First like varelaz says, one important criteria is your ISP. MaxMind provides information whether you are "Corporate" or Residential. Generally when you are Corporate / Datacenter, you get into a low-quality tier or even no ads at all for some networks.
Users following invisible links are definitive bots but otherwise, the main idea is to verify the coherence of the headers, and verify if there is a difference between theoretical browser capabilities and reality.
The behaviour is not so important because advertising networks generally have frequency capping support per IP/UID.
It's very easy to distinguish two browsers, and the browsers that declare themselves "no tracking" are even easier to track in real-life scenario because their signature is very different.
Take two Safari iOS on the same 3G networks, it's very difficult to differentiate them, but take two Brave browsers and it's quite easy to track the user.
CasperJS/PhantomJS/Selenium bots are usually running with the default resolution and they leak some javascript properties like window._phantom, window.Buffer, window.emit or window.webdriver (selenium).
Users following invisible links are definitive bots but otherwise, the main idea is to verify the coherence of the headers, and verify if there is a difference between theoretical browser capabilities and reality.
The behaviour is not so important because advertising networks generally have frequency capping support per IP/UID.
Long time ago, lots of fraud bots used to use COM/MSHTML interfaces ( like https://docs.microsoft.com/en-us/previous-versions/windows/i... ) so, even if declaring itself as Chrome, it was obviously an IE.
Now the fraud is more with Android WebViews.
It's very easy to distinguish two browsers, and the browsers that declare themselves "no tracking" are even easier to track in real-life scenario because their signature is very different.
Take two Safari iOS on the same 3G networks, it's very difficult to differentiate them, but take two Brave browsers and it's quite easy to track the user.
CasperJS/PhantomJS/Selenium bots are usually running with the default resolution and they leak some javascript properties like window._phantom, window.Buffer, window.emit or window.webdriver (selenium).