I built a scraper. Cloudflare killed it in 48 hours.
I built a web scraper for Canadian small-cap stock data and Cloudflare blocked it within 48 hours. After testing seven popular stealth-browser libraries against that gate, three times each from a real residential network, only one of the seven got through.
The one that worked drives Chrome directly, without going through Playwright (the standard Python library for browser automation). Every other browser in the test fails the same gate, regardless of whether it uses Playwright, a patched Chromium fork, a Firefox fork, or raw HTTP.
Meet the contenders
nodriver
nodriver drives system Chrome over a direct WebSocket connection to the browser's DevTools port. There is no Playwright shim in the control plane, no Runtime.enable call sequence at startup, and no middleware layer between the Python code and the browser process. It is the successor to undetected-chromedriver, from the same author (ultrafunkamsterdam). The key feature in plain terms: removing Playwright from the loop means the browser's automation footprint looks different to a detection gate, because the CDP handshake sequence no longer has Playwright's fingerprint on it.
- GitHub: github.com/ultrafunkamsterdam/nodriver
- License: AGPL-3.0 (note: AGPL requires services using nodriver to open-source modifications. Different from undetected-chromedriver's MIT license.)
- Why I tested it: it scored 28 OK / 0 blocked, the only browser with zero blocked cells across all 31 targets.
CloakBrowser
CloakBrowser is a patched Chromium fork with, per CloakHQ's documentation, 49 source-level C++ modifications targeting automation signals. It ships its own bundled Chromium build, so the browser binary itself has been modified before launch, not patched via Python hooks at runtime. It has a drop-in Playwright-compatible API.
- GitHub: github.com/CloakHQ/CloakBrowser (13.5k stars, as of 2026-05-17)
- License: MIT (Python wrapper); custom CloakBrowser binary license
- Note: the macOS darwin-arm64 build is pinned to Chromium 145 as of 2026-03-04. CloakHQ has shipped 14 Linux/Windows releases since then with no macOS update.
- In this bench because: it is the most-starred free anti-detect browser and makes the strongest marketing claims. Also because
@hasantoxr's 14/14 claim needed production verification.
curl_cffi
curl_cffi is a Python HTTP library that wraps curl-impersonate, which replaces the entire HTTPS client stack with one shaped like a real Chrome installation. It has no JavaScript engine, it is an HTTP-only tool, but the TLS handshake it sends looks indistinguishable from Chrome to a fingerprinting gate. Version 0.15.0 with impersonate="chrome" (the launch flag that selects which browser shape to imitate) defaults to Chrome 145/146 shape.
- GitHub: github.com/lexiforest/curl_cffi
- License: MIT
- In this bench because: it is the correct "raw HTTP floor" baseline, and the interesting question is how many production targets require JavaScript at all.
Patchright
Patchright is a Playwright fork that patches the CDP-leak signals Playwright exposes during browser startup, specifically the Runtime.enable and Target.setAutoAttach call sequences that anti-bot systems can detect in the protocol handshake. It supports channel=chrome, which tells it to drive the system's installed Google Chrome binary instead of a bundled Chromium, giving it a real Chrome 148 TLS fingerprint and version stamp.
- GitHub: github.com/Kaliiiiiiiiii-Vinyzu/patchright (3.2k stars, as of 2026-05-17)
- License: Apache-2.0
- In this bench because: it is the most actively maintained patched Playwright fork and the most technically credible alternative to vanilla Playwright.
Camoufox
Camoufox is a Firefox fork modified at the C level to spoof fingerprinting APIs (canvas, WebGL, screen geometry, navigator properties) using randomized but internally consistent values. Because it is Firefox-derived, its TLS handshake has a Firefox shape (a different cipher suite order than Chrome), which is detectable but also whitelisted on many targets that block Chrome-shaped automation.
- GitHub: github.com/daijro/camoufox (8.4k stars, as of 2026-05-17)
- License: MPL-2.0
- In this bench because: Firefox-derived TLS is a genuinely different attack surface from the Chromium-based tools, and the question of whether that difference helps or hurts on production targets is worth measuring.
vanilla Playwright
Vanilla Playwright is the baseline. Chromium 147, no stealth patches, Microsoft's official automation library. It does not attempt to hide that it is an automation tool. Its TLS handshake is a Chromium handshake, its CDP startup sequence is stock, and its navigator properties advertise webdriver: true unless patched.
