, explained
Traffic quality filters are the building blocks Cloak4U uses to separate real visitors from invalid traffic. Each filter checks one dimension of a visit — where it came from, how it behaves, or what reputation its network carries — and contributes to a risk score. This guide walks through the full built-in catalog, explains what each filter catches, and is honest about where each one can go wrong.
cloak4u-traffic-quality-filters.pngWhat are traffic quality filters?
A filter is a single, transparent check. On its own, a filter rarely proves that a visit is invalid — a proxy might be a privacy-conscious customer, a datacenter IP might be a legitimate corporate gateway. Cloak4U combines filters into a weighted risk score so that no single soft signal blocks a visitor by itself, while several strong signals together trigger the outcome you configured: block, challenge, or log-only.
Filters are the enforcement layer behind click fraud protection and bot traffic detection. Turning the right ones on for your traffic is the single biggest lever you have over accuracy.
It is worth being precise about what a filter does and does not do. A filter produces asignal, not a verdict. It answers a narrow question — “is this IP a known Tor exit node?” or “does the browser timezone match the IP geography?” — and reports the result with a weight. Cloak4U then sums those weighted signals into a single risk score and compares it to your threshold. This design is deliberate: it means a borderline visit needs to trip several filters before it is stopped, which keeps false positives low, while a clearly automated visit trips enough strong filters to be blocked on its own.
The built-in filter catalog
Cloak4U ships with the following built-in filters. Recommended filters are enabled by default because they target common invalid-traffic sources with a low false-positive rate; the rest are available but off by default because they can catch real users.
Core
RecommendedApplies essential safety and malformed-request checks to every visit.
Bots
RecommendedDetects common non-human traffic patterns and known automation.
Data Center
RecommendedDetects traffic from cloud/data-center providers often used for automated abuse.
Hosting
RecommendedDetects web hosting and server networks that rarely carry real customers.
Proxy / VPN
RecommendedDetects known proxy and VPN networks associated with click fraud.
TOR
RecommendedDetects Tor exit nodes.
High Risk IPs
RecommendedDetects IP addresses with poor reputation or prior invalid-traffic history.
Blacklist IPs
RecommendedUses your account-level denied IP lists.
Timezone
RecommendedChecks for mismatch between IP geography and device/browser timezone.
Government
RecommendedFlags known government/agency network ranges where applicable. Use carefully and lawfully.
Business
Off by defaultCorporate networks. Not on by default — it may block legitimate business users.
Wireless
Off by defaultMobile carrier networks. Not on by default — many real users browse from them.
Network-origin filters
Several filters look at where a visit originates, because network type is one of the strongest indicators of automated or masked traffic:
- Data Center & Hosting: traffic from cloud providers and server networks that rarely carry genuine consumers. Common for bots and scraping.
- Proxy / VPN: networks that mask a visitor’s real origin. Frequently associated with click fraud, though also used by privacy-minded real people.
- TOR: Tor exit nodes, which anonymize origin entirely and are disproportionately used for abuse.
- Government, Business, Wireless: specific network categories you may want to flag or, in most cases, deliberately leave alone.
Network-origin filters are effective because network type is expensive for an attacker to change convincingly. Anyone can spoof a user-agent string in a second, but routing genuine residential traffic at scale is costly, so a large share of automated abuse still arrives from datacenters, hosting providers, and cheap proxy pools. That is why the datacenter, hosting, proxy/VPN, and Tor filters carry high weight and are recommended for almost every account. The trade-off is that a minority of real visitors legitimately use these networks — a privacy-conscious customer on a VPN, or an employee behind a corporate proxy — which is why these filters challenge or score rather than hard-block in most configurations.
Behavioral and reputation filters
Other filters look at how a visit behaves or what history its address carries:
- Bots: known automation patterns and non-human traffic signatures.
- High Risk IPs: addresses with poor reputation or prior invalid-traffic history.
- Blacklist IPs: your own account-level denied lists, for sources you have already identified.
- Timezone: a mismatch between the IP’s geography and the device or browser timezone, which often exposes spoofed locations.
