The JA4 fingerprint is a powerful tool for identifying types of traffic accessing servers, particularly effective in mitigating DDoS attacks. It is calculated from the TLS handshake between client and server during secure connection establishment. The JA4 fingerprint can be used to differentiate between similar sources, such as IP addresses or user agents, allowing for rate limiting, blocking, or allow-listing of unwanted traffic. Additionally, it can be used for access control, particularly useful in cases where devices have dynamic IPs and require a specific type of client access. The JA4 fingerprint is not considered personally identifiable information (PII) and is not sufficient for authentication alone; however, it can add another layer of protection to ngrok endpoints when combined with other security measures.