IP rotation and browser spoofing are old news. HTTP/2 fingerprinting reveals what bots can't hide.
What is HTTP/2 Fingerprinting?
HTTP/2 connections have unique characteristics:
- SETTINGS frame values
- WINDOW_UPDATE patterns
- PRIORITY frame behavior
- Header order
Why Bots Fail at HTTP/2
class HTTP2Fingerprint:
KNOWN_SIGNATURES = {
'chrome': {'settings': [65536, 1000, 6291456], 'priority': True},
'python': {'settings': [4096, 100, 65535], 'priority': False},
'golang': {'settings': [4096, 250, 1048576], 'priority': False}
}
def analyze(self, conn):
fp = self.extract(conn)
for name, sig in self.KNOWN_SIGNATURES.items():
if self.match(fp, sig) > 0.9:
return {'client': name, 'confidence': 0.95}
return {'client': 'unknown'}
Cross-Validation
If User-Agent says Chrome but HTTP/2 says Python — it's a bot.
Resources
- ads-review — HTTP/2 fingerprint module
- WuXiang Shield — production analysis
Your HTTP/2 handshake is as unique as your fingerprint.
Top comments (0)