Curated List of Bot / Headless Chrome Detection Tests

πŸš€ v0.6.2 (30th September 2023) πŸš€ [Changelog]

This page attempts to detect if you are a Bot or Not. The tests are constantly kept up to date, please check the changelog here.

Table of Contents
  1. Behavioral Classification
  2. More Sources and Links
  3. Bot Challenge
  4. New Detection Tests
  5. Old Detection Tests
  6. IP Address API
  7. Proxy/VPN Detection Tests
  8. Http Headers
  9. TCP/IP Fingerprint
  10. TLS Fingerprint
  11. Browser Fingerprint
  12. Canvas Fingerprint
  13. WebGL Fingerprint
  14. Web Worker
  15. Service Worker
  16. Browser Data

Behavioral Bot Classification

The test behavioralClassificationScore gives a rating between 0 (Bot) and 1 (Human) based on advanced behavioral heuristics. A score below 0.5 means that you are most likely a bot.

The first score is computed after 1,5 seconds of browsing on this site. Then, the behavioral score is updated after 4 seconds, 7 seconds, 10 seconds and 15 seconds.

Don't worry if you are browsing this page and you are given a score between 0.7 and 1.0, the behavioralClassificationScore consist of 30+ individual classificators and it is normal that there are false positives.

In order to test your bot with a real world problem, your bot has to solve the challenge below.

Your Behavioral Score: ...

More Sources/Information

Bot Challenge

Your bot has to fill out the form below and submit it. Then you are prompted to confirm the pop-up dialoge. After confirmation, you will see a table with basket items and prices. Update the prices of this table and scrape the data as a final step.

Completing all those steps provides enough behaviroal information in order to classify you as BotOrNot.

Bot Challenge

New Detection Tests [1] [2] [3] [4]


Old Bot Detection Tests ( tests + additions, Fingerprint Scanner tests)


IP Address API [1]

I maintain a public IP API that can also be used to check whether an IP address belongs to a data center IP address range such as Azure, AWS, Digitalocean, Google Cloud Platform and many other cloud providers. Please read the full blog article for more a thorough introduction.



Proxy/VPN Detection Tests

Visit the Proxy/VPN detection Test Page

The Proxy/VPN detection test can be found on a dedicated page because the large test battery would otherwise clog this detection page. Those techniques are:

  • Latency Test: Compare ping from browser to server with ping from web server to external IP address
  • WebRTC Test: Check if WebRTC leaks the real IP address
  • TCP/IP Fingerprint Test: Compare the OS induced from the TCP/IP fingerprint with the OS advertised by the User-Agent
  • Open Ports Test: Check if the host connecting to the web server has open ports
  • Datacenter IP Test: Check if the IP address belongs to a datacenter
  • DNS Leak Test: Check if the DNS server of the client leaks any data
  • IP Timezone vs Browser Timezone Test: Compare the IP geolocation timezone with the browser timezone
  • HTTP Proxy Headers Test: Look for suspicious proxy headers in the HTTP headers
  • And many other tests that are constantly being updated!

HTTP Headers

     - Passive TCP/IP Fingerprint [1]

Several fields such as TCP Options or TCP Window Size or IP Fragment Flag depend heavily on the OS type and version. Detecting operating systems by analyzing the first incoming SYN packet is surely no exact science, but it's better than nothing.

The TCP/IP fingerprinting API allows you to get your TCP/IP fingerprint. It can be used for various purposes such as: Networking traffic analysis, Malware detection, bot detection, Proxy / VPN detection and so on.


TLS Fingerprint [1]

The TLS fingerprinting API allows you to get your TLS fingerprint. It can be used for various purposes such as: Networking traffic analysis, Malware detection and Bot detection.


fingerprintjs - Browser Fingerprint [1]


Canvas Fingerprint [1]


WebGL Fingerprint [1]



Web Worker Navigatory Property [1]




Service Worker Data [1]




Fp-collect info (Modified by Me)