PublishedFeb 4, 2026UpdatedFeb 4, 2026

Stealth Browser API Fingerprinting Benchmark Tests [February 2026]

From Bright Data to Browserless, we tested all the best stealth browser APIs on the internet. Which ones are worth your time?

Today, with anti-bot systems using ever more advanced request fingerprinting techniques to detect and block scrapers, a crucial skill every scraping pro needs to develop is browser fortification. Which is the ability to fortify their requests so that they don't leak any signs that the requests are coming from a scraper. Developers can do this themselves or use fortified versions of Puppeteer, Playwright or Selenium (often need more fortification). However, this can be a difficult and time consuming process if you don't have prior experience. As a result, a new category of Stealth Browser APIs has emerged that claim to manage this browser fortification for you, offering managed cloud browsers with built-in fingerprint protection, anti-bot bypass, and CAPTCHA solving. So in this article, we decided to put these Stealth Browser APIs to the test... Are they really experts at browser fortication? Or do they make noob errors that no scraping professional should make? So in this article we will put them to the test, covering:

Fingerprint Benchmark Test ResultsThe complete raw data from these tests is available on GitHub at Stealth Browser Fingerprint Repo

TLDR: What Is The Best Stealth Browser API For Browser Fingerprinting?

Pretty much every stealth browser API claims to be the "Best Stealth Browser" so we decided to put them to the test. Each stealth browser is a variation of the same basic idea. Managed cloud browsers with fingerprint protection, anti-bot bypass, and CAPTCHA solving to help you scrape without getting blocked.

Web Scraping Stealth Browsers

Some of these stealth browser products like Bright Data Scraping Browser, ZenRows Scraping Browser, Scrapeless, and Browserless are primarily designed for web scraping workflows, offering fingerprint protection, anti-bot bypass, and CAPTCHA solving to help extract data at scale.

AI Agent Stealth Browsers

Whereas others like Browserbase, Browserless, Hyperbrowser, Anchor Browser, and Browser.cash are built for AI agent workflows, offering features like persistent sessions, autonomous navigation APIs, human-like behavior simulation, and long-running browser environments suited for agentic automation tasks.

TLDR Scoreboard

Our analysis revealed a significant performance gap between elite stealth browsers that provide deep hardware emulation and legacy providers that trigger obvious automation signals.

Top Performer: Scrapeless Browser led the benchmark with a score of 94.76, passing 12 of 15 tests. It offered the most realistic peripheral variation and hardware diversity, including real Intel and NVIDIA GPU models, though it failed to synchronize timezones with proxy locations. Bright Data Scraping Browser (93.33) and ZenRows Scraping Browser (91.9) also reached the top tier, with Bright Data showing perfect Client Hints coherence and ZenRows successfully adapting font lists and hardware profiles to different operating systems.
Okay Performers: Browserless scored 51.43, providing consistent Linux profiles and realistic GPU strings. However, its effectiveness was hindered by a critical CDP automation signal failure and "franken-font" mismatches where Windows fonts were incorrectly detected on a Linux platform.
Poor Performers: Browserbase (34.67) and Oxylabs Unblocking Browser (33.52) struggled with fundamental stealth requirements. Both triggered critical automation leaks (CDP flag detected as true). Browserbase utilized software rendering (SwiftShader) instead of real GPU hardware, while Oxylabs suffered from severe platform inconsistencies, claiming to be Mac/Windows while revealing Linux origins via Client Hints.

Here are the overall results:

Scrapeless Browser

94.76

Bright Data Scraping Browser

93.33

ZenRows Scraping Browser

91.90

Browserless

51.43

Browserbase

34.67

Oxylabs Unblocking Browser

33.52

100

Overall Score

Provider	Overall Score	Pass	Warn	Fail	Critical	Comments
Scrapeless Browser	94.76	12	1	1	0	Scrapeless Browser leads the benchmark with a 94.76 score, offering the most realistic peripheral variation and hardware diversity, though it fails to align timezones with proxy locations.
Bright Data Scraping Browser	93.33	12	0	2	0	Bright Data delivers high-tier performance (93.33) with excellent resolution variety and perfect Client Hints coherence, marred only by static timezones and a localized language mismatch in the UK.
ZenRows Scraping Browser	91.90	11	2	1	0	ZenRows achieves a strong 91.9 score by effectively adapting font lists and hardware profiles to different OS types, despite falling short on timezone synchronization and peripheral emulation.
Browserless	51.43	7	4	2	1	Browserless provides consistent Linux profiles but struggles with a critical CDP automation signal failure and 'franken-font' mismatches where Windows fonts appear on a Linux platform.
Browserbase	34.67	5	3	5	1	Browserbase finishes with a 34.67 score due to critical automation leaks, static fingerprints with zero entropy, and the use of SwiftShader software rendering instead of real GPU hardware.
Oxylabs Unblocking Browser	33.52	7	1	5	1	While Oxylabs excels at matching timezones and locales to IP geography, it suffers from severe platform inconsistencies and impossible hardware core counts that reveal its underlying server infrastructure.

How We Tested Browser Fingerprinting

For this benchmarking, we decided to send requests with each stealth browser API to Device and Browser Info to look at the sophistication of their header and browser fingerprinting. The key question we are asking is:

Is the stealth browser leaking any information that would increase the chances of an anti-bot system detecting and blocking the request?

To do this, we focused on any leaks that could signal to the anti-bot system that the request is being made by a automated headless browser like Puppeteer, Playwright, Selenium, etc. Here are the tests we conducted:

1. Fingerprint Entropy Across Sessions

Test whether the browser fingerprint shows natural variation across multiple sessions.

Example: Identical JS fingerprint hashes, same WebGL/canvas values, or repeated hardware profiles across visits.
Why it matters: Real users vary; deterministic fingerprints are a strong indicator of automation.

2. Header Realism

Check whether HTTP headers match the structure and formatting of real modern browsers.

Example: Missing Accept-Encoding: br, gzip, malformed Accept headers, or impossible UA versions.
Why it matters: Incorrect headers are one of the fastest and simplest ways anti-bot systems identify bots.

