IPQualityScore

IPQualityScore

IPQualityScore is a fraud detection and IP intelligence service. Its scripts analyze visitor IP addresses, device fingerprints, and behavioral signals to identify bots, proxies, and fraudulent activity. IPQualityScore collects device and network metadata to generate risk scores for real-time fraud prevention.

Back to Vendor Library

Overview

IPQualityScore (IPQS) is a fraud prevention service widely integrated into e-commerce, fintech, and advertising platforms. When deployed on a website, its scripts run device fingerprinting and behavioral analysis in the browser to generate real-time risk scores, helping site operators distinguish legitimate visitors from bots, proxy users, and fraudulent actors.

What This Script Does

The IPQS script loads from IPQualityScore's CDN and performs client-side data collection to build a device fingerprint. Data gathered includes:

  • Device fingerprinting: Browser type and version, operating system, screen resolution, installed plugins, timezone, language settings, and canvas/WebGL rendering characteristics.
  • Network analysis: The visitor's IP address is evaluated against IPQS's threat intelligence database to detect VPNs, proxies, Tor exit nodes, and known-bad IP ranges.
  • Behavioral signals: Mouse movement patterns, keystroke timing, and interaction cadence to distinguish human visitors from automated bots.
  • Cookies/storage: IPQS may set first-party cookies or use localStorage to persist a device identifier across sessions for returning-visitor recognition.

The collected data is transmitted to ipqualityscore.com API endpoints, which return a fraud risk score used by the site's backend for access decisions (block, challenge, or allow).

Consent & Compliance

IPQualityScore operates in a mixed essential/analytics consent category. The fraud detection function serves a security purpose, while the device fingerprinting and behavioral profiling components collect detailed personal data.

Under GDPR and ePrivacy, device fingerprinting constitutes accessing information on the user's terminal equipment under the ePrivacy Directive, which normally requires consent. However, fraud prevention can qualify for an exemption under Article 6(1)(f) of GDPR (legitimate interest) when the processing is strictly necessary to prevent fraudulent activity. The key test is proportionality — collecting only what is necessary for fraud detection.

Under CCPA/CPRA, the device fingerprinting data constitutes personal information. If the fraud scores are used solely for security purposes and not shared with third parties for other purposes, it falls under the security exception.

Should You Block This Without Consent?

Conditional. The fraud detection functionality serves a legitimate security purpose and can operate without consent under the GDPR legitimate interest basis, provided the implementation is proportionate and limited to fraud prevention. However, if IPQS data is also used for analytics, visitor profiling, or shared with third parties beyond fraud prevention, those additional uses require consent. Review your IPQS configuration to ensure it is scoped to security-only purposes.

Visit website

Consent Categories

Essential
Analytics

Also Known As

ipqualityscoreipqsip quality scorefraud detection serviceipqualityscore apibot detectionip reputation check

Industries

Computers Electronics and Technology

Tracked Domains (1)

ipqualityscore.comEssential

Frequently Asked Questions

Is consent required for IPQualityScore on my website?

Conditional. IPQualityScore is tagged essential and analytics. Its fraud detection function may qualify as a legitimate interest under GDPR, but device fingerprinting for analytics purposes requires consent. Consult your legal team based on how you deploy it.

What data does IPQualityScore collect?

IPQualityScore collects IP addresses, device fingerprint signals, browser attributes, and behavioral patterns from page visitors. It generates a real-time risk score identifying bots, VPN or proxy users, and potentially fraudulent actors, sending this data to IPQS servers for scoring.

How does ConsentStack categorize IPQualityScore?

ConsentStack classifies IPQualityScore as essential and analytics. For essential fraud-prevention deployments it may load by default; for analytics use cases ConsentStack requires consent before the fingerprinting script fires, preventing data collection until opt-in is confirmed.

Related Vendors

Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Google Fonts
Google Fonts
Google Fonts is a free font hosting service that serves hundreds of typeface families via a global CDN. Stylesheets and font files load from fonts.googleapis.com and fonts.gstatic.com to deliver web fonts to visitors. No advertising or tracking functionality is included.
reCAPTCHA
reCAPTCHA
Google reCAPTCHA is a bot detection and spam prevention service protecting web forms, login pages, and checkout flows. Scripts analyze user behavior, mouse movements, and browser fingerprints to distinguish humans from bots. The invisible reCAPTCHA v3 scores interactions without requiring user challenges.
Google Tag Manager
Google Tag Manager
Google Tag Manager is a tag management system that lets marketers deploy and update analytics and marketing scripts without code changes. The GTM container script loads synchronously in the page head and injects configured tags, triggers, and variables on behalf of other vendors. No data collection of its own — acts as a loader for other scripts.
Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Sign in with Google
Sign in with Google
Sign in with Google is an OAuth-based authentication service that enables users to log into websites using their Google account credentials. Scripts load the Google Identity Services library, display sign-in buttons, and handle token exchange for secure authentication. Stores session tokens and authentication cookies to maintain login state across page visits.

Manage consent for IPQualityScore

ConsentStack automatically detects and manages IPQualityScore trackers so your site stays compliant with global privacy regulations.

Get started free