- GitHub: github.com/microsoft/playwright
- License: Apache-2.0
- Included as: the baseline every other browser has to beat.
rebrowser-playwright
rebrowser-playwright is a Playwright fork that applies CDP-leak patches similar to Patchright's approach, but with a different patch strategy and different bundled Chromium version (136, which is twelve versions behind Patchright's Chrome 148). The repository's last code commit was September 2024 (the GitHub "pushed_at" of 2025-05-09 reflects a metadata-only touch), so it is effectively unmaintained.
- GitHub: github.com/rebrowser/rebrowser-playwright
- License: unspecified (no LICENSE file in the repo)
- Reason for inclusion: it is the second major patched Playwright fork. The head-to-head with Patchright and vanilla was the direct question the bench was built to answer.
What I did
Seven browsers, 31 targets across four categories (JS-layer detection panels, TLS fingerprint endpoints, live Cloudflare and other anti-bot production sites, and high-traffic content sites that fingerprint quietly), three independent sweeps from one residential Mac Studio IP across one night. Headed mode, all free or already on hand. Full source and raw records at github.com/ianlpaterson/anti-detect-browser-bench.
Which browser wins the bench?
nodriver wins outright with zero blocked targets. Patchright, CloakBrowser, and Camoufox cluster in the middle. Vanilla and rebrowser tie at the bottom. Raw curl_cffi ties CloakBrowser at 26 OK: a 21-line wrapper performs identically to a Chromium fork with 49 source-level C++ patches.
The signal driving most disagreement is automation-protocol fingerprinting (anti-bot gates checking HOW the browser is being driven, not what the browser claims to be). nodriver wins because it drives Chrome over CDP directly, with no Playwright shim. Playwright leaves protocol-level traces that fingerprint-patch tools do not address.
Per-browser totals (identical across N=3)
651 records (217 cells × 3 runs), zero verdict drift across five hours from one residential IP.
| Browser | OK | Gated | Blocked | Engine |
|---|---|---|---|---|
| nodriver | 28 | 3 | 0 | Google Chrome 148.0.7778.168 (system browser) |
| cloak | 26 | 3 | 2 | Chromium 145.0.7632.109 |
| curl_baseline | 26 | 3 | 2 | curl_cffi 0.15.0 (impersonate=chrome) |
| patchright | 25 | 3 | 3 | Chrome 148.0.7778.168 (channel=chrome) |
| camofox | 25 | 3 | 3 | Firefox 135.0.1-beta.24 (camoufox) |
| vanilla | 24 | 2 | 5 | Chromium 147.0.7727.15 |
| rebrowser | 24 | 2 | 5 | Chromium 136.0.7103.25 (rebrowser bundle v1169) |
Per-target verdict matrix
Twenty-five of thirty-one targets agree across all seven browsers. The six that disagree are where the signal lives.
| Target | vanilla | patch | cloak | camo | rebro | nodrv | curl |
|---|---|---|---|---|---|---|---|
| amazon-product | ok | ok | ok | ok | ok | ok | ok |
| booking-search | ok | ok | ok | ok | ok | ok | ok |
| bot-incolumitas | gated | gated | gated | gated | gated | gated | gated |
| browserleaks | ok | ok | ok | ok | ok | ok | ok |
| browserleaks-tls | ok | ok | ok | ok | ok | ok | ok |
| browserscan-bot | ok | ok | ok | ok | ok | ok | ok |
| canadianinsider | BLK | BLK | BLK | BLK | BLK | ok | BLK |
| ceo-ca | ok | ok | ok | ok | ok | ok | ok |
| creepjs | ok | ok | ok | ok | ok | ok | ok |
| crunchbase-cf | ok | ok | ok | ok | ok | ok | ok |
| devto | ok | ok | ok | BLK | ok | ok | ok |
| github-explore | ok | ok | ok | ok | ok | ok | ok |
| glassdoor | BLK | BLK | BLK | BLK | BLK | gated | BLK |
| google-search | BLK | BLK | ok | ok | BLK | ok | ok |
| indeed-jobs | ok | ok | ok | ok | ok | ok | ok |
| instagram-post | ok | ok | ok | ok | ok | ok | ok |
| linkedin-jobs | ok | ok | ok | ok | ok | ok | ok |
| medium | BLK | gated | gated | gated | BLK | ok | gated |
| newsfilecorp | ok | ok | ok | ok | ok | ok | ok |
| nowsecure-cf | ok | ok | ok | ok | ok | ok | ok |
| pixelscan-bot | ok | ok | ok | ok | ok | ok | ok |
| pixelscan-fp | ok | ok | ok | ok | ok | ok | ok |
| rebrowser-detector | ok | ok | ok | ok | ok | ok | ok |
| ok | ok | ok | ok | ok | ok | ok | |
| sannysoft | ok | ok | ok | ok | ok | ok | ok |
| sedarplus | gated | gated | gated | gated | gated | gated | gated |
| stackoverflow | BLK | ok | ok | ok | BLK | ok | ok |
| stockwatch | ok | ok | ok | ok | ok | ok | ok |
| tiktok-user | ok | ok | ok | ok | ok | ok | ok |
| tls-peet | ok | ok | ok | ok | ok | ok | ok |
| x-explore | ok | ok | ok | ok | ok | ok | ok |
Which six targets disagree across browsers?