3. Client Hints Coherence

Evaluate whether Client Hints (sec-ch-ua*) align with the User-Agent and operating system.

Example: UA claims Windows but sec-ch-ua-platform reports "Linux", or the CH brand list is empty.
Why it matters: Mismatched Client Hints are a highly reliable signal of an automated or spoofed browser.

4. TLS / JA3 Fingerprint Realism

Test whether the TLS fingerprint resembles a real Chrome/Firefox client rather than a script or backend library.

Example: JA3 matching cURL/Python/Node signatures, missing ALPN protocols, or UA/TLS contradictions.
Why it matters: Many anti-bot systems fingerprint TLS before any JS loads, so mismatched JA3 values trigger instant blocks.

5. Platform Consistency

Evaluate whether the OS in the User-Agent matches navigator.platform and other JS-exposed platform values.

Example: UA says macOS but JavaScript reports Linux x86_64.
Why it matters: Real browsers almost never contradict their platform; mismatches are a classic bot signal.

6. Device-Type Coherence

Test whether touch support, viewport size, and sensors align with the claimed device type (mobile vs. desktop).

Example: A mobile UA with maxTouchPoints=0, or an iPhone UA showing a 1920×1080 desktop viewport.
Why it matters: Device-type mismatches are one of the simplest heuristics anti-bot systems use to flag automation.

7. Hardware Realism

Check whether CPU cores, memory, and GPU renderer look like real consumer hardware.

Example: Every session reporting 32 cores, 8GB RAM, and a SwiftShader GPU.
Why it matters: Unrealistic hardware profiles strongly suggest virtualized or automated browser environments.

8. Timezone vs IP Geolocation

Evaluate whether the browser's timezone matches the location implied by the proxy IP.

Example: German IP reporting UTC or America/New_York.
Why it matters: Timezone mismatches reveal poor geo-spoofing and are widely used in risk scoring.

9. Language/Locale vs IP Region

Check whether browser language settings align with the IP's expected locale.

Example: All geos returning en-US regardless of country, or JS locale contradicting the Accept-Language header.
Why it matters: Locale mismatch is a simple yet strong indicator that the request is automated or spoofed.

10. Resolution & Pixel Density Realism

Test whether screen resolution and device pixel ratio resemble real user devices.

Example: Fixed 800×600 resolution, or repeated exotic sizes not seen on consumer hardware.
Why it matters: Bots often run in virtual machines or containers with unnatural screen sizes.

11. Viewport & Geometry Coherence

Evaluate whether window dimensions and screen geometry form a logically possible combination.

Example: Inner window width larger than the actual screen width.
Why it matters: Impossible geometry is a giveaway that the environment is headless or virtualized.

12. Fonts & Plugins Environment

Check whether the browser exposes realistic fonts and plugins for the claimed OS and device.

Example: A single font across all sessions, or empty plugin lists on macOS.
Why it matters: Normal devices have rich font/plugin environments; sparse lists are characteristic of automation.

13. Peripherals Presence

Test whether microphones, speakers, and webcams are exposed the way real devices normally do.

Example: All sessions reporting 0 microphones, 0 speakers, and 0 webcams.
Why it matters: Real devices, especially desktops and laptops, almost always expose some media peripherals.

14. Graphics Fingerprints (Canvas & WebGL)

Evaluate whether canvas and WebGL fingerprints are diverse and platform-appropriate.

Example: Identical WebGL renderer hashes across sessions, or a SwiftShader GPU on a claimed macOS device.
Why it matters: Graphics fingerprints are hard to spoof; unrealistic or repeated values reveal automation.

15. Automation Signals

Check whether the browser exposes direct automation flags or patched properties.

Example: navigator.webdriver=true, visible “CDP automation” flags, or inconsistent worker properties.
Why it matters: These are explicit and often fatal indicators that the environment is controlled by a bot framework.

These header and device fingerprint tests aren't conclusive on their own. But if a stealth browser is leaking numerous suspicious fingerprints that are sent consistently then it is easy for an anti-bot to detect and block these requests. Even if the proxy IPs are rotating. We sent requests to Device and Browser Info using each stealth browser's United States, German, Japanese, United Kingdom and Russian proxy endpoints to see how they are optimizing their browsers for each geolocation and whether the browser leaks differ by location.

15-Test Comparison: How Each Provider Performed

Use the filter tabs above the table to show or hide specific providers for easier comparison. The table shows how each provider performed across all 15 fingerprint tests, with weights indicating the importance of each test.

Compare Providers

Test \ Provider	Weight

Detailed Results: Which Stealth Browser Is Best For Browser Fingerprinting?

The following section contains the detailed results for each stealth browser, showing the overall score and the results of each test.

#1: Scrapeless Browser

Scrapeless Browser

Scrapeless provides a headless, stealth-oriented scraping browser focused on agentic workflows, featuring managed fingerprints, spoofed TLS, and cross-layer consistency patches.

Position

94.76

Overall Score

12✅ Pass

1⚠️ Warn

1❌ Fail

0🚨 Critical

In our analysis, Scrapeless Browser ranked #1 out of 6 stealth browsers with an authoritative score of 94.76 / 100. It leads the benchmark by offering the most realistic peripheral variation and hardware diversity observed among all tested providers.

Test	Status
TLS / JA3 Realism	N/A
Timezone vs IP Geo	Fail
Peripherals Presence	Pass
Resolution & DPR	Pass
Automation Signals	Pass
Platform Consistency	Pass
Hardware Realism	Pass
Fonts & Plugins	Pass

Test	Status
Fingerprint Entropy	Pass
Header Realism	Pass
Language/Locale vs IP	Warn
Device Type Coherence	Pass
Viewport/Geometry	Pass
Graphics Fingerprints	Pass
Client Hints Coherence	Pass

✅ Where Scrapeless Browser performed well: Delivered high-entropy fingerprints with diverse hardware specs; provided the most realistic peripheral and font mocking; and maintained perfect consistency between network headers and the JavaScript environment.
❌ Where Scrapeless Browser fell short: Failed to align browser timezones with proxy locations and used a static English language profile regardless of geography.

