Curated List of Bot / Headless Chrome Detection Tests

v0.5.3 (21th June 2021) 🚀 [Changelog]

This page attempts to detect if you are a bot or not and is constanlty being updated.

1. Behavioral Classification
2. More Sources and Links
3. Bot Challenge
4. New Detection Tests
5. Old Detection Tests
6. Proxy/VPN Detection Tests
7. Http Headers
8. TCP/IP Fingerprint
9. TLS Fingerprint
10. Browser Fingerprint
11. Canvas Fingerprint
12. WebGL Fingerprint
13. Web Worker
14. Service Worker
15. Browser Data

Behavioral Bot Classification

The test behavioralClassificationScore gives a rating between 0 (Bot) and 1 (Human) based on advanced behavioral heuristics. A score below 0.5 means that you are most likely a bot.

The score is computed after seven seconds of browsing on this site. If you want a new score, refresh this page.

Don't worry if you are browsing this page and you are given a score between 0.7 and 1.0, the behavioralClassificationScore consist of 30+ individual classificators and it is normal that there are false positives.

In order to test your bot with a real world problem, your bot has to solve the challenge below.

More Sources/Information

Resources and Sources

1. Kinda outdated (selenium, phantomjs): bot.sannysoft.com and a GitHub repo from early 2019 with similar detection techniques.
2. Headless detection GitHub Repo, last update in 2019
3. Lot of good stuff from here: puppeteer-extra-plugin-stealth
4. Antoine Vastel: antoinevastel.com/bots and a more recent detection page using HTTP Headers and his employers datadome detection page
5. Pretty active GitHub Gist about preventing puppeteer detection
6. Rather new detection method found on GitHub
7. Vastel is detecting puppeteer with HTTP headers in early 2019...
8. hacker news discussion started by Vastel
9. And the response from Evan Sangaline, where he passes the new detection again
10. Rather recent article (February 2020) about Bot Detection 101 principles
11. Very recent (31 January 2021) and powerful bot / headless / puppeteer detection techniques
12. Che Browser, is it any good?
13. SecretAgent, The Web Browser Built for Scraping
14. CanvasBlocker nice Firefox plugin to prevent canvas fingerprinting
15. A very good article from pixelprivacy.com about Browser Fingerprinting

Other Bot Detection Sites

• browserleaks.com (very valuable information)
• pixelscan (quite good and new)
• creepjs (this guy is crazy)
• f.vision (seems to do a very good job)
• whatleaks.com (focuses on proxy detection and the networking detection aspects)

The cats: Anti Bot Companies

The following Anti Bot companies are all using their custom JavaScript detection algorithms.

• Kasada
• Shape Security
• DataDome
• Distil Networks (Acuired)
• Imperva
• Incapsula (Imperva now)
• PerimeterX
• Akamai
• FingerprintJS

• WhiteOps
• ShieldSquare
• F5
• Cloudflare (The End Boss)
• Arkose Labs
• Forter Protection
• reCAPTCHA
• BioCatch

Mouses: Bot/Proxy Companies (Selection)

The following Bot/Proxy companies are either selling bot/scraping or anonymization technology (Proxies, VPN)

• ZenScrape
• Luminati.io / Brightdata
• Oxylabs
• Smartproxy
• Storm Proxies
• scraperapi.com
• scrapingrobot.com

• GeoSurf
• NetNut
• SOAX
• scrapinghub
• PacketStream
• Apify
• scrapingbee.com

---

Bot Challenge

Your bot has to fill out the form below and submit it. Then you are prompted to confirm the pop-up dialoge. After confirmation, you will see a table with basket items and prices. Update the prices of this table and scrape the data as a final step.

Completing all those steps provides enough behaviroal information in order to classify you as BotOrNot.

Visit the Proxy/VPN detection Test Page

The Proxy/VPN detection test can be found on a dedicated page because the large test battery would otherwise clog this detection page. Those techniques are:

• Latency Test: Compare ping from browser to server with ping from web server to external IP address
• WebRTC Test: Check if WebRTC leaks the real IP address
• TCP/IP Fingerprint Test: Compare the OS induced from the TCP/IP fingerprint with the OS advertised by the User-Agent
• Open Ports Test: Check if the host connecting to the web server has open ports
• Datacenter IP Test: Check if the IP address belongs to a datacenter
• DNS Leak Test: Check if the DNS server of the client leaks any data
• IP Timezone vs Browser Timezone Test: Compare the IP geolocation timezone with the browser timezone
• HTTP Proxy Headers Test: Look for suspicious proxy headers in the HTTP headers