Transparency & Masking Audit

We believe in full disclosure: here you can see exactly how Kameleo’s anti-detect engine holds up against the toughest bot-defenses. Browse live code snippets, watch our proof-of-concept videos, and check timestamps - right down to the minute we last verified each bypass.

Continuously Auto-Tested Stealth

The tests below are run in-house on a weekly basis. Whenever an issue is detected, we investigate and address it.

Cloudflare Turnstile

What we test: Kameleo’s ability to navigate and solve Cloudflare’s new Turnstile challenge without human input.

Test script & code
Last updated:
September 24, 2025

CreepJS Fingerprinting

What we test: How well Kameleo evades advanced JS fingerprint collectors like CreepJS.

Test script & code
Last updated:
September 24, 2025

Pixelscan Fingerprint Checker

What we test: How trustworthy our fingerprints are on Pixelscan.

Test script & code
Last updated:
September 24, 2025

Hungry for more transparency?

Check out our other tests and discover what else we’ve prepared for you.
See more

Browserscan Fingerprint Checker

What we test: How trustworthy our fingerprints are on Browserscan.

Test script & code
Last updated:
September 26, 2025

Bot-Sannysoft

What we test: Whether Kameleo’s browser is perceived by Sannysoft’s detection system as a genuine human browser.

Test script & code
Last updated:
September 24, 2025

Brotector

What we test: How the Brotector detection system perceives Kameleo’s browser.

Test script & code
Last updated:
September 25, 2025

Want to verify on your own?

Each test lives in our public repo - feel free to clone, inspect, and run. Full transparency on our methodology means you can trust Kameleo to stay one step ahead of any anti-bot system.
See Our Public Repo

Real-Time Kernel Sync for Maximum Anti-Detect Success

Our Multikernel engine automatically fetches, at runtime, the precise Browser Kernel version matching your chosen fingerprint’s major version - keeping both in lockstep for dramatically improved anti-detect success. We ship new Chroma kernels within 5 days of each Stable Chrome update and Junglefox kernels every two months.
Chroma 140
August 29, 2025
Junglefox 140
August 21, 2025
Chroma 139
August 5, 2025

Rock-Solid Uptime & Developer Tools

Keep your workflows running 24/7 with enterprise-grade reliability and APIs built for speed:

99.99% Uptime 
& Lightning-Fast Performance

Enterprise-grade reliability with industry-leading response times, ensuring seamless performance even under heavy load.

Unlimited, Fresh Real Browser Fingerprints

Create unlimited human-like sessions. We collect fresh data weekly, analyzing millions of real browser fingerprints for precise, effective masking.

Fingerprint Parameters

We handle every fingerprint parameter, so you never have to tweak a thing:

Browser

Defines how servers see your browser, OS, version, and device.

Client Hints (formFactors)

Client Hints are a set of HTTP headers and a JavaScript API that let browsers share detailed, structured info about the device and browser (OS name/version/architecture; browser name/version; etc.). Designed as a more reliable successor to User-Agent. Some of the key JavaScript Client Hints properties we handle include:

  • brands
  • platform
  • mobile
  • architecture
  • bitness
  • platformVersion
  • model
  • uaFullVersion

We ensure these values match what a real device would send. For a deeper dive, check out our article.

Google Integrity Headers

Also called the x-browser-validation header, this is a private Chrome-only HTTP header used by Google sites to check that the browser’s claimed identity (User-Agent etc.) matches its internal integrity signals. Kameleo mimics these headers so that Google is even less able to detect automation or fingerprint masking.

Language, languages

Language headers tell the site the user’s preferred languages. To ensure realistic appearance for your browser profile these must align consistently with other fingerprint values. For a deeper dive, check out our article.

TLS Fingerprint

TLS fingerprinting means identifying a browser by the details sent during the TLS handshake (supported TLS version, cipher suites, extensions etc.).  This includes the widely used JA3 fingerprint, which condenses TLS parameters into a hash used by many detection systems. Kameleo is designed so its TLS fingerprint looks like a real browser’s - not suspicious at all. For more information, read our full article.

User agent

The HTTP User Agent header identifies the client software making the request (browser, operating system, engine, device). These must match the broader fingerprint context (browser version, OS) so sites can’t detect mismatches or fake profiles. We ensure these values align. You can find more details in our article.

JavaScript Navigator

Navigator reveals OS, browser engine, CPU, plugins & languages. Kameleo syncs them with the fingerprint.

Battery

The Battery Status API reports battery level and charging status via navigator.getBattery(). Our browser profiles mask or hide this value - especially on Safari - so sites cannot use it to detect automation.

Bluetooth

The Web Bluetooth API via navigator.bluetooth allows sites to request nearby Bluetooth LE devices. Kameleo may disable or hide this in certain profiles (e.g. Safari) to prevent fingerprinting signals.

Browser plugins, MIME Types

Browser plugins are pre-installed in the browser (not extensions), e.g. to render PDFs, and MIME types indicate file formats supported. Our engines include plugin sets matching the fingerprint, so the reported plugins & MIME types are consistent with the profile.

Connection

navigator.connection provides network connection info (e.g., type, effective bandwidth). Kameleo hides or masks this property in some profiles to avoid revealing inconsistent or fingerprintable network behavior.

Location

Control your online location to prevent leaks and mismatches.

