UA-Client-Hints high-entropy brand list reveals HeadlessChrome
br.ch_he_headless · convicts
browserlayer
automationcategory
44evaders caught
What it catches
navigator.userAgentData.getHighEntropyValues fullVersionList — a headless tell that survives UA-string cleaning (verified vs HeadlessChrome 136)
Signals it reads
browser.ch_he_headless
How it fires
present
Evaders it caught 44
accept-lang-spoof audio-noise audio-readback-spoof brave-fake brave-fake-proxy canvas-geometry-spoof canvas-lie canvas-spoof cdc-leak coalesce-proxy coalesce-spoof csp-bypass domrect-spoof electron-leak font-os-leak full-stealth honeypot human-mouse iframe-spoof ios-ua-spoof keystroke-human lang-list-spoof lang-spoof linear-bot measuretext-spoof mobile-emulation naive-tz-spoof native-spoof patchright playwright-extra playwright-extra-coherent renderer-spoof screen-impossible spoof-ua stale-engine stealth-naive stealth-patched trace-replay tz-spoof webgl-renderer-spoof worker-proxy worker-proxy-fix worker-spoof worker-wrapBypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.