canadianinsider: nodriver passes, every other browser hard-blocked. Six Chromium and Firefox stealth approaches fail the same Cloudflare-Turnstile-protected page, while Chrome 148 driven over plain CDP with no Playwright passes. I retried canadianinsider across all three sweeps to confirm nodriver wasn't catching a brief Cloudflare window. The pass reproduced every time.
medium: nodriver alone passes OK. Patchright/Cloak/Camoufox/curl hit a Cloudflare interstitial, vanilla and rebrowser hard-blocked. Same axis as canadianinsider, softer landing.
glassdoor: nodriver gets a soft DataDome challenge, the other six hit a 403.
google-search: Cloak, Camoufox, nodriver, and curl_cffi pass. Patchright, vanilla, and rebrowser hard-block. Patchright joining the unpatched-browsers club is notable: the patches don't address whatever this gate keys on.
dev.to: six browsers pass, Camoufox alone blocked, consistent with a Firefox TLS quirk the CDN flags.
stackoverflow: vanilla and rebrowser hard-blocked, every other browser passes. The clearest single-finding evidence that rebrowser's CDP-leak patches do not change outcomes. rebrowser fails exactly where vanilla fails, on this one cell and across the rest of the matrix.
rebrowser-playwright vs vanilla Playwright: identical block sets
rebrowser-playwright and vanilla Playwright both score 24 OK, 2 gated, 5 blocked. Block sets identical: canadianinsider, medium, google-search, stackoverflow, glassdoor. On these 31 targets, rebrowser is functionally vanilla.
stackoverflow is the clearest evidence: vanilla and rebrowser both blocked while every other browser passes. One caveat: rebrowser ships Chromium 136, eleven versions behind vanilla's Chromium 147 and twelve behind Patchright's Chrome 148. Some of the identical-to-vanilla performance is plausibly a version effect.
Patchright vs vanilla Playwright: +1 OK, same google-search blind spot
Patchright is +1 OK and -2 blocked versus vanilla (25 vs 24 OK, 3 vs 5 blocked). The gain comes from stackoverflow. Patchright does not recover canadianinsider or google-search.
The channel=chrome flag matters as much as the patches: running system Chrome 148 delivers fingerprint protection at a layer no patch can replicate. I expected the patches to be the bigger lever. The matrix showed channel=chrome is.
Camoufox vs Patchright: tied at 25 OK, different failure modes
Camoufox runs Firefox 135.0.1-beta.24. Blocks: canadianinsider (every browser except nodriver fails), sedarplus (every browser fails, F5 BIG-IP ASM), and dev.to (only Camoufox fails, Firefox TLS quirk).
In the camoufox vs playwright comparison, Camoufox passes google-search where three Chromium-based browsers (including vanilla Playwright) block, and passes medium's gate where vanilla and rebrowser are hard-blocked. The Firefox TLS shape loses on one cell (dev.to) and wins on one (google-search). When I started this bench I assumed Firefox would lose harder than it did on Chromium-shaped gates. It didn't. The matrix driver is automation-protocol fingerprinting, not cipher lists.
curl_cffi vs CloakBrowser: identical scoreboards on 31 targets
26 OK, 2 blocked, 3 gated each. They share the same failures (canadianinsider, glassdoor) and the same gates (medium, sedarplus, bot-incolumitas), differing only in which specific cells fall where.
CloakBrowser is a 130MB Chromium fork with 49 C++ patches. curl_cffi is a 6.4MB Python wheel with a Chrome-shaped HTTPS stack. Same matrix result. I triple-checked the curl_baseline column because it reads like a typo. It isn't. If a 21-line wrapper ties a 130MB patched fork, that fork is paying for something the matrix doesn't measure.