Pricing

Scrapeless uses a consumption-based billing model with optional monthly or yearly prepaid plans that grant discounts on usage.

Plan	Monthly Price	Residential (per GB)	Hourly Rate
Basic	Consumption-based only	—	—
Growth	$49/mo (then 10% off usage)	$1.62/GB	From $0.081/hr
Scale	$199/mo (then 15% off usage)	$1.53/GB	From $0.076/hr
Business	$399/mo (then 20% off usage)	$1.44/GB	From $0.072/hr
Custom	Custom	Custom	Custom

Headers and Device Fingerprints

Scrapeless Browser demonstrated a sophisticated approach to browser fingerprinting, focusing heavily on hardware and environmental richness. During testing, it successfully masked all automation signals, with navigator.webdriver and CDP automation flags remaining consistently false.The provider excelled in creating unique device profiles for every session. Hardware concurrency, memory, and GPU renderers were randomized effectively, featuring realistic consumer-grade specifications rather than generic server values.The most notable strength was the "richness" of the environment. Unlike many competitors that return empty lists, Scrapeless provided a robust list of Windows-specific fonts and varied peripheral counts (microphones and speakers), which are strong indicators of a real user device.However, the provider showed a significant gap in geographical synchronization. Timezones were frozen to America/New_York across all global sessions, and language settings did not adapt to the proxy's location, creating detectable mismatches for non-US traffic.

Good

In our tests, Scrapeless Browser provided the most hardware-diverse environment in the benchmark.

✅ Highest Fingerprint Entropy: Each of the 5 test sessions produced a unique fingerprint hash. This was supported by varying hardware concurrency (4, 8, 10) and diverse GPU renderers such as NVIDIA GeForce RTX 3060 Ti and Intel Iris Xe.
✅ Realistic Peripheral Variation: This provider was the only one to show plausible variation in hardware peripherals. Instead of a static or empty set, session counts fluctuated to mimic different device types.

✅ Robust Environment Richness: Scrapeless mocked a comprehensive set of 14-15 Windows-specific fonts, including Microsoft Uighur, Segoe UI, and Marlett. This prevents detection via font-count or font-presence scripts.
✅ Clean Automation Profile: No leaks were detected in the automation layer. The Are worker values consistent check returned true for all sessions, ensuring that the worker environment matched the main thread.

Bad

Despite its high score, Scrapeless Browser has systemic issues with regional data alignment.

❌ Timezone vs IP Geolocation

The provider failed to update the browser's internal timezone to match the proxy's location. Every session was hardcoded to East Coast US time, regardless of the target country.

Systematic Mismatch: All sessions used America/New_York for UK, DE, RU, and JP geographies.
Impact: This is a clear indicator of proxy usage/automation for any anti-bot system checking the Intl API against the IP location.

⚠️ Language/Locale vs IP

Language settings were static and did not reflect the localized realism expected from residential-style traffic in non-English speaking regions.

Static Locale: The browser consistently reported en-US and en for all sessions, including those routed through Germany, Russia, and Japan.
Accept-Language: The HTTP headers matched the JS environment (en,en-US;q=0.9), but neither adapted to the proxy's geographical context.

Verdict: ✅ Good

Scrapeless Browser provides the most realistic hardware-level fingerprints currently available in the stealth browser market.In our tests, it achieved the highest overall score by successfully mimicking the diversity and richness of real consumer devices. Its ability to randomize hardware specs, GPUs, and peripherals while keeping them logically consistent makes it extremely resilient against hardware-based fingerprinting.✅ What it gets right

Superior entropy with unique hashes for every session.
Highly realistic hardware specs (consumer GPUs and varying CPU cores).
Correct masking of all Webdriver and CDP automation signals.
Excellent font and peripheral mocking that surpasses competitors.

❌ What holds it back

A failure to synchronize timezones with proxy locations (all sessions remained America/New_York).
Lack of localized language support for non-English target regions.

Bottom line Scrapeless Browser is a top-tier choice for high-security targets. While the timezone mismatch is a notable flaw, its superior hardware and peripheral realism provides a level of stealth that is currently unmatched by other providers in our benchmark.

#2 Bright Data Scraping Browser

Bright Data Scraping Browser

Bright Data’s Scraping Browser is a managed Chromium environment designed to produce high-quality stealth fingerprints and resist modern bot-detection systems, featuring automatic proxy rotation and built-in CAPTCHA solving.

Position

93.33

Overall Score

12✅ Pass

0⚠️ Warn

2❌ Fail

0🚨 Critical

In our analysis, Bright Data Scraping Browser ranked #2 out of 6 providers with an impressive score of 93.33 / 100. It demonstrated a high degree of technical sophistication, passing 12 out of 15 tests and maintaining zero critical automation leaks.The provider delivered high-tier performance characterized by excellent hardware diversity and perfect alignment between modern Chrome headers and Client Hints. Its primary limitations were found in localized geo-spoofing, specifically regarding timezone alignment and language settings.

✅ Where Bright Data Scraping Browser performed well: Successfully suppressed all automation signals; provided realistic and diverse hardware profiles; delivered valid viewport geometry; and maintained perfect synchronization between User-Agents and Client Hints.
❌ Where Bright Data Scraping Browser fell short: Failed to adjust the JavaScript timezone to match proxy exit nodes and exhibited an localized language mismatch in a UK session.

Pricing

Plan	Included Traffic	Price	Effective Rate
Pay-As-You-Go	No commitment	$8 / GB	$8 / GB
71 GB Plan	71 GB included	$499 / month	~$7 / GB
166 GB Plan	166 GB included	$999 / month	~$6 / GB
399 GB Plan	399 GB included	$1,999 / month	~$5 / GB

Pricing fluctuates based on traffic volume and bandwidth usage.
Full pricing details available at https://brightdata.com/products/scraping-browser

Headers and Device Fingerprints

Bright Data Scraping Browser maintained exceptional cross-layer consistency throughout our testing. The HTTP headers and JavaScript environment were perfectly synchronized, reporting modern Chrome 144 configurations with zero automation leaks or headless markers.The environment felt "rich" and varied, providing a diverse range of high-end GPU renderers and CPU core counts. Hardware specifications effectively mimicked high-performance consumer machines rather than common data center templates.However, the browser struggled with geographic context. While the IP addresses rotated across global regions, the internal JavaScript environment often remained tethered to US-centric defaults, creating a detectable mismatch between the network location and the system clock.