DNS leak prevention

If you use a proxy in Kameleo, DNS queries are resolved via that proxy. This ensures websites see DNS resolution come from the proxy (not the actual device), preventing geographic and IP leaks. Learn more about this in our article.

Geolocation API

Through the Geolocation API, websites can request precise location not only via GPS or IP address but also through other signals, such as nearby Wi-Fi access points and their BSSID values, mobile network cell IDs, and Bluetooth signals. This allows highly accurate positioning even on devices without a GPS module. Kameleo supports spoofing this: Automatic(proxy-based), Manual (set latitude / longitude), Block or Off, so location info matches proxy / IPs location. For a deeper dive, check out our article.

Proxy Support

Kameleo includes a built-in proxy manager that supports multiple proxy server types: HTTP, HTTPS, SOCKS5, and SSH. These allow routing of browser traffic through the proxy so that both traffic and DNS resolution happen via the proxy, hiding real IP and location. For a deeper dive, check out our article.

Timezone

Kameleo provides timezone spoofing with modes: Automatic (based on proxy’s location), Manual (override), or Off (use system time). Ensures consistency between timezone, proxy/IP and profile settings. For more information, read our full article.

WebRTC

WebRTC can expose a browser’s real IP address even when using a proxy. Kameleo allows spoofing, blocking or manually setting WebRTC behavior so that public or local IPs don’t leak. You can find more details in our article.

Device

Unique hardware and OS traits shaping your fingerprint.

Audio

Audio fingerprinting uses the Web Audio / AudioContext API to process subtle, inaudible signals, measuring how the browser’s audio stack computes them. Kameleo offers Noise, Block, or Off modes to spoof or disable this vector. For a deeper dive, check out our article.

Canvas

Canvas draws 2D graphics/text; rendering differences across GPUs/OS create unique hashes. Kameleo offers modes: Intelligent, Noise (random changes), Block, Off. Intelligent mode produces non-unique but realistic hashes matching declared Device/OS/User-Agent to avoid detection. Learn more about Intelligent Canvas Spoofing in our article.

Device memory

Device Memory refers to how much RAM a browser profile reports. Via API, Kameleo lets you choose between Automatic (use fingerprint’s memory value), Manual, or Off (reveal actual device memory). Helps maintain consistent, believable profiles.

Fonts

The set of fonts installed in an OS, detectable via JS and CSS (measuring its widths after rendering it). Different users have different font sets, so this serves as a fingerprint. Kameleo offers font spoofing (enable/disable) so the fonts list can be inherited from a real fingerprint. For a deeper dive, check out our article.

Hardware Concurrency

Number of logical CPU cores reported via navigator.hardwareConcurrency. Kameleo lets you configure this to Automatic (match fingerprint), Manual (choose exact core count), or Off (use actual hardware), helping match typical user environments.

OS

The OS is the software platform (Windows, macOS, Linux, Android, iOS) the browser runs on. Kameleo fingerprints include OS name, version, architecture, and ensures consistency of reported OS in headers, canvas/WebGL fingerprinting, and metadata to avoid mismatched signals.

Screen resolution

Websites can read screen size (e.g. pixel width/height) via JS; mismatched or rare screen sizes may signal bots. Kameleo’s profiles inherit screen resolution from fingerprint or allow manual/custom settings so the browser will seem just like a regular visitor. Learn more about this in our article.

Screen touch, multi-touch

Indicates how many simultaneous touch points a device can detect. Exposed in browsers via navigator.maxTouchPoints (typically 0 on desktops, up to ~10 on modern mobiles). Because it can reveal device characteristics, Kameleo masks this value.

WebGL & WebGPU Metadata

WebGL and WebGPU metadata (unmasked vendor/renderer) expose detailed GPU info, raising fingerprint uniqueness. Kameleo masks or normalizes these values, replacing specific strings with realistic alternatives aligned with OS, User-Agent, and GPU family to keep profiles consistent. Read our article for further information.

Automation Detection prevention

Hides automation traces so browsing appears human-driven.

CDP detection

Chrome DevTools Protocol (CDP) commands such as Runtime.enable or Target.setAutoAttach can expose automation activity. The Runtime.enable command activates script evaluation and execution contexts in CDP, which detection scripts often monitor to flag automated activity. Similarly, the Target.setAutoAttach command lets debuggers automatically attach to new targets (like pages or iframes), a behavior that can also reveal automated environments. Kameleo hides or neutralizes these traces so automated frameworks behave consistently with normal browsing. For a deeper dive, check out our article.

Input.coordinatesLeak

Input.coordinatesLeak is a detection signal from automation tools: it compares mouse and screen coordinates sent via Chrome DevTools Protocol. If values leak or mismatch, sites can spot automation. Kameleo hides or fixes these signals so browsing looks more natural.

Selenium, Puppeteer, Playwright detection prevention

Sites detect these frameworks via framework-specific artifacts (e.g. headless flags, missing plugins, unnatural timings, CDP leaks). Kameleo includes support to mask or override those framework signatures so these tools are not easily identified. For a deeper dive, check out our articles.

WebDriver detection

Automation frameworks like Selenium set the navigator.webdriver property to true, which many websites use as a straightforward automation fingerprint. Kameleo not only intercepts and spoofs this property so browsers appear as genuine, user-driven sessions, but also alters WebDriver’s native behavior (including patching binaries) to remove framework-specific artifacts.