csp-bypass
A bot that bypasses the page Content-Security-Policy to inject its automation hooks — the bypass is observable.
botverdict
1.00score
14/185checks fired
Convicting tells 7
br.cdp_runtime_enabledCDP Runtime.enable detected (prototype-chain Proxy ownKeys trap)br.ch_he_headlessUA-Client-Hints high-entropy brand list reveals HeadlessChromebr.csp_bypassedPage CSP not enforced (setBypassCSP — an automation context, never a real browser)br.headless_uaUser-Agent advertises a headless browserbr.no_chrome_objectChrome User-Agent but window.chrome is absentbr.permissions_anomalyNotification.permission contradicts the Permissions API statebr.webdriver_spoofednavigator.webdriver is an own property (patched via defineProperty)