Some bots are used passively for web scraping purposes, for example, to gather information from airlines about flight prices and destinations.
[8] Between August and September 2018, Akamai noticed a large increase in TLS tampering across its network to evade detection.
[1][10] More traditional techniques such as CAPTCHAs are also often employed, however they are generally considered ineffective while simultaneously obtrusive to human visitors.
[11] The use of JavaScript can prevent some bots that rely on basic requests (such as via cURL), as these will not load the detection script and hence will fail to progress.
[1] The source code of these JavaScript files is typically obfuscated to make it harder to reverse engineer how the detection works.