Good

In our tests, Bright Data Scraping Browser consistently produced high-quality fingerprints that closely resembled those of real professional-grade desktop users.

✅ Zero Automation Signals: The provider successfully masked all common bot indicators. navigator.webdriver was false, and no traces of CDP automation or headless-specific constants were detected in the main thread or worker contexts.
✅ High Hardware Entropy: Unlike providers that use static templates, Bright Data varied hardware concurrency (12 to 20 cores) and GPU models across sessions, making it difficult for anti-bots to fingerprint the service itself.

✅ Modern Header & Client Hint Alignment: Headers used the latest Chrome 144 structures, including the zstd compression token. Client Hints were perfectly coherent with the User-Agent, correctly identifying the Windows platform and desktop status.
✅ Realistic Geometry: Resolutions varied from 1280x800 to 2560x1440. Viewport math was always logical, with innerWidth and innerHeight correctly accounting for the space occupied by browser UI elements.
✅ Valid Peripherals: All sessions reported 1 microphone, 1 speaker, and 1 webcam, avoiding the "empty peripheral" signature (0/0/0) common in server-side browser environments.

Bad

While highly sophisticated, Bright Data Scraping Browser demonstrated systematic issues with geographic localization.

❌ Timezone vs IP Geolocation

The provider failed to align the JavaScript timezone with the proxy exit node location. This creates a significant red flag for anti-bot systems that compare the IP-based location with the internal system time.

Static Timezone: All sessions reported America/New_York regardless of the actual target country.
Impact: A session with a Japanese IP address claiming to be in the New York timezone is an immediate signal of a proxied or automated connection.

❌ Language/Locale Inconsistency

While most sessions defaulted to US English, which is common among global users, one specific session exhibited a severe locale leak.

UK Session Mismatch: The session routed through the United Kingdom reported zh-CN (Simplified Chinese) as the primary language in both the Accept-Language header and the internal navigator.language property.
Inconsistency: This localized leak suggests an underlying configuration error or a "franken-fingerprint" where elements of different profiles were mixed incorrectly.

Verdict: ✅ Good

Bright Data Scraping Browser delivers a highly realistic and technically clean environment, performing better than almost all competitors in hardware and automation suppression.In our tests, the provider's fingerprints were realistic overall, though the lack of geographic alignment for timezones remains a notable detection vector.✅ What it gets right

Perfectly suppressed automation signals (webdriver: false).
Excellent rotation of hardware/GPU profiles.
Flawless alignment between modern UA strings and Client Hints.
Diverse and logical screen/viewport resolutions.

❌ What holds it back

Systematic failure to spoof timezones to match proxy geography.
Isolated instances of language-to-IP mismatches (e.g., UK session reporting Chinese).

Bottom line Bright Data Scraping Browser is a top-tier solution for targets where device realism and hardware diversity are paramount. While users should be aware of the timezone mismatch, its clean automation profile makes it exceptionally difficult to detect via standard JavaScript-based bot checks.

#3 ZenRows Scraping Browser

ZenRows Scraping Browser

ZenRows Scraping Browser exposes pre-hardened Playwright/Chromium sessions over WebSocket, with automatic anti-bot bypass, header shaping, and built-in CAPTCHA solving.

Position

91.90

Overall Score

11✅ Pass

2⚠️ Warn

1❌ Fail

0🚨 Critical

ZenRows Scraping Browser is a high-performance automation solution that provides pre-hardened Playwright/Chromium sessions. It integrates advanced anti-bot bypass mechanisms, including TLS JA3 spoofing and navigator patching, to facilitate stealthy data extraction across geo-targeted residential and mobile IP pools.In our benchmark analysis, ZenRows Scraping Browser ranked #3 out of 6 providers with a strong overall score of 91.9. The service demonstrated a sophisticated ability to adapt internal identities based on the target operating system, though it faced challenges with localized environment synchronization.

Test	Status
TLS / JA3 Realism	N/A
Timezone vs IP Geo	Fail
Peripherals Presence	Warn
Resolution & DPR	Pass
Automation Signals	Pass
Platform Consistency	Pass
Hardware Realism	Pass
Fonts & Plugins	Pass

Test	Status
Fingerprint Entropy	Pass
Header Realism	Pass
Language/Locale vs IP	Warn
Device Type Coherence	Pass
Viewport/Geometry	Pass
Graphics Fingerprints	Pass
Client Hints Coherence	Pass

✅ Where ZenRows Scraping Browser performed well: Effectively adapted font lists and hardware profiles to match different OS types (Windows vs. macOS), maintained high entropy across sessions, and successfully masked all automation signals.
❌ Where ZenRows Scraping Browser fell short: Failed to synchronize the browser timezone with proxy geography and consistently reported zero peripheral devices.

Pricing

Plan	Monthly Price	Scraping Browser Quota	Cost per GB	Concurrency
Free (14-day trial)	$0	100 MB	$0	5 requests
Developer	$69/mo	12.73 GB	~$5.42/GB	20
Startup	$129/mo	24.76 GB	~$5.21/GB	50
Business	$299/mo	60 GB	~$4.98/GB	100

Full pricing details available at Pricing - ZenRows

Headers and Device Fingerprints

ZenRows Scraping Browser exhibited a high degree of technical sophistication by providing coherent and diverse fingerprint profiles. The service successfully rotated through modern Chrome 138 headers while maintaining perfect synchronization between User-Agents and Client Hints across Windows, Linux, and macOS profiles.The browser environments were characterized by realistic hardware diversity, utilizing consumer-grade GPU renderers and varied CPU core counts. All sessions successfully masked common automation flags, presenting navigator.webdriver as false and maintaining consistency between the main thread and web workers.However, the environment localization was less robust. Sessions for UK, Germany, and Japan consistently leaked a North American timezone and default English locale, which may provide a point of differentiation for advanced anti-bot layers.

