How Kitsune works
Most tools flag bad signals. Kitsune flags incoherence across layers — the contradictions a real browser can't produce but a spoofed or automated one does.
The one idea
A real visit is one device telling one story. Its TLS handshake, HTTP/2 frames, TCP/IP stack, GPU, JavaScript surface and behaviour all agree. Kitsune's edge ties them to a single session and checks they line up. When the User-Agent says Chrome-on-Windows but the JA4 says Firefox and the TCP stack says Linux, that disagreement is the tell.
Seven layers, one device
How a session is judged
Only cross-layer contradictions, automation artifacts and implementation flaws can convict — a single odd value never does. Everything else (a stripped capability, unusual behaviour, a datacenter IP) only corroborates, nudging toward suspicious but never bot on its own. That conviction gate is what keeps real, unusual humans from being flagged.
Why it's hard to beat
An anti-detect browser can spoof the User-Agent and patch navigator.webdriver in seconds. Making the JA4, the HTTP/2 frame order, the TCP/IP stack, the GPU renderer and the JS feature-set all describe one coherent, real device at the same time is far harder — and that is exactly what this page measures live.
Calibrated, not guessed
No rule ships until a real evader has exercised it and a calibration gate proves it doesn't flag real browsers — trusted-but-verified against multiple independent fingerprint sources.