What we actually do β and what we donβt β to keep community rankings honest.
Last updated: April 2026
CasinoRankr rankings are determined by community votes, not editorial opinion or advertising spend. Here is what happens when you vote:
Important distinction:We say βone vote per account,β not βone vote per person.β Anonymous accounts are tied to browser sessions. Clearing cookies creates a new account. We are honest about this limitation β see Limits of Our System below.
Multiple layers work together to make manipulation expensive and detectable:
A hard constraint in the database prevents any account from voting twice on the same casino. This is not application logic that can be bypassed β it is enforced at the database level.
We enforce behavior-based rate limits at multiple levels: per-account voting frequency, per-IP address hard caps, and per-session velocity checks. These limits are backed by distributed infrastructure that operates independently of application servers.
Vote requests are validated against cross-site request forgery using cookie security attributes and origin header verification. This prevents third-party sites from submitting votes on behalf of visitors.
Every vote request is validated for correct format, valid casino references, and proper vote types before processing. Malformed requests are rejected immediately.
When voting behavior exceeds normal patterns, we escalate in two ways:
When an account exceeds normal voting frequency, we require a Cloudflare Turnstile challenge β a non-intrusive human verification check. Legitimate users pass this automatically in most cases. Bots and scripts fail.
When IP-level voting volume exceeds safe thresholds, all vote requests from that IP are blocked entirely β no challenge, no bypass. This catches high-volume automated attacks.
Fail-closed design: If our rate limiting infrastructure becomes unavailable in production, the system denies all vote requests rather than allowing unprotected voting. We chose safety over availability.
Automated systems catch volume-based attacks but can miss sophisticated manipulation. I (@hkgambler, founder) personally review voting data when:
Each vote records the voterβs IP address, country, and state. This metadata supports forensic analysis when investigating potential manipulation β for example, detecting geographic anomalies where a US-only casino receives a cluster of votes from unexpected regions.
Even if some fraudulent votes get through, our scoring formula limits their impact:
Every casinoβs score is calculated using a Bayesian weighted average β the same approach used by IMDB for movie rankings. New casinos with few votes are pulled toward a neutral average. This means:
No anti-fraud system is perfect. We believe being transparent about our limitations is better than pretending they donβt exist.
Anonymous accounts are tied to browser sessions. Clearing cookies and revisiting creates a new account. A determined individual could vote multiple times by repeatedly clearing state. We are working on additional identity signals to address this.
We do not require email, phone, or social login to vote. This is a deliberate tradeoff: lower friction means more participation, but also lower certainty that each account represents a unique person.
All rate limiting has defined thresholds. An attacker who votes slowly from many different IP addresses could stay below detection limits. This is why we combine automated limits with manual review and statistical dampening.
We do not currently run automated algorithms that detect coordinated vote surges or geographic anomalies. Pattern detection is done manually by reviewing voting metadata. Automated anomaly detection is on our development roadmap.
If you believe a casinoβs ranking is being manipulated β either inflated or suppressed β we want to hear from you.
Response time: We investigate every report and respond within 72 hours. If we take action, we will follow up with what we found.
No. Rankings are determined entirely by community votes processed through a Bayesian average formula. We earn revenue through affiliate links, but affiliate relationships have zero influence on vote-based rankings. Our methodology page explains the full algorithm.
Email antispam@casinorankr.com or post in our Discord #integrity channel with the casino name and what you noticed. We investigate every report and respond within 72 hours.
The database enforces a hard constraint: one vote per anonymous account per casino. Clearing cookies creates a new account, which is a known limitation we are actively working to address with additional identity signals.
We chose low-friction anonymous voting to maximize participation. Requiring email would reduce vote volume significantly and create a barrier for casual users. We compensate with rate limiting, CAPTCHA challenges, and Bayesian weighting that dampens the effect of small-volume manipulation.
Every casino's score is pulled toward a prior average (4.0 out of 5) until it accumulates enough votes. A casino with 3 perfect votes scores lower than one with 50 votes averaging 4.5. This means manipulating a ranking requires sustained, large-scale voting β which triggers our rate limiting.
Not yet. We plan to publish periodic transparency reports covering vote removals and integrity actions. This page will be updated when that program launches.
