A neon cyan browser window on a dark cyberpunk grid splitting into a wireframe robot arm and a cracked magenta mask, showing the two ways a browser can be fake.

The Fake Browser:How Sites Catch Bots and Anti-Detect Tools

2026-07-01root

Introduction

Every serious website now asks a quiet question before it decides to trust you. Not "who are you," which is easy to answer and easy to fake, but something harder: is this a real person sitting at a real, unmodified browser?

There are two ways the answer comes back "no." The first is a robot, a script driving the browser with no human anywhere in the loop. The second is a mask, a real human sitting behind a browser that has been rebuilt to look like hundreds of different people. They are different problems with different tools behind them, but they fail in the same revealing way. Neither one can pretend to be a plain, honest browser without leaving a seam somewhere.

This article is about those seams. How a website tells a bot from a person, how it tells a genuine browser from a tampered one, and why the very tricks meant to hide you are often the loudest thing you broadcast. At the end you will be able to check your own browser and see which side of that line it lands on.


Two Ways a Browser Can Be Fake

Before the detection, the taxonomy. It is worth being precise here, because most articles blur these two into one word ("bots") and then give advice that only fixes half the problem.

 The RobotThe Mask
What it isA script drives the browser. No human present.A human behind a browser rebuilt to fake its identity.
The toolsSelenium, Playwright, Puppeteer, headless Chrome.Dolphin Anty, Multilogin, GoLogin, AdsPower.
The goalScale. Scraping, credential stuffing, ticket bots.Many identities. Dozens of accounts that look unrelated.
The tellAutomation leaves traces the browser can't hide.You can't rewrite an identity without contradicting yourself.

The robot wants to be many requests. The mask wants to be many people. Both answer the site's real question the same way, because neither is a plain browser with a plain human behind it. The rest of this article follows each one in turn.


Catching the Robot: Automation Tells

Start with the simpler case. An automation framework is a piece of software that opens a browser and clicks around on its own, at machine speed. This is the world of Selenium, Playwright, Puppeteer, and headless Chrome, and it powers most of the scraping and account abuse on the internet. It is also, out of the box, remarkably easy to spot.

The reason is that a browser under automation is told to announce itself. The WebDriver standard, the protocol most of these tools speak, requires the browser to flip a flag the moment a script takes the wheel.

System Alert

The honest robot. A real browser reports navigator.webdriver as false. A browser driven by Selenium or a plain WebDriver session reports it as true, by design. It is the automation equivalent of a taxi light, honest even when its operator would rather it wasn't.

That single flag catches an enormous amount of low-effort automation, so the interesting fight happens one level up, among the tools that try to hide it. Even then, a driven browser tends to leave other marks:

  • Headless leftovers. Headless Chrome used to shout its own name in the User-Agent (HeadlessChrome), and while the newer headless mode is far quieter, driven browsers still tend to differ in small ways: an empty plugin shelf, a notification permission stuck at its default, a software renderer where real hardware should be. To see the exact User-Agent your own browser sends, the HTTP Headers Checker shows it in full.
  • Framework fingerprints. Puppeteer and Playwright drive Chrome through its DevTools Protocol, and that channel leaves subtle artifacts, extra properties, tell-tale timing, stack traces that a hand-clicked browser never produces.
  • Impossible behaviour. A human moves a mouse in lazy curves and mistypes. A script fills a form in four milliseconds with pixel-perfect coordinates. Behaviour is a whole detection layer of its own, and it is why the fastest bots still trip the slowest defenses.

Because these checks are fiddly and change with every browser release, most sites do not roll their own. They lean on a library. The best-known open one is BotD, published by the team behind FingerprintJS, which bundles dozens of these probes into a single yes-or-no verdict across Selenium, Playwright, Puppeteer, PhantomJS, Electron, and the headless engines. When you read that a site uses "bot detection," this is often the machinery underneath.

And then the arms race. For every detection library there is an evasion library. The stealth plugin ecosystem, puppeteer-extra-stealth and its Playwright cousins, exists purely to scrub navigator.webdriver, patch the headless tells, and make a driven browser look hand-held. The defenders add a check, the stealth plugins patch it, the defenders find a new one. This is the same cat-and-mouse loop that runs through every part of this topic, and it never resolves. It only escalates.

On the Privacy & Trust scan, an automation framework is noted for reference, but the weight of that finding is carried on a neighbouring signal, the one covered in Device Integrity, where a browser being driven by a script counts directly against how trustworthy it looks. That article looks at the browser from the inside. This one keeps going, to the harder half of the problem.


Catching the Mask: Anti-Detect Tampering

The mask is a subtler thing than the robot, and catching it is where the real craft lives.

An anti-detect browser is not automation. There is a real person behind it, clicking like anyone else. What makes it fake is that the browser has been rebuilt from the inside to lie about its own identity, so that one machine can wear a hundred faces. Each profile gets its own invented screen size, its own timezone, its own graphics card, its own browser fingerprint, so that a platform watching for "the same device logging into forty accounts" sees forty strangers instead. This is the engine of large-scale multi-accounting, and a whole industry, Dolphin Anty, Multilogin, GoLogin, AdsPower, ixBrowser, sells it as a service.

