Show HN: Fingerprinting browser-impersonating bots w/o JavaScript (open spec)

This addresses a critical security and operational challenge for online services: distinguishing legitimate user traffic from sophisticated bots. The 'without JavaScript' aspect is a significant differentiator, bypassing common bot detection evasion tactics and expanding applicability to environments where JS execution is limited or undesirable. Current bot detection often relies on client-side JavaScript, which is bypassable by advanced bots. Server-side detection based solely on header presence is insufficient. The pain point is the inability to reliably identify and mitigate malicious automated traffic (scraping, credential stuffing, DDoS precursors) at the network edge, leading to resource drain, data theft, and compromised user experience. This specification represents a move towards more robust, server-side, context-aware detection methods. It signals a shift from simple signature-based or JS-dependent checks to behavioral and logical consistency analysis of network requests, enhancing resilience against evolving bot tactics.