csp-bypass

A bot that bypasses the page Content-Security-Policy to inject its automation hooks — the bypass is observable.

botverdict
1.00score
14/185checks fired

Convicting tells 7

br.cdp_runtime_enabledCDP Runtime.enable detected (prototype-chain Proxy ownKeys trap)
br.ch_he_headlessUA-Client-Hints high-entropy brand list reveals HeadlessChrome
br.csp_bypassedPage CSP not enforced (setBypassCSP — an automation context, never a real browser)
br.headless_uaUser-Agent advertises a headless browser
br.no_chrome_objectChrome User-Agent but window.chrome is absent
br.permissions_anomalyNotification.permission contradicts the Permissions API state
br.webdriver_spoofednavigator.webdriver is an own property (patched via defineProperty)

← all evaders  ·  the detection matrix