The catch is a beautiful one, and it comes down to a single principle:

System Alert

You cannot override a browser's built-in function without leaving a mark that you did.

A browser's core functions are native code, compiled into the engine. The moment an anti-detect tool reaches in to rewrite one, say, to make the graphics card report a different model, the replacement is no longer native code. It is ordinary JavaScript wearing a costume. And costumes have seams. The public research tradition here runs from CreepJS, the open lie-detector that popularised the idea, through the network-layer work at FoxIO. None of it is secret. All of it exists because a lie in one place forces a contradiction somewhere else. A few of the seams that this kind of tampering tends to open:

The native-code tell. Ask any genuine built-in function to describe itself and it answers with a fixed phrase ending in [native code]. A function that has been rewritten cannot honestly say that anymore, and the tools that try to fake the answer often forget to fake it recursively, so the lie unravels one question deeper. It is the digital equivalent of a forged signature that looks right until you check the signature on the receipt for the pen.

The self-contradiction. A browser keeps the same fact in more than one place, and a real browser keeps them in sync. Ask it whether it may show notifications through one interface, then ask again through another, and a genuine browser gives the same answer both times. A tool that spoofs one surface but forgets the other leaves the two disagreeing, a contradiction no honest browser produces. This kind of desync has been one of the most reliable tells against well-tuned anti-detect browsers.

The math that should hurt. Some mathematical operations have exact, standardised answers. Certain inputs must return a specific bit-for-bit value, and certain impossible inputs must return "not a number." A tool that swaps out the engine's math for a rough approximation gets these subtly wrong, returning a real number where the standard demands an error. It is a place nobody thinks to check, which is exactly why it works.

The graphics card in the wrong body. A browser can be made to name any GPU its operator likes. But a graphics card only exists on hardware that could actually carry it. A desktop NVIDIA card does not appear inside an iPhone. Apple's own silicon does not appear on a Linux tower. When the reported GPU and the claimed platform cannot physically coexist, the claim is false, and worse for the operator, the mismatch quietly reveals the real hardware underneath the mask.

Reported GPUClaimed deviceThe verdict
NVIDIA GeForceiPhoneImpossible. A desktop GPU cannot live in a phone.
Apple GPUWindows or LinuxImpossible. Apple silicon does not run those platforms.
Qualcomm AdrenoDesktop macOSImpossible. A mobile GPU on a Mac tower.

The plugin shelf. Real desktop browsers ship a small, predictable set of built-in plugins, at minimum a PDF viewer. Some anti-detect tools fake that list clumsily, swapping the browser's special plugin collection for a plain array that no genuine browser uses. Here, though, a note of honesty matters, because an empty shelf is a different story from a fake one. Privacy browsers like Brave, Tor Browser, and Mullvad deliberately strip plugins to reduce your uniqueness, and that is a legitimate choice, not a lie. A good detector treats a bare shelf as a shrug and a fabricated one as a flag. The difference between those two readings is the difference between respecting a user and accusing one.

None of these checks is exotic on its own. What makes them powerful is that they target the act of spoofing itself, not any particular value. A fingerprint spoofing tool can invent a perfect screen size and a plausible timezone all day long. What it struggles to do is rewrite the browser's own machinery without that machinery noticing.


Why It's an Arms Race

If all of that sounds beatable, that is because it is. This is the honest part, the part the marketing pages leave out.

A skilled anti-detect operator can match many of these signals. They can keep the browser's surfaces in sync, tune the fake GPU to a platform that could actually hold it, and pick a stealth build that patches the obvious tells. People do this for a living, and the best of them are genuinely hard to catch. Searching for how to beat any of these checks turns up years of guidance, because the game is that old.

So detection long ago stopped relying on any single trap. The strength is not in one perfect check. It is in the stack. Modern systems collect dozens of small observations, a native function that describes itself wrong, a GPU that shouldn't exist, a permission that answers two ways, and read them together. A real browser produces zero of these. A careless mask produces a handful. And crucially, the operator has to win every check, while the defender only needs to win one. This is the same cumulative logic every anti-fraud system leans on: one anomaly is a glitch, a cluster of them is a pattern.

It gets harder still for the mask, because the browser is not the only witness. The connection underneath speaks too. The very first packet of a connection carries an accent of the real operating system, which is the subject of Passive OS Fingerprinting, and the encrypted handshake above it carries its own signature, covered in TLS Fingerprinting. An anti-detect tool can rewrite what the browser says, but making the kernel and the network stack tell the same lie is a different order of work entirely. Two independent witnesses to the same story are far harder to fool than one. Three is harder still.


Hiding Versus Faking, and Where Honest Users Stand

Here is the distinction that a badly built detector gets wrong, and the one this whole platform is built around. There is a world of difference between hiding and faking.