- Core: essential safety and malformed-request checks applied to every visit.
Behavioral and reputation filters complement the network-origin group. Where network filters ask “what kind of connection is this?”, these ask “has this source misbehaved, and does this visit look scripted?”. Reputation data is particularly useful against distributed abuse: an attacker may spread clicks across many addresses to stay under a per-IP limit, but if those addresses already carry invalid-traffic history, the High Risk filter catches them anyway. The Timezone filter, meanwhile, is a cheap and surprisingly effective consistency check — automation that spoofs its IP location often forgets to align the device clock, exposing the mismatch.
How the two groups work together
No group is sufficient alone. Network filters miss fraud that comes through residential proxies; behavioral filters miss brand-new bots with no reputation yet. Running both means a visit has to look clean on origin and behavior and reputation to score low. That layering is the whole point of a weighted-score approach, and it is why the recommended defaults enable filters from both groups rather than relying on any single check.
Choosing and tuning filters
The recommended set is a sensible starting point for most advertisers. From there, tuning is about matching filters to your real audience:
| If your traffic is… | Consider | Watch out for |
|---|---|---|
| Mostly mobile | Keeping Wireless off | Blocking real carrier users |
| B2B / corporate | Keeping Business off | Blocking legitimate office networks |
| Consumer retail | Enabling all recommended filters | Rare proxy false positives |
| High fraud pressure | Adding custom denylists | Over-tightening thresholds |
| Global campaigns | Using timezone + geo checks | Travelers and VPN commuters |
After enabling a filter, watch the click log for a few days. Because every decision carries a reason code, you can see exactly which filter is responsible for a block and adjust. You can pair filters with compliant campaign routing and review the results on the campaign analytics dashboard.
A reliable tuning loop looks like this: start every new filter in log-only, let it run against real traffic, then read the reason codes it generated. If the visits it flagged look genuinely invalid — datacenter origins, repeat clicks, obvious automation — promote it to challenge or block. If it is catching a meaningful share of real customers, either lower its weight, move it to challenge instead of block, or add the affected sources to an allowlist. Change one thing at a time so you can attribute the effect, and revisit the settings periodically, because both your audience and the fraud targeting you will shift over time.
Per-filter limitations
Honesty about false positives is essential to using filters well:
- Wireless would catch large numbers of genuine mobile users — leave it off unless you have a specific reason.
- Business can block legitimate corporate visitors sharing an office gateway.
- Proxy / VPN catches privacy-conscious real customers along with fraud.
- Government should be used carefully and lawfully; it flags known agency ranges that may include valid visitors.
- Timezone can misfire for travelers, VPN users, and devices with incorrect clocks.
No filter is perfect and no combination guarantees that every bot is caught or that no real visitor is ever challenged. Filters reduce invalid traffic; they do not eliminate the need to review your logs.
There is also an inherent tension between two kinds of error, and you cannot minimize both at once. A false positive challenges or blocks a real customer; a false negative lets invalid traffic through. Tightening filters trades fewer false negatives for more false positives, and loosening them does the reverse. The right balance depends on the cost of each error for your business — turning away a high-value B2B lead is expensive, so those advertisers lean conservative, while a low-margin, high-volume advertiser under heavy bot pressure may accept a few false positives to cut waste. Filters give you the dial; the correct setting is a business decision, not a technical one, and it is worth revisiting as your traffic and costs change.
Privacy and data minimization
Filters evaluate only the minimal signals needed to score a visit — IP (masked or hashed in the UI), user-agent, referrer, path, language, and coarse geo/device. Cloak4U never stores passwords, cookies, session contents, uploaded files, or private form data, and retention is configurable. See the privacy policy for details.
Conclusion
Traffic quality filters give you granular, transparent control over which visits reach your pages. Start with the recommended defaults, understand what each filter catches and where it can misfire, and tune against your own logs. Combined into a weighted score, they let Cloak4U block invalid traffic without ever disguising your content. Open the dashboard to configure your filters.