camoufox

Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet.

botverdict
1.00score
3/185checks fired
Pythonlanguage

Convicting tells 3

net.no_js_executionPage request with a TLS fingerprint but no browser layer (no JS ran — scripted client)
net.tcp_os_vs_uaTCP/IP-stack OS kernel contradicts the OS the User-Agent claims
net.tls_grease_vs_uaUA claims a GREASEing-engine browser (Chromium/Safari) but the TLS ClientHello has no GREASE

← all evaders  ·  the detection matrix