Hiding is legitimate. Running a VPN, using a hardened browser, stripping plugins, blocking trackers, routing through Tor, all of it is a valid choice, and none of it should be treated as guilt. A privacy browser that ships a bare plugin shelf is not lying about anything. It is declining to answer, which is its right. This is the same philosophy that runs through the bigger platform rebuild, where the guiding rule is simple: masking is not abuse.

Faking is the other thing. Telling a website you are an iPhone while a Windows machine hums underneath, or presenting forty invented identities from one computer, is not hiding your identity. It is impersonating someone who does not exist. That is the specific move at the heart of both automation abuse and anti-detect multi-accounting, and it is what the tampering checks are built to catch.

The practical takeaway is the one this topic always circles back to. The safest, least remarkable profile is not the most heavily disguised one. It is the most consistent one. A real Mac that looks like a real Mac, behind a VPN if you want privacy, raises no contradictions and sails through. A desktop wearing a phone's identity raises several, and contradictions are exactly what buries you under endless CAPTCHAs and silent account blocks. Every extra spoofing extension you stack on adds its own signature and makes you more unique, not less, the same trap that catches people trying to hide from canvas fingerprinting by adding noisy tools on top.


What the packet.guru Scan Reads

Most writing about this subject is aimed at defenders, at people who want to run these checks on other people. The Privacy & Trust scan turns the camera around and shows you what your own browser gives away, in plain language instead of a fraud-team dashboard.

It makes two passes. One glances for the marks of automation, the kind BotD looks for, and notes them for reference. The other looks for the signs that the browser's own machinery has been rewritten, the seams described above. It then tells you, in a single card, whether your browser reads as genuine or shows signs of tampering, and what that means for how trustworthy you look to an anti-fraud system.

A few principles guide how it reads, and they are worth stating plainly:

  • A bare setup is not a guilty one. An empty plugin shelf, a blocked API, a privacy browser doing its job, none of that is treated as a lie. Only an active contradiction, a value that cannot be true, moves the needle.
  • When it is not sure, it says nothing. An ambiguous result produces no accusation. Falsely calling an honest browser a fake is the worst thing a tool like this can do, so it errs the other way.
  • It separates hiding from faking. Masking your identity behind a VPN or Tor is read as privacy, not as fraud. The cost only lands when the browser is caught claiming to be something it physically is not.

You will find this as the Tamper Detection card on the dashboard, sitting alongside the automation and device signals it works with. To see the raw identity your browser openly advertises in the first place, the HTTP Headers Checker lays out the User-Agent and headers it sends on every request.


Pro Tips

If you value privacy, stop stacking masks. The single most common mistake is piling spoofing extensions on top of each other in the belief that more disguise means more safety. The opposite is true. Pick one solid, well-behaved privacy browser and let it do its job. Every extra layer is another chance to contradict yourself.

If you run legitimate automation, be honest about it. Scraping public data, testing your own site, monitoring uptime, all fine and all common. The trouble starts when a tool tries to pass its bot off as a human and fails, because a bot pretending to be human looks far worse than a bot that simply is one. Consistency beats disguise here too.

If you are just curious, look at your own reflection. The fastest way to understand any of this is to point it at yourself. Run the scan, read the card, and see which of your own signals are honest and which, if any, are quietly contradicting the rest.


FAQ

Q: Is using an anti-detect browser illegal?

No. The tools themselves are legal, and plenty of legitimate businesses use them to manage multiple client accounts or protect research. What matters is intent and terms of service. Using one to run banned or fraudulent accounts on a platform that forbids it is a violation of that platform's rules, and that is a separate question from whether the software is legal to own.

Q: Can a website really detect Selenium or Playwright?

Yes, and often trivially. A plain automation session announces itself through the WebDriver flag, and even a hardened one tends to leave other traces, in the headless engine, in the DevTools channel it is driven through, and in behaviour no human produces. Stealth plugins raise the bar, but they do not erase it. This is why serious operators treat detection as a constant maintenance problem, not a solved one.

Q: Does a VPN hide the fact that I'm a bot?

No. A VPN changes where your connection appears to come from. It does nothing about what your browser reveals about itself. Automation tells and tampering seams live entirely inside the browser, above the network, so they pass straight through any tunnel untouched. Hiding your location and hiding your nature are two completely different jobs.

Q: Will a privacy browser like Brave or Tor fail this test?

It should not. These browsers hide and strip information, which is legitimate, rather than fabricating impossible values, which is not. A well-built detector reads a bare, hardened profile as a shrug, not a flag. If you run the scan on Tor Browser or Brave and see a clean tamper result, that is the system working exactly as intended.


The Bottom Line

A website's real question was never "who are you." It was "are you what you appear to be." A robot and a mask both answer no, and both give themselves away for the same reason: you cannot fake a browser's identity from the inside without the browser noticing.

That is not a reason for alarm, and it is certainly not a reason to reach for a bigger disguise. It is a reason to aim for consistency instead. An honest browser, private if you like, hidden if you like, but not pretending to be a machine it isn't, is the quietest thing you can be online. See where your own browser stands with the Privacy & Trust scan.