Good

The service demonstrated effective platform spoofing and hardware randomization throughout our testing.

✅ Dynamic OS-Specific Fonts: ZenRows successfully switched font lists based on the requested OS. Windows sessions featured Calibri and Segoe UI, while macOS sessions correctly reported Helvetica Neue and Menlo.
✅ Hardware & GPU Realism: The provider utilized authentic hardware strings (e.g., Intel Iris Xe, Apple M2 Pro) and varied hardwareConcurrency between 4 and 32, avoiding the use of software-rendered or server-specific hardware signatures.
✅ High Fingerprint Entropy: Diversity across sessions was high, with varied screen resolutions (1920x1080, 1536x864, 1440x900) and unique fingerprint hashes for every request.
✅ Full Automation Masking: Both navigator.webdriver and CDP-specific automation flags were effectively suppressed, which is critical for bypassing modern bot detection systems.

Bad

The most notable issues involved a lack of synchronization between the browser's internal regional settings and the proxy geography.

❌ Timezone vs IP Geolocation

A systematic timezone leakage was detected across all sessions. Regardless of the proxy's location, the browser instances consistently reported a static North American timezone.

Mismatch: Sessions for UK, DE, RU, and JP all reported America/New_York.
Impact: This creates a significant geolocation mismatch that anti-bot systems can use to identify non-residential traffic.

⚠️ Peripherals Presence

Across all tested sessions, the browser consistently reported the absence of multimedia peripherals.

Static Pattern: Every session reported 0 microphones, 0 speakers, and 0 webcams.
Observation: This 0/0/0 pattern is a typical signature for default headless browsers and server-side environments that have not been configured to emulate human-attached devices.

⚠️ Language/Locale vs IP

The browser settings did not automatically adapt to match the proxy location's primary language.

Locales: All sessions retained en-US as the language setting, even when routing through Japan, Russia, or Germany.
Significance: While common for some users, a universal English profile across multiple non-English countries is a standardized rather than residential hallmark.

Verdict: ✅ Good

In our tests, ZenRows Scraping Browser provided a high-integrity environment that effectively mimics a legitimate, diverse user base. It proved particularly successful at adapting complex OS identities and masking automation signatures. While the static timezone and peripheral counts represent detectable patterns, the overall diversity and technical realism of its fingerprints place it comfortably in the top tier of providers.

#4 Browserless

Browserless

Browserless provides managed cloud browsers (BaaS) that you can connect to via Puppeteer or Playwright with a single line of code change. It focuses on scalable, production-grade browser automation with built-in anti-bot bypass, CAPTCHA solving, and global multi-region endpoints.

Position

51.43

Overall Score

7✅ Pass

4⚠️ Warn

2❌ Fail

1🚨 Critical

In our analysis, Browserless ranked #4 out of 6 providers with an overall score of 51.43 / 100. While it provides a stable and consistent Linux-based environment, its performance was significantly impacted by a critical automation signal leak and "franken-font" inconsistencies.

Test	Status
TLS / JA3 Realism	N/A
Timezone vs IP Geo	Fail
Peripherals Presence	Warn
Resolution & DPR	Warn
Automation Signals	Critical
Platform Consistency	Pass
Hardware Realism	Pass
Fonts & Plugins	Fail

Test	Status
Fingerprint Entropy	Warn
Header Realism	Pass
Language/Locale vs IP	Warn
Device Type Coherence	Pass
Viewport/Geometry	Pass
Graphics Fingerprints	Pass
Client Hints Coherence	Pass

✅ Where Browserless performed well: Maintained high internal consistency for Linux profiles; delivered realistic hardware specifications including dedicated NVIDIA and AMD GPU renderers; and utilized modern, well-formed HTTP headers.
❌ Where Browserless fell short: Exposed a definitive CDP automation flag; failed to align timezones or languages with proxy IP geography; and leaked Windows-specific fonts on a Linux platform.

Pricing

Browserless uses a unit-based pricing model. 1 Unit = 30 seconds of browser time. Residential proxies cost 6 units/MB, and CAPTCHA solving costs 10 units per successful solve.

Plan	Monthly Price	Annual Price	Units Included	Max Concurrency	Max Session Time	Persisted Sessions	Overages
Free	$0	$0	1k	1	1 min	1 day	,
Prototyping	$35	$25	20k	3	15 min	7 days	$0.0020 / unit
Starter	$200	$140	180k	20	30 min	30 days	$0.0017 / unit
Scale	$500	$350	500k	50	60 min	90 days	$0.0015 / unit
Enterprise	Custom	Custom	Custom	100s+	Custom	Custom	Custom

Full pricing details available at Browserless | Pricing

Headers and Device Fingerprints

Browserless provides a consistent Linux desktop environment that stays technically "coherent" but lacks the variety needed to avoid fingerprinting.The User-Agent, platform, and Client Hints all correctly identify as Linux x86_64, avoiding the cross-layer contradictions often seen in spoofed environments.However, the environment is quite static. All sessions used identical screen resolutions and CPU counts, regardless of the target geography.Furthermore, the presence of critical automation flags and geographical misalignments, such as using UTC time for all global sessions, make this provider detectable to sophisticated anti-bot systems.

Good

In our tests, Browserless demonstrated strong internal consistency within its chosen Linux profile.

✅ Consistent Platform Alignment: The browser correctly synchronized the User-Agent, navigator.platform, and userAgentData to report a Linux environment without contradictions.
✅ Realistic GPU Renderers: Instead of generic software renderers, Browserless provided specific hardware strings for NVIDIA and AMD GPUs, which varied across different sessions.

✅ Modern Header Realism: The HTTP layer utilized up-to-date Chrome 143 headers, including support for modern compression algorithms like br and zstd.

Bad

Browserless exhibited several issues, ranging from minor misalignments to critical automation exposures.

🚨 Critical: Automation Signals Exposed

The browser environment explicitly revealed its automated nature via the Chrome DevTools Protocol flag. This is a definitive signal used by anti-bot providers to block traffic.

