Transparency & Masking Audit

What we test: Kameleo’s ability to navigate and solve Cloudflare’s new Turnstile challenge without human input.
What we test: How well Kameleo evades advanced JS fingerprint collectors like CreepJS.
What we test: How trustworthy our fingerprints are on Pixelscan.
What we test: How trustworthy our fingerprints are on Browserscan.
What we test: Whether Kameleo’s browser is perceived by Sannysoft’s detection system as a genuine human browser.
What we test: How the Brotector detection system perceives Kameleo’s browser.
Defines how servers see your browser, OS, version, and device.
Client Hints are a set of HTTP headers and a JavaScript API that let browsers share detailed, structured info about the device and browser (OS name/version/architecture; browser name/version; etc.). Designed as a more reliable successor to User-Agent. Some of the key JavaScript Client Hints properties we handle include:
brands
platform
mobile
architecture
bitness
platformVersion
model
uaFullVersion
We ensure these values match what a real device would send. For a deeper dive, check out our article.
Also called the x-browser-validation header, this is a private Chrome-only HTTP header used by Google sites to check that the browser’s claimed identity (User-Agent etc.) matches its internal integrity signals. Kameleo mimics these headers so that Google is even less able to detect automation or fingerprint masking.
Language headers tell the site the user’s preferred languages. To ensure realistic appearance for your browser profile these must align consistently with other fingerprint values. For a deeper dive, check out our article.
TLS fingerprinting means identifying a browser by the details sent during the TLS handshake (supported TLS version, cipher suites, extensions etc.). This includes the widely used JA3 fingerprint, which condenses TLS parameters into a hash used by many detection systems. Kameleo is designed so its TLS fingerprint looks like a real browser’s - not suspicious at all. For more information, read our full article.
The HTTP User Agent header identifies the client software making the request (browser, operating system, engine, device). These must match the broader fingerprint context (browser version, OS) so sites can’t detect mismatches or fake profiles. We ensure these values align. You can find more details in our article.
Navigator reveals OS, browser engine, CPU, plugins & languages. Kameleo syncs them with the fingerprint.
The Battery Status API reports battery level and charging status via navigator.getBattery()
. Our browser profiles mask or hide this value - especially on Safari - so sites cannot use it to detect automation.
The Web Bluetooth API via navigator.bluetooth allows sites to request nearby Bluetooth LE devices. Kameleo may disable or hide this in certain profiles (e.g. Safari) to prevent fingerprinting signals.
Browser plugins are pre-installed in the browser (not extensions), e.g. to render PDFs, and MIME types indicate file formats supported. Our engines include plugin sets matching the fingerprint, so the reported plugins & MIME types are consistent with the profile.
navigator.connection
provides network connection info (e.g., type, effective bandwidth). Kameleo hides or masks this property in some profiles to avoid revealing inconsistent or fingerprintable network behavior.
Control your online location to prevent leaks and mismatches.
If you use a proxy in Kameleo, DNS queries are resolved via that proxy. This ensures websites see DNS resolution come from the proxy (not the actual device), preventing geographic and IP leaks. Learn more about this in our article.
Through the Geolocation API, websites can request precise location not only via GPS or IP address but also through other signals, such as nearby Wi-Fi access points and their BSSID values, mobile network cell IDs, and Bluetooth signals. This allows highly accurate positioning even on devices without a GPS module. Kameleo supports spoofing this: Automatic(proxy-based), Manual (set latitude / longitude), Block or Off, so location info matches proxy / IPs location. For a deeper dive, check out our article.
Kameleo includes a built-in proxy manager that supports multiple proxy server types: HTTP, HTTPS, SOCKS5, and SSH. These allow routing of browser traffic through the proxy so that both traffic and DNS resolution happen via the proxy, hiding real IP and location. For a deeper dive, check out our article.
Kameleo provides timezone spoofing with modes: Automatic (based on proxy’s location), Manual (override), or Off (use system time). Ensures consistency between timezone, proxy/IP and profile settings. For more information, read our full article.
