Cloaking can be simplified into =>
if(visitor === bot) {
$loadPage = 'pageforbot.html';
}else {
$loadPage = 'pageforhuman.html';
}
Factors to be considered during cloaking development for identification =>
1. Navigator properties (F12 -> Console -> enter the word navigator and press enter, expand the result)
- userAgent, this can be further matched and compared with maxTouchPoints(to determine the authenticity of a declared userAgent to be of true mobile/desktop origin), deviceMemory(if it's below 4 usually it means bot,if null usually it means bot), hardwareConcurrency (Same as the prior point), platform (this can be used as a matching word to the declared user-agent to spot if any mismatch occurs such as the platform being win32 but the user agent string shows iPhone), cookiesEnabled(if it's false or null, usually bot), outerHeight and outerWidth(to determine user screen size), language and languages(to determine user locality, sometimes bots have no locality I think). This is the completely free and basic factors for detection other than the more in depth derivations made from WebGL rendering.
- window history, I am not sure if this will be deprecated in the future updates of the various major browsers. if you enter window.history in your browser console you will see a value that starts from 1. If a user visit your link that is not set to <a target="_blank"> which means the link is opened within the current tag instead of a new tab/window, this value will be most certainly larger than 1.
- Above can be further complimented by reading the Referer header of the user's HTTP request. If the referer is null, something is wrong.
2. IP Address
If you visit bgp.he.net you will find a list of all the declared ASN and their respective registered companies. Those that are not desirable, should be on blacklist for example Anti-virus companies, Cloud providers and such. This helps you to conduct basic IP filtration.
Next you will need to depend on a IP information provider that is not simply IP historical based in the determination of an IP being a bot or human, ipregistry is a good option but there are many others. But even so, you can't exactly make your cloaking solely dependent on this, because Luminati network exists.
I'd finish this if needed, going to bed.