Why is CloakBrowser's macOS build stuck on Chromium 145?
The CloakBrowser darwin-arm64 build at version 0.3.28 ships Chromium 145.0.7632.109. CloakHQ's GitHub releases page shows fourteen Linux and Windows releases since then, the most recent at 146.0.7680.177.4 on 2026-04-28. The macOS pipeline has been dead for two months.
The bench measures what's actually shipping. The old version is the only version macOS users can install. rebrowser's bundled Chromium 136 is the same story: twelve versions behind stable.
nodriver vs Playwright: why automation-protocol fingerprinting beats patches
nodriver passes canadianinsider while every patched Chromium fails it. nodriver connects to system Chrome's DevTools port over a plain WebSocket, without Playwright's accessibility layer, without the Runtime.enable and Target.setAutoAttach sequence Playwright issues at startup.
Why fingerprint patches don't reach the protocol layer
The gate checks the protocol handshake the browser exposes on the way to rendering. Static fingerprints (TLS handshake, JA4 hash, navigator properties, canvas readback) are the wrong surface. CDP through Playwright leaves a recognizable shape. A fingerprint-patch tool can rewrite navigator properties all day without touching this layer.
canadianinsider, medium, and glassdoor confirm this across three vendors. Cloudflare on canadianinsider doesn't look at the JS-runtime layer because the automation-protocol layer already gave the browser away. nodriver still gets gated on sedarplus, bot-incolumitas, and glassdoor (soft, not hard-blocked).
Why a residential proxy doesn't help: shape coherence
The gate cross-checks layers for consistency. The Mac Studio is shape-coherent: residential British Columbia IP, macOS Chrome TLS handshake, macOS Chrome JavaScript fingerprints, macOS Chrome HTTP/2 SETTINGS frame ordering (each HTTP/2 client advertises tuning parameters in a predictable order that fingerprints the client library), all from the same host, with no mismatched signal for a gate to flag. A proxy only rewrites the source IP, and everything above TCP still leaks the real client.
| Anti-bot signal | Where it actually comes from | Does a proxy fix it? |
|---|---|---|
| IP address (residential vs datacenter ASN) | TCP source | Yes |
| TLS / JA4 handshake fingerprint | The HTTPS client | No |
| HTTP/2 SETTINGS frame ordering | The HTTPS client | No |
| navigator.platform, navigator.userAgent | The browser process | No |
| Canvas / WebGL / audio fingerprints | Browser process, host GPU, host fonts | No |
| screen.width, screen.height, devicePixelRatio | The browser process | No |
| navigator.connection rtt + effectiveType | Network conditions | No (round-trip time gets worse through a proxy) |
A Linux server behind a residential proxy manufactures a fresh contradiction the gate uses against it.
For HTTP-only scraping, the TLS layer alone is recoverable with curl_cffi. For JavaScript-rendered scraping, the browser process has to live on the host that owns the residential IP. There is no proxy shortcut that delivers macOS-shape JavaScript fingerprints from a Linux server. I tried a residential proxy in front of a Linux VPS during an earlier sweep, and every Cloudflare-protected target blocked it harder than the unproxied Mac Studio.
How the bench classifies each cell
Methodology lives in the bench repo at github.com/ianlpaterson/anti-detect-browser-bench. Highlights: a four-way verdict classifier (ok/gated/blocked/error) checking title regexes, body vendor signatures, and short-body shim pages. Each cell gets up to 3 attempts with early-exit on 2 consecutive matching non-error verdicts. The seven browsers run in randomized order each sweep to prevent reputation accumulation. Phase 6 wall clock was 5h11m across N=3 from 22:39:39 PT through 03:51:17 PT. Peak RSS ranged 57.9MB (curl_baseline) to 13306MB (Patchright). Eighty unit and regression tests cover the classifier, response-frame logic, retry logic, and the curl_baseline parser. The README has the full details.
What this bench can't tell you
The matrix is one residential IP, one operating system, thirty-one targets, one night. Patterns that survived three independent runs are stable inside that frame. Outside it, several axes can flip the result.
Rotating proxies change the ranking
The techinz/browsers-benchmark repository tests with rotating residential proxies and up to 3 retries per cell. Their headline: Camoufox bypasses 100%, CloakBrowser 83.3% headed and 50.0% headless. The order is reversed from mine. Rotating proxies prevent IP reputation from accumulating against Camoufox's identifiable Firefox fingerprint. My single-IP setup is the worst case for Camoufox in that one respect.