WebRTC can expose a browser’s real IP address even when using a proxy. Kameleo allows spoofing, blocking or manually setting WebRTC behavior so that public or local IPs don’t leak. You can find more details in our article.
Unique hardware and OS traits shaping your fingerprint.
Audio fingerprinting uses the Web Audio / AudioContext API to process subtle, inaudible signals, measuring how the browser’s audio stack computes them. Kameleo offers Noise, Block, or Off modes to spoof or disable this vector. For a deeper dive, check out our article.
Canvas draws 2D graphics/text; rendering differences across GPUs/OS create unique hashes. Kameleo offers modes: Intelligent, Noise (random changes), Block, Off. Intelligent mode produces non-unique but realistic hashes matching declared Device/OS/User-Agent to avoid detection. Learn more about Intelligent Canvas Spoofing in our article.
Device Memory refers to how much RAM a browser profile reports. Via API, Kameleo lets you choose between Automatic (use fingerprint’s memory value), Manual, or Off (reveal actual device memory). Helps maintain consistent, believable profiles.
The set of fonts installed in an OS, detectable via JS and CSS (measuring its widths after rendering it). Different users have different font sets, so this serves as a fingerprint. Kameleo offers font spoofing (enable/disable) so the fonts list can be inherited from a real fingerprint. For a deeper dive, check out our article.
Number of logical CPU cores reported via navigator.hardwareConcurrency
. Kameleo lets you configure this to Automatic (match fingerprint), Manual (choose exact core count), or Off (use actual hardware), helping match typical user environments.
The OS is the software platform (Windows, macOS, Linux, Android, iOS) the browser runs on. Kameleo fingerprints include OS name, version, architecture, and ensures consistency of reported OS in headers, canvas/WebGL fingerprinting, and metadata to avoid mismatched signals.
Websites can read screen size (e.g. pixel width/height) via JS; mismatched or rare screen sizes may signal bots. Kameleo’s profiles inherit screen resolution from fingerprint or allow manual/custom settings so the browser will seem just like a regular visitor. Learn more about this in our article.
Indicates how many simultaneous touch points a device can detect. Exposed in browsers via navigator.maxTouchPoints
(typically 0
on desktops, up to ~10 on modern mobiles). Because it can reveal device characteristics, Kameleo masks this value.
WebGL and WebGPU metadata (unmasked vendor/renderer) expose detailed GPU info, raising fingerprint uniqueness. Kameleo masks or normalizes these values, replacing specific strings with realistic alternatives aligned with OS, User-Agent, and GPU family to keep profiles consistent. Read our article for further information.
Hides automation traces so browsing appears human-driven.
Chrome DevTools Protocol (CDP) commands such as Runtime.enable
or Target.setAutoAttach
can expose automation activity. The Runtime.enable
command activates script evaluation and execution contexts in CDP, which detection scripts often monitor to flag automated activity. Similarly, the
Target.setAutoAttach
command lets debuggers automatically attach to new targets (like pages or iframes), a behavior that can also reveal automated environments. Kameleo hides or neutralizes these traces so automated frameworks behave consistently with normal browsing. For a deeper dive, check out our article.
Input.coordinatesLeak
is a detection signal from automation tools: it compares mouse and screen coordinates sent via Chrome DevTools Protocol. If values leak or mismatch, sites can spot automation. Kameleo hides or fixes these signals so browsing looks more natural.
Sites detect these frameworks via framework-specific artifacts (e.g. headless flags, missing plugins, unnatural timings, CDP leaks). Kameleo includes support to mask or override those framework signatures so these tools are not easily identified. For a deeper dive, check out our articles.
Automation frameworks like Selenium set the
navigator.webdriver
property to true, which many websites use as a straightforward automation fingerprint. Kameleo not only intercepts and spoofs this property so browsers appear as genuine, user-driven sessions, but also alters WebDriver’s native behavior (including patching binaries) to remove framework-specific artifacts.