CDP Flags: CDP automation was detected as true in 100% of the tested sessions.
Impact: While navigator.webdriver was successfully masked as false, the CDP leak remains a high-confidence indicator of automation.

❌ "Franken-font" Mismatches

The environment claimed to be a Linux system but exposed fonts that are exclusive to the Windows operating system.

Font Mismatch: Detected fonts included Calibri and Segoe UI Light on a Linux platform.
Diversity: The font list was suspiciously short, containing only 3–4 fonts in total across all sessions.

⚠️ Static Device Geometry and Hardware

Browserless used identical hardware and screen configurations for every session, creating a highly recognizable fingerprint pattern.

Resolution: Every session was locked to 1536x864 pixels.
CPU: Hardware concurrency was fixed at 4 regardless of the session or geo.

⚠️ Geographic Misalignment

The browser failed to adjust its internal clock or language settings to match the proxy IP's location.

Timezone: All sessions defaulted to UTC regardless of being in Japan, Russia, or Germany.
Language: Every session used en-US for both navigator.language and Accept-Language headers.

⚠️ Peripherals Absence

All tested sessions reported exactly zero microphones, speakers, and webcams, a configuration typical of headless server environments rather than real user devices.

Verdict: ⚠️ Mixed

In our tests, Browserless provided a stable Linux environment but struggled with critical automation leaks and fingerprinting staticity.The platform is excellent for developers who need a scalable, consistent Linux-based browser, but it is not currently optimized for high-stealth scenarios. The exposure of the CDP automation flag and the presence of Windows fonts on a Linux system are clear red flags for modern anti-bot solutions.✅ What it gets right

Excellent internal platform consistency for Linux.
Realistic, hardware-backed GPU strings that vary by session.
Easy integration with modern automation frameworks like Playwright.

❌ What holds it back

🚨 Critical exposure of the CDP automation flag.
"Franken-font" issues where Windows fonts appear on Linux.
Lack of geographic spoofing (Timezone and Language).
Static screen resolutions and hardware specs across sessions.

Bottom line During testing, Browserless proved to be a reliable "Browser-as-a-Service" for general task automation, but its fingerprints are easily distinguished from organic residential traffic due to technical leaks and a lack of environmental diversity.

#5 Browserbase

Browserbase

Browserbase is a managed Playwright/Selenium automation platform designed for persistent browser environments and long-running workflows, offering fingerprint-morphed Chromium sessions.

Position

34.67

Overall Score

5✅ Pass

3⚠️ Warn

5❌ Fail

1🚨 Critical

In our analysis, Browserbase ranked #5 out of 6 stealth browsers with an overall score of 34.67 / 100. While it provides stable infrastructure for workflow automation, it struggled in several key fingerprinting categories, primarily due to detectable automation signals and highly static hardware profiles.

Test	Status
TLS / JA3 Realism	N/A
Timezone vs IP Geo	Fail
Peripherals Presence	Pass
Resolution & DPR	Warn
Automation Signals	Critical
Platform Consistency	Pass
Hardware Realism	Fail
Fonts & Plugins	Fail

Test	Status
Fingerprint Entropy	Fail
Header Realism	Pass
Language/Locale vs IP	Warn
Device Type Coherence	Pass
Viewport/Geometry	Warn
Graphics Fingerprints	Fail
Client Hints Coherence	Pass

✅ Where Browserbase performed well: Maintained consistency between HTTP headers and OS-level JavaScript properties; provided modern Chrome 144 headers; and included realistic peripheral counts for audio devices.
❌ Where Browserbase fell short: Exposed critical Chrome DevTools Protocol (CDP) automation flags; used software-based "SwiftShader" rendering rather than real GPU hardware; and failed to vary fingerprints across sessions or geographies.

Pricing

Plan	Monthly Price	Concurrent Browsers	Included Browser Hours	Proxy Usage	Data Retention	Stealth Features
Free	$0/month	1	1 hour included	,	7 days	,
Developer	$20/month	25	100 hours included → then $0.12/hr	1GB included → then $12/GB	7 days	Basic Stealth + auto CAPTCHA solving
Startup	$99/month	100	500 hours included → then $0.10/hr	5GB included → then $10/GB	30 days	Basic Stealth + auto CAPTCHA solving
Scale	Custom	250+	Custom	Custom	30+ days	Advanced Stealth + auto CAPTCHA solving

Full pricing details available at Browserbase | Pricing

Headers and Device Fingerprints

Browserbase presented a cohesive Linux-based identity during testing, but the underlying environment heavily biased toward static server-side configurations. The headers were modern and consistent with internal JavaScript properties, ensuring basic platform alignment.However, the browser failed to mask critical automation indicators and exhibited extremely low entropy. Every session returned the exact same fingerprint hardware profile regardless of the requested geography, making the traffic highly predictable for anti-bot systems.Furthermore, the reliance on software rendering and fixed US-based timezones for international IPs creates significant discrepancies that sophisticated detection engines typically flag.

Good

In our tests, Browserbase maintained several basic layers of fingerprint consistency.

✅ Platform Alignment: The environment correctly matched the User-Agent OS string with the internal navigator.platform and userAgentData fields.
✅ Modern Headers: Sessions utilized Chrome 144 headers with modern compression standards like zstd.
✅ Realistic Peripherals: Unlike many headless browsers that report zero devices, Browserbase reported a plausible peripheral set.

Bad

The following issues contributed to the lower stealth score during our evaluation.

🚨 Critical: Automation Signals Exposed

The Chrome DevTools Protocol (CDP) automation flag was explicitly detected as true in 100% of tested sessions. This is a definitive signal of programmatic control that typically leads to immediate blocking.

CDP Flags: Automation was detected in both the main and worker contexts.
Impact: While navigator.webdriver was set to false, the leakage of the CDP flag bypasses that mask.

❌ Graphics & Hardware Failure

Browserbase utilized software-based rendering instead of mocking real GPU hardware, which is a major indicator of a virtualized cloud environment.

GPU Renderer: The browser reported SwiftShader Device (Subzero) in all sessions.
Hardware Concurrency: The CPU core count was static at a low value of 2.