Targets shift mid-test
sedarplus.ca swapped anti-bot vendors mid-session during Phase 5: F5 BIG-IP ASM early, Radware Shieldsquare later, gated on every browser by Phase 6. A matrix is a snapshot, not a permanent fact. Cloudflare Turnstile is also site-state-dependent (the v2 stub reported all browsers failed nowsecure-cf, Phase 6 shows all pass).
Version effects masquerade as patch quality
Browser versions span Chrome 136 (rebrowser) to Chrome 148 (Patchright via channel=chrome and nodriver via system Chrome), with Firefox 135 (Camoufox) in the mix. Some apparent stealth is "this build happens to match what users have installed."
The durable finding
Automation-protocol fingerprinting is a separate problem from TLS fingerprinting and JS-layer detection. The stealth-browser ecosystem is mostly solving the first two. Defeating the third requires a control plane that is not Playwright.
Which anti-detect browser should you use?
The most important decision happens before browser choice: identify which layer your target gates on. JS-fingerprint targets are where current Chromium passes unpatched. TLS-fingerprint targets reward Camoufox's Firefox shape and curl_cffi's impersonate=chrome about equally. Automation-protocol-fingerprinting targets are the cliff: Playwright forks fail regardless of patch quality.
| If you're scraping... | Use | Why |
|---|---|---|
| Cloudflare-gated production targets where canadianinsider matters | nodriver | The only browser on the matrix with zero blocked cells |
| A drop-in Playwright replacement and your stack is locked in | Patchright with channel=chrome | Real Chrome 148 + the smallest patch-quality risk |
| Sites that whitelist Firefox or fingerprint Chrome shape | Camoufox | Firefox 135 stealth, beats Chromium forks on google-search |
| HTML you can parse without JavaScript execution | curl_cffi | 26 of 31 targets in a 21-line wrapper, no browser process |
| A turnkey patched Chromium and you'll write the cookie layer | CloakBrowser | Matches curl_baseline on this matrix, real product, real build chain |
nodriver is the only browser through canadianinsider. Tradeoff: its asyncio object model requires an adapter layer in any Playwright codebase. AGPL-3.0 license has commercial implications worth reviewing with counsel.
Patchright with channel=chrome beats vanilla by one OK and unblocks stackoverflow by running system Chrome 148 instead of bundled Chromium.
Camoufox beats Chromium forks on google-search and medium's gate but loses dev.to on a Firefox TLS quirk.
curl_cffi is pip install curl_cffi + requests.get(url, impersonate="chrome"). The TLS handshake defaults to Chrome 145/146 shape.
CloakBrowser is a real product with cookie handling and Turnstile auto-resolve worth paying for. Raw stealth headroom over curl_cffi is not supported by the data.
rebrowser-playwright posts the same OK set as vanilla and has had no real code commits since September 2024. Skip.
In production, I run nodriver for canadianinsider scraping, Patchright with channel=chrome everywhere else, and curl_cffi for the targets that don't need JavaScript at all.
FAQ
What is automation-protocol fingerprinting and how does it differ from JA4 or JS-layer detection?
JA4 hashes the TLS handshake. JS-layer detection inspects navigator properties after the page loads. Automation-protocol fingerprinting sits between them, detecting the protocol shape used to drive the browser. Fingerprint patches do not reach this layer.
Why does nodriver pass canadianinsider when every patched Chromium fails?
nodriver drives system Chrome over a plain CDP connection with no Playwright in the loop, which removes the protocol-handshake shape the gate keys on at startup.
Can I just use a residential proxy with my existing Playwright on a VPS?
No. A proxy rewrites only the IP layer. TLS handshake, HTTP/2 frames, navigator properties, and canvas fingerprints all originate from the actual host. A Linux server behind a residential proxy still advertises a Linux-shape browser, which is the contradiction gates flag.
Is CloakBrowser actually no better than curl?
On 31 targets, OK counts are identical (26 each). CloakBrowser has features the matrix does not test: cookie handling, Turnstile auto-resolve, human-cursor modeling. For HTML parsing, curl_cffi is sufficient. For persistent browser sessions, Cloak is the better tool.
Did Cloudflare Turnstile pass for every browser? The v2 stub said no browser passed.
Yes, every browser passed nowsecure-cf in Phase 6. The v2 stub measured the same target two weeks earlier and got the opposite result. Turnstile is site-state-dependent. Treat any single-session result as transient.
