How HUMAN (PerimeterX) Bot Defender Works
HUMAN Bot Defender is the product formerly known as PerimeterX, after PerimeterX merged with HUMAN Security. This is a neutral explainer of its signature Press & Hold challenge and the signals it uses to tell humans from automation.
Quick Answer
HUMAN Bot Defender scores traffic from client- and server-side signals and, for risky requests, shows the HUMAN Challenge — a "Press & Hold" button. HUMAN states that while you hold the button it runs proof-of-work challenges and collects signals to confirm you're a real person.
- →PerimeterX merged with HUMAN Security on July 27, 2022; the product became HUMAN Bot Defender
- →The Press & Hold challenge runs proof-of-work while signals are collected
- →The px.js sensor and _px cookies are community-documented artifacts
This guide explains how HUMAN Bot Defender detects automation — its challenge mechanism and signal sources. It is not a bypass guide. Some artifact names below are community-consensus rather than primary HUMAN documentation, and we mark them as such.
From White Ops and PerimeterX to HUMAN
HUMAN was founded in 2012 as White Ops and renamed HUMAN in early 2021. On July 27, 2022, PerimeterX merged with HUMAN Security, and PerimeterX's product became HUMAN Bot Defender. At the time of the merger, the combined company cited 500+ customers and $100M+ ARR (vendor figures).
HUMAN also states that it verifies more than 20 trillion digital interactions weekly across 3 billion unique devices (a vendor claim) — the network scale it draws on to model what normal traffic looks like.
The HUMAN Challenge: Press & Hold
The HUMAN Challenge replaces the usual image-grid CAPTCHA with a single "Press & Hold" button. HUMAN states that while the user presses and holds, the system runs proof-of-work challenges in the background and collects signals to decide whether the client is human.
HUMAN claims the challenge is solved 4-6× faster than Google reCAPTCHA and that only 0.01% of human users will ever see it (vendor claims) — reflecting a risk-based model where the visible challenge is a last step for suspicious traffic, not a universal gate.
Proof-of-work and signal collection
Per HUMAN, the press-and-hold window does two things at once: it runs a proof-of-work computation that imposes a real cost on automated solvers at scale, and it gathers interaction and environment signals from the client. Combining a cost-imposing challenge with behavioral signal collection is what makes mass automated solving expensive rather than impossible.
What the challenge looks like (and the px.js artifacts)
To a visitor, the experience is the Press & Hold button — hold until a progress indicator completes, then continue. Behind it, the security community has long documented a client sensor named px.js and cookies such as _px, _pxhd, and _px3.
Why mobile / CGNAT IPs are treated differently
Network reputation is one input to any bot-defense model, but it is also where defenders face their hardest trade-off. Mobile carrier IPs sit behind Carrier-Grade NAT (CGNAT): thousands of real subscribers share one public address, so blocking it harms a crowd of humans, not a single bot.
Cloudflare documented this in its October 29, 2025 blog, "detecting CGN to reduce collateral damage." Cloudflare reported CGNAT IPs were being rate-limited roughly 3× more often than non-CGNAT IPs despite showing lower bot activity, and built CGN detection to avoid penalizing the many humans who share those addresses.
This is a documented defender design constraint, not a bypass. It explains why mobile carrier IPs carry higher default trust at the network layer — over-blocking them is costly. See CGNAT and mobile proxies.
Sources
Related Guides
Test on real mobile carrier IPs
Genuine 4G/5G IPs in the USA, UK, and Netherlands for legitimate, compliant data work. Test it for $5.