❌ Zero Fingerprint Entropy

The provider produced identical fingerprint hashes across all sessions, lacking the diversity needed to avoid signature-based detection.

Static Hash: All sessions returned a85802a9... regardless of time or location.
Static Resolution: Every session utilized a fixed 2560x1440 resolution with zero window chrome.

❌ Timezone & Locale Misalignment

The browser failed to adjust its internal clock or language settings to match the proxy's geographic location.

Timezone: Consistently used America/Los_Angeles for UK, DE, RU, and JP sessions.
Language: Defaulted to en-US regardless of the target country.

⚠️ Viewport Geometry

The browser's inner window resolution exactly matched the screen resolution, indicating a lack of toolbars or address bars common in real browsers.

Geometry: 2560x1440 (Screen) vs 2560x1440 (Inner).

Verdict: ❌ Poor

In our tests, Browserbase exhibited significant stealth vulnerabilities that make it susceptible to detection by modern anti-bot systems.While it may work for targets with basic security, the combination of a critical CDP automation leak, static fingerprints, and software-based GPU rendering resulted in a poor overall performance score.✅ What it gets right

Consistent Linux OS reporting across network and browser layers.
Modern Chrome headers and realistic peripheral counts.

❌ What holds it back

🚨 Critical Leak: CDP automation flags are exposed.
Total lack of entropy; fingerprints are static across all sessions.
Software rendering (SwiftShader) clearly identifies a headless cloud server.
Failure to sync timezones and locales with the requested IP geography.

Bottom line Browserbase (in its Basic Stealth configuration) functions more as a stable automation environment than a highly evasive stealth browser. It lacks the randomization and geo-authenticity required to bypass advanced anti-bot protections.

#6 Oxylabs Unblocking Browser

Oxylabs Unblocking Browser

Oxylabs Unblocking Browser is a remote headless browser with built-in stealth features and residential proxy integration, supporting Playwright, Puppeteer, and CDP-compatible tools.

Position

33.52

Overall Score

7✅ Pass

1⚠️ Warn

5❌ Fail

1🚨 Critical

Oxylabs Unblocking Browser offers a hosted infrastructure for browser-based automation, integrating its massive residential proxy network directly into a cloud-based browser environment. While it simplifies the scaling of dynamic web scraping sessions, our technical analysis revealed significant challenges in maintaining a convincing browser fingerprint across different layers.In our benchmark, Oxylabs Unblocking Browser ranked #6 out of 6 providers with an overall score of 33.52 / 100. While the service demonstrated strength in localizing session data to match proxy geography, it struggled with critical automation leaks and severe internal contradictions between its network headers and the JavaScript environment.

✅ Strengths: Excellent synchronization of browser timezones and languages with exit node locations; diverse screen resolutions and realistic GPU renderers.
❌ Weaknesses: Definitive CDP automation leaks; extreme hardware core counts (96 cores) that reveal server-grade infrastructure; severe "franken-fingerprint" contradictions where the platform claims to be Linux, Windows, and macOS simultaneously.

Pricing

Pricing for the Oxylabs Unblocking Browser is based on monthly subscriptions with traffic (GB) allowances. All plans include advanced stealth, free geo-targeting, and 24/7 support.

Plan	Included Traffic	Price	Effective Rate
Starter	50GB	$300 + VAT	~$6 / GB
Premium	100GB	$550 + VAT	~$5.5 / GB
Venture	300GB	$1,410 + VAT	~$4.7 / GB
Custom +	400GB+	Custom per GB	Custom

Full pricing details: Oxylabs Unblocking Browser

Headers and Device Fingerprints

Oxylabs Unblocking Browser exhibited a fragmented fingerprinting strategy. While it excelled at matching superficial regional traits like timezones and languages, it failed to reconcile the more technical aspects of its spoofing.The browser frequently produced internal contradictions. For example, a single session might claim to be a MacBook via its User-Agent, yet report itself as a Linux machine through Client Hints and reveal a 96-core server CPU via JavaScript.Crucially, the presence of explicit automation flags and inconsistencies between the main browser thread and background web workers makes these sessions highly susceptible to detection by modern anti-bot systems.

Good

In our tests, Oxylabs Unblocking Browser showed strong performance in geographic accuracy and visual geometry.

✅ High-Precision Geo-Matching: Timezones and languages were perfectly aligned with the target IP address, effectively mimicking a local user's configuration.

✅ Realistic Graphics Profiles: The browser generated specific GPU renderers like Apple M1 or Intel UHD Graphics 620, avoiding generic virtualized graphics drivers.
✅ Diverse Resolutions: Screen configurations were varied and physically valid, including high-DPI displays (3840x2160) and MacBook-specific resolutions (1472x956).

Bad

Oxylabs Unblocking Browser's logic failed in several high-severity categories, creating fingerprints that are easily distinguishable from human traffic.

🚨 Critical: Automation Signals Exposed

The browser definitively identified itself as an automated environment. This is a critical failure that triggers immediate blocking on most protected websites.

CDP Flags: CDP automation: true was detected across all sessions.
Worker Inconsistency: The browser environment failed to maintain parity between the main thread and web workers.
Status: These signals provide technical proof of automation rather than just a suspicious pattern.

❌ Severe Platform Contradictions

The environment suffered from a "franken-browser" effect, where different data layers claimed to be different operating systems simultaneously.

OS Mismatch: The User-Agent claimed Macintosh or Windows, while the sec-ch-ua-platform header and the userAgentData API reported Linux.
Worker Leak: Web workers consistently exposed Linux x86_64 even when the main thread attempted to claim MacIntel.

❌ Impossible Hardware Profiles

The browser reported hardware specifications that do not exist in consumer devices, revealing the underlying high-performance server hardware.

CPU Cores: Several sessions reported hardwareConcurrency values of 64 or 96.
Mismatch: Claiming to be an Apple M2-based device while reporting 96 CPU cores is a massive indicator of spoofing, as no consumer MacBook carries such a high core count.

❌ Header Incoherence

The network layer did not align with the browser's stated identity, often using conflicting versions or malformed values.

