Browser Fingerprinting Explained: What Websites Know About Your Scraper (And How to Fix It)

When your Playwright script gets blocked after 10 requests, it's usually not your IP. Modern anti-bot systems like Cloudflare, PerimeterX, and DataDome use browser fingerprinting to identify automated traffic. They collect 40-60 signals from your browser and score them against a model trained on millions of real user sessions. Here's what they're actually checking. Tier 1: The Instant Giveaways These signals are binary — you either pass or fail: navigator.webdriver When Chrome is launched by WebDriver (Playwright, Selenium, Puppeteer), it sets navigator.webdriver = true. Every serious anti-bot system checks this first. Fix: Patch it at the JS level before any page code runs: await page.addInitScript(() => { Object.defineProperty(navigator, 'webdriver', { get: () => false }); }); Note: This alone isn't enough — other signals will still expose you. Headless Chrome Detection Headless Chrome leaks its nature through: navigator.plugins length = 0 (real browsers have 3-7 plugins) navig