What about rebrowser passing JS-layer detection panels its README highlights?
rebrowser passes browserscan-bot, pixelscan-bot, and rebrowser-detector. So does every other browser including vanilla. Those panels are saturated by current Chromium. The disagreement happens on production targets, where rebrowser fails identically to vanilla.
Should I run rotating residential proxies?
If your target list overlaps with mine, yes. Camoufox's Firefox TLS fingerprint is identifiable on repeated single-IP hits, and rotation solves that. Proxies are a larger lever than browser choice for sustained workloads.
Why didn't you include real Mozilla Firefox?
Manual Firefox 150 on canadianinsider passed Cloudflare Turnstile from a fresh private window. Selenium-driving the same Firefox with dom.webdriver.enabled=false got blocked. The gate keys on detectable automation, not Firefox itself.
What is the difference between Patchright and vanilla Playwright?
Patchright patches CDP-leak signals at startup and supports channel=chrome to drive system Chrome 148. On Phase 6 it scores +1 OK over vanilla (25 vs 24) and unblocks stackoverflow. The version advantage does as much work as the patches.
Does curl_cffi bypass Cloudflare?
Sometimes. On Phase 6 it passed 26 of 31 targets by replacing the HTTPS client stack with one shaped like current Chrome. It fails on canadianinsider, glassdoor, and any target requiring JavaScript execution.
What is JA4 fingerprinting?
JA4 hashes the TLS handshake: cipher suites, extensions, ALPN, and their order. Anti-bot services match that hash against known browser profiles. A headless-Chrome JA4 differs measurably from a real-Chrome JA4.
How does Cloudflare detect headless browsers?
Cloudflare layers signals: TLS handshake (JA3/JA4), HTTP/2 SETTINGS frame ordering, JavaScript runtime properties, behavioral patterns, and automation-protocol shape. The Phase 6 matrix shows automation-protocol shape is the layer most patched browsers ignore.
Is nodriver safe to use in production?
Functionally yes. nodriver is actively maintained and scored 28 of 31 with zero blocked cells. Caveats: its asyncio object model means no Playwright drop-in, cookies carry across targets by default, and AGPL-3.0 has commercial-license implications worth checking with counsel.
Does Patchright work with Cloudflare Turnstile?
Patchright passes some Cloudflare-gated targets but not canadianinsider or google-search in Phase 6 testing. It scores +1 OK over vanilla Playwright by recovering stackoverflow, but the CDP-leak patches do not address the automation-protocol layer that Cloudflare Turnstile keys on for its hardest challenges.
How do I install curl_cffi?
Run pip install curl_cffi. Then from curl_cffi import requests and requests.get(url, impersonate="chrome"). The impersonate="chrome" flag selects Chrome 145/146 TLS shape (curl_cffi 0.15.0). No browser binary required. The full library is 6.4MB.
Is nodriver a drop-in replacement for Playwright?
No. nodriver uses an asyncio object model incompatible with Playwright's sync API and page/context/browser hierarchy. Migrating requires rewriting control flow, not just swapping the import. The payoff is zero Playwright in the protocol stack, which is what gets through canadianinsider and similar Cloudflare-Turnstile-protected targets.
Tools mentioned
- nodriver (github) - Direct-CDP successor to undetected-chromedriver. No Playwright shim in the control plane. License: AGPL-3.0. Pricing: free.
- CloakBrowser (github) - Patched Chromium fork with 49 source-level C++ fingerprint modifications. Drop-in Playwright API. License: MIT (wrapper), custom binary license. Pricing: free.
- curl_cffi (docs | github) - Python HTTP client wrapping curl-impersonate. Spoofs TLS/JA4 fingerprints without a JS engine. License: MIT. Pricing: free.
-
Patchright (github) - Playwright fork that patches CDP-leak signals at startup. Supports
channel=chromefor real Chrome TLS. License: Apache-2.0. Pricing: free. - Camoufox (site | github) - Firefox fork with C-level canvas/WebGL/navigator spoofing. Firefox TLS shape. License: MPL-2.0. Pricing: free.
- Playwright (site | github) - Microsoft's reference browser automation library. The unpatched baseline. License: Apache-2.0. Pricing: free.
- rebrowser-playwright (github) - CDP-patch Playwright fork. Last code commit September 2024, Chromium 136. License: unspecified. Pricing: free.
Top comments (0)