Curated List of Bot / Headless Chrome Detection Tests
🚀 v0.6.2 (30th September 2023) 🚀 [Changelog]
This page attempts to detect if you are a Bot or Not. The tests are constantly kept up to date, please check the changelog here.Table of Contents
- Behavioral Classification
- More Sources and Links
- Bot Challenge
- New Detection Tests
- Old Detection Tests
- IP Address API
- Proxy/VPN Detection Tests
- Http Headers
- TCP/IP Fingerprint
- TLS Fingerprint
- Browser Fingerprint
- Canvas Fingerprint
- WebGL Fingerprint
- Web Worker
- Service Worker
- Browser Data
Behavioral Bot Classification
behavioralClassificationScore gives a
rating between 0 (Bot) and 1 (Human) based on advanced behavioral
A score below 0.5 means that you are most likely a bot.
The first score is computed after 1,5 seconds of browsing on this site. Then, the behavioral score is updated after 4 seconds, 7 seconds, 10 seconds and 15 seconds.
Don't worry if you are browsing this page and you are given a score between 0.7 and 1.0,
behavioralClassificationScore consist of 30+ individual classificators
and it is normal that there are false positives.
In order to test your bot with a real world problem, your bot has to solve the challenge below.
Resources and Sources
- Kinda outdated (selenium, phantomjs): bot.sannysoft.com and a GitHub repo from early 2019 with similar detection techniques.
- Headless detection GitHub Repo, last update in 2019
- Lot of good stuff from here: puppeteer-extra-plugin-stealth
- Antoine Vastel: antoinevastel.com/bots and a more recent detection page using HTTP Headers and his employers datadome detection page
- Pretty active GitHub Gist about preventing puppeteer detection
- Rather new detection method found on GitHub
- Vastel is detecting puppeteer with HTTP headers in early 2019...
- hacker news discussion started by Vastel
- And the response from Evan Sangaline, where he passes the new detection again
- Rather recent article (February 2020) about Bot Detection 101 principles
- Very recent (31 January 2021) and powerful bot / headless / puppeteer detection techniques
- Che Browser, is it any good?
- SecretAgent, The Web Browser Built for Scraping
- CanvasBlocker nice Firefox plugin to prevent canvas fingerprinting
- A very good article from pixelprivacy.com about Browser Fingerprinting
Other Bot Detection Sites
- browserleaks.com (very valuable information)
- pixelscan (quite good and new)
- creepjs (this guy is crazy)
- f.vision (seems to do a very good job)
- whatleaks.com (focuses on proxy detection and the networking detection aspects)
Mouses: Bot/Proxy Companies (Selection)The following Bot/Proxy companies are either selling bot/scraping or anonymization technology (Proxies, VPN)
Your bot has to fill out the form below and submit it. Then you are prompted to confirm the pop-up dialoge. After confirmation, you will see a table with basket items and prices. Update the prices of this table and scrape the data as a final step.
Completing all those steps provides enough behaviroal information in order to classify you as BotOrNot.
Old Bot Detection Tests (Intoli.com tests + additions, Fingerprint Scanner tests)
IP Address API 
I maintain a public IP API that can also be used to check whether an IP address belongs to a data center IP address range such as Azure, AWS, Digitalocean, Google Cloud Platform and many other cloud providers. Please read the full blog article for more a thorough introduction.
Proxy/VPN Detection Tests
The Proxy/VPN detection test can be found on a dedicated page because the large test battery would otherwise clog this detection page. Those techniques are:
- Latency Test: Compare ping from browser to server with ping from web server to external IP address
- WebRTC Test: Check if WebRTC leaks the real IP address
- TCP/IP Fingerprint Test: Compare the OS induced from the TCP/IP fingerprint with the OS advertised by the User-Agent
- Open Ports Test: Check if the host connecting to the web server has open ports
- Datacenter IP Test: Check if the IP address belongs to a datacenter
- DNS Leak Test: Check if the DNS server of the client leaks any data
- IP Timezone vs Browser Timezone Test: Compare the IP geolocation timezone with the browser timezone
- HTTP Proxy Headers Test: Look for suspicious proxy headers in the HTTP headers
- And many other tests that are constantly being updated!
zardaxt.py - Passive TCP/IP Fingerprint 
Several fields such as TCP Options or TCP Window Size or IP Fragment Flag depend heavily on the OS type and version. Detecting operating systems by analyzing the first incoming SYN packet is surely no exact science, but it's better than nothing.
The TCP/IP fingerprinting API allows you to get your TCP/IP fingerprint. It can be used for various purposes such as: Networking traffic analysis, Malware detection, bot detection, Proxy / VPN detection and so on.
TLS Fingerprint 
The TLS fingerprinting API allows you to get your TLS fingerprint. It can be used for various purposes such as: Networking traffic analysis, Malware detection and Bot detection.