UA claims a modern browser but the request omits Sec-Fetch metadata headers
net.sec_fetch_vs_ua · convicts
network, browserlayer
coherencecategory
10evaders caught
What it catches
Every modern browser sends Sec-Fetch-Site/Mode/Dest on requests; a scripted HTTP client (httpx/curl) faking a browser UA omits them — an HTTP-layer tell independent of TLS/JS
Signals it reads
network.sec_fetch_missing
How it fires
present
Evaders it caught 10
Bypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.