> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Verdict actions & warning flags

> Device Fingerprinting provides verdicts with a recommended action and warning flags.

## Overview

The Stytch verdict provides actionable context with each fingerprint: action, warning flags (verdict reasons), and other metadata.

***

## Action

The verdict `action` is Stytch's recommendation for what action to take.
If you are protecting a privileged action, you can use the recommended action directly or combine it into your own [decisioning](/fraud-risk/device-fingerprinting/decisioning/overview).

* `ALLOW` indicates this device does not raise warning flags or it matches known-good device configurations.
  You can allow the privileged action.
* `BLOCK` indicates this device has automation or spoofing that is undesirable.
  You should block the privileged action.
* `CHALLENGE` indicates unusual configuration that is often associated with attacks, but also has legitimate use cases.
  You can add friction like 2FA or other verification before allowing the privileged action to proceed.

***

## Warning flags (verdict reasons)

The verdict `reasons`, also known as warning flags, provide context about why a particular action was recommended. Examples:

* A `BLOCK` verdict action with `[HEADLESS_BROWSER_AUTOMATION]` reasons indicates that Stytch detected signs of headless browser automation like Puppeteer.

* A `CHALLENGE` verdict action with `[VIRTUAL_MACHINE, SMART_RATE_LIMIT_WARNING]` reasons indicates that Stytch detected the request came from a virtual machine and that the request also triggered [Intelligent Rate Limiting](/fraud-risk/device-fingerprinting/decisioning/intelligent-rate-limiting). While suspicious, it may still have legitimate uses.

<Note>
  If multiple reasons are present, the action will always be the strictest: `BLOCK` > `CHALLENGE` > `ALLOW`.
</Note>

<Note>
  For a full list of possible reasons, see [Reference guides](/fraud-risk/development/overview).
</Note>

***

## Other metadata

Stytch also provides other metadata about the request in the verdict:

<ResponseField name="is_authentic_device">
  Stytch's proprietary assessment of device authenticity. It will be false if browser deception is detected.
</ResponseField>

<ResponseField name="detected_device_type">
  Stytch's classification of the device operating system and architecture.
</ResponseField>

<ResponseField name="rule_match_type | rule_match_identifier | verdict_reason_overrides">
  Provides context about [Rules](/fraud-risk/device-fingerprinting/decisioning/set-rules) or [Verdict reason overrides](/fraud-risk/device-fingerprinting/decisioning/override-verdict-reasons) that affected the verdict action.
</ResponseField>

## Examples

This verdict indicates an authentic Apple device:

```json theme={null}
{
	// ...other fields omitted
	"verdict": {
		"action": "ALLOW",
		"detected_device_type": "APPLE_CHROME",
		"is_authentic_device": true,
		"reasons": []
	}
}
```

This verdict indicates a request that was blocked based on an [IP geolocation-based rule](/fraud-risk/get-started/use-case/block-countries):

```json theme={null}
{
	// ...other fields omitted
	"verdict": {
		"action": "BLOCK",
		"detected_device_type": "APPLE_CHROME",
		"is_authentic_device": true,
		"reasons": ["RULE_MATCH"],
        "rule_match_type": "COUNTRY_CODE",
        "rule_match_identifier": "SY",
	}
}
```