Version Mismatch: The User-Agent would claim a version like Chrome/131, while the Client Hints reported Chromium/137.
Malformed Headers: Accept-Language headers contained invalid formatting, such as en-USen;q=0.9, which lacks proper spacing and comma separation.

❌ Static Font Environment

Regardless of the claimed OS or geography, the browser failed to provide a realistic font list.

Fonts: Only a single, generic font ("Univers CE 55 Medium") was returned across all sessions. A real browser typically enumerates dozens of system-specific fonts.

Verdict: ❌ Poor

In our tests, Oxylabs Unblocking Browser displayed significant technical leaks that make it highly detectable.While it is a convenient tool for geo-coordinated scraping, its core stealth logic is undermined by critical automation flags and severe internal contradictions.✅ What it gets right

Excellent localization of timezones and languages to match proxy IPs.
Diverse and realistic GPU and screen resolution profiles.

❌ What holds it back

Critical Detection: Explicit CDP automation flags were present in every session.
Infrastructure Exposure: 96-core CPU reports and Linux-based Client Hints reveal the underlying server environment.
Logical Mismatch: Frequent contradictions between HTTP headers, JavaScript APIs, and Web Worker environments.

Bottom line Oxylabs Unblocking Browser is effective for simple rendering tasks but currently lacks the fingerprint integrity required for high-security targets. The mismatch between its claimed identity (Mac/Windows) and its actual environment (96-core Linux server) creates a clear signature for anti-bot systems.

Lessons Learned: What This Benchmark Teaches Us

After analyzing the performance of these stealth browser APIs across 15 technical tests, several clear patterns emerged that challenge the marketing claims and common assumptions in the web scraping industry.

1. Automation Flags Are Still the "Master Key" for Anti-Bots

Many developers assume that "Stealth" APIs automatically strip all bot signals. The benchmark proves this is a dangerous assumption. Even premium providers are failing on the most basic, high-signal detection vectors.

CDP is a Silent Killer: Despite masking navigator.webdriver, half of the tested providers (Browserbase, Browserless, and Oxylabs) failed because they leaked the Chrome DevTools Protocol (CDP) flag.
Infrastructure Shouting: Oxylabs claimed to be a MacBook but reported 96 CPU cores, a hardware profile that doesn't exist in the consumer world, making it an instant "bot" signal for any basic heuristic check.
Worker Inconsistency: Most providers forget that anti-bots check background Web Workers. Several tools had "clean" main threads but "dirty" workers that leaked Linux origins.

If a tool fails to mask the CDP flag or reports server-grade hardware, no amount of proxy rotation will save your session from being flagged.

2. The "Franken-Fingerprint" is the New Detection Standard

A common mistake among providers is "spoofing by halves", changing the User-Agent (UA) but failing to update the underlying JavaScript environment or network headers. This creates a "Franken-fingerprint" that is arguably easier to detect than a standard headless browser.

The OS Triangle of Death: In many tests (specifically Browserless and Oxylabs), the UA claimed Windows/Mac, the Client Hints reported Linux, and the Font list contained Windows-only fonts.
Header-JS Mismatch: Several tools used modern Chrome 144 headers but exposed internal JavaScript properties from older Chromium versions.
Static Rendering: Browserbase and others used software-based "SwiftShader" rendering. A real user on a high-resolution screen (2560x1440) would almost never lack a dedicated GPU renderer.

Consistency is more important than sophistication. An anti-bot system doesn't need to prove you are a bot; it only needs to find one single contradiction to justify a block.

3. Geolocation is More Than Just an IP Address

The benchmark revealed a massive gap in how providers handle "contextual realism." Simply attaching a residential proxy to a browser is no longer enough; the browser's "soul" must match its location.

The Timezone Trap: Even top-tier performers like Scrapeless and Bright Data failed to synchronize the browser's internal clock with the proxy IP. A Japan-based IP reporting America/New_York time is a massive red flag.
Locale Leaks: Many providers (ZenRows, Browserless) defaulted to en-US regardless of whether they were routing through Tokyo, Berlin, or Moscow.
The Zero-Peripheral Signature: Real laptops have microphones and speakers. Many "stealth" browsers report 0/0/0 for peripherals, creating a sparse environment that is characteristic of a data center blade, not a home office.

Geography-aware fingerprinting is the current "final boss" of stealth scraping. If your tool doesn't align the Intl API and navigator.languages with the proxy, you are leaking your identity on every request.

4. Direct Actionable Takeaways

Based on the data, here is how you should evaluate your stealth browser stack:

Prioritize Hardware Entropy: Choose tools like Scrapeless or Bright Data that vary GPU models and CPU cores across sessions. Identical hardware hashes across 100 sessions are a guaranteed way to get your fingerprint blacklisted.
Verify the CDP Flag First: Before committing to a provider, run a simple check for the Chrome DevTools Protocol flag. If true, the tool is not truly "stealth."
Audit OS Consistency: If your script requests a Windows user agent, verify that the sec-ch-ua-platform header and navigator.platform both say "Win32" or "Windows."
Manual Geo-Fixing: Since most providers fail at timezone synchronization, you may need to manually inject the correct timezoneId and locale via your automation framework (Playwright/Puppeteer) to match your proxy's region.

Conclusion: A More Realistic Way to Think About Scraping Tools

This benchmark wasn’t about crowning a universal winner, it was about understanding the gap between expectation and reality. The reality is:

Some tools are genuinely good.
Some tools are workable with the right strategy.
Some tools have critical weaknesses you need to be aware of.
No tool is perfect.
And no price tag guarantees quality.

For developers, the best approach is to treat scraping tools like any other dependency:

Understand their strengths
Understand their blind spots
Choose based on your actual risk level
Mix providers when needed
Keep your own fallback strategies ready

Stealth scraping is no longer about “which provider is best”, it’s about knowing where each one fits into your system. Want to learn more about web scraping? Take a look at the links below!

Ian Kerins

Co-Founder @ ScrapeOps

Ian has over 8 years in the web scraping market working with ScrapeOps, Zyte, and ScraperAPI.