Skip to main content

Who Is Really A Scraping Pro? Benchmarking The Fingerprinting Skills Of Scraping Pros

Today, with anti-bot systems using ever more advanced request fingerprinting techniques to detect and block scrapers, a crucial skill every scraping pro needs to develop is browser fortification.

Which is the ability to fortify their requests so that they don't leak any signs that the requests are coming from a scraper.

Developers can do this themselves or use fortified versions of Puppeteer, Playwright or Selenium (often need more fortification).

However, this can be a difficult and time consuming process if you don't have prior experience.

As a result, most proxy providers now offer some form of smart proxy solution that claim to manage this browser fortification for you.

So in this article, we decided to put the Scraping Pro's to the test...

Are they really experts at browser fortication?

Or do they make noob errors that no scraping professional should make?

So in this article we will put them to the test, covering:

TLDR Benchmark Results

The Contenders: Putting The "Best Proxy Providers" To The Test

All of the following tools claim to be the "Best Proxy Provider" so we decided to put to the test.

Each tool is a variation of the same basic idea. Managed rotating proxies with user-agent and browser fingerprint optimization to bypass anti-bot detection.

Some of these proxy products like Oxylabs Web Unblocker, Bright Data Web Unlocker and Smartproxy Site Unblocker, are dedicated "Unlockers" that specialize themselves in bypassing anti-bot systems on the most difficult websites and price themselves accordingly.

Whereas others like Scrape.Do, ScraperAPI and ScrapingBee are more generic Smart Proxy APIs that offer lower cost scraping solutions, but also allow users to activate more advanced anti-bot bypassing functionality on requests.

Header and Browser Fingerprint Testing Methodology

For this benchmarking, we decided to send requests with each proxy providers headless browser enabled to Device and Browser Info to look at the sophistication of their header and browser fingerprinting.

The key question we are asking is: is the proxy provider leaking any information that would increase the chances of a anti-bot system detecting and blocking the request?

To do this, we focused on any leaks that could signal to the anti-bot system that the request is being made by a automated headless browser like Puppeteer, Playwright, Selenium, etc.

Here are the main factors we tested for:

  • Do fingerprints and headers vary across requests, or are they static and uniform?
  • Are the reported headers, user-agents, and device types realistic and consistent with each other?
  • Are there mismatches between device platform values (e.g., navigator.platform) and user-agent strings?
  • Are IP location, timezone, and browser language settings aligned, or do they show inconsistencies?
  • Are screen resolutions and hardware specs realistic, or do they suggest default/minimalistic virtual browsers?
  • Do the reported browser/device values (e.g., touch points, accelerometers) match the declared device type (desktop vs. mobile)?
  • Are peripherals (webcams, microphones, speakers) and fonts/plugins present, or is the environment stripped-down and obviously synthetic?
  • Are there missing, uniform, or suspicious Canvas/WebGL results, or automation signals (webdriver, CDP, phantomjs, etc.) being exposed?

These header and device fingerprint tests aren't conclusive on their own. But if a proxy provider is leaking numerous suspicious fingerprints that are sent consistently then it is easy for a anti-bot to cluster them together and increase the risk score on those requests.

Increasing the likelihood of requests being challenged and blocked. Even if the proxy IPs are rotating.

We also sent requests to Device and Browser Info using each proxy providers United States, German, Japanese, United Kingdom and Russian IPs to see how they are optimizing their browsers for each geolocation and the browser leaks differ by location.

Bright Data Web Unlocker

Bright Data Web Unlocker

This is one of the most recognized tools in the data collection industry. Before Bright Data pivoted to AI tools, no-code scraping and aggregate data, Web Unlocker was considered an industry standard for anti-bot and CAPTCHA bypasses.

Pricing

Compared to lesser known tools, Web Unlocker is expensive. At a 500% markup from the ScrapeOps Proxy Aggregator, this tool better deliver.

You can view their full list of pricing plans here. Their lowest tier plan comes in at $1.50 for 1,000 Requests. $1.50/1000 = $0.0015 per request.

  • Entry Price: $0.0015/request

Headers and Device Fingerprints

Web Unlocker does a solid job spoofing browser headers but lacks the full device-level stealth that Scraping Browser offers.

Good

  • ✅ Realistic UA for most regions – DE, JP, RU, and UK use believable Microsoft Edge on Windows 10 User-Agents with correct version formatting.
  • ✅ Region-matched Accept-Language – Languages line up with claimed locations: de-DE, ja-JP, ru-RU, en-GB.
  • ✅ Natural variation in fetch/referrer hints – Differences in sec-fetch-site and referer values mimic natural browsing context changes.

Bad

Despite their permium pricing there were some serious fingerpint issues with the Bright Data Web Unlocker:

❌ No Browser Fingerprints

During testing no requests generated device-level browser fingerprints strongly suggesting that the Bright Data Web Unlocker doesn't use headless browsers to make requests (we confirmed with a memeber of the Bright Data team). This will drastically increase detection rates on the more challenging websites.

Due to missing device-level data, many fingerprint accessments couldn't be evaluated:

  • ❌ Device Hardware Fingerprints: No data was available for CPU, GPU, memory, or other hardware attributes, preventing any rating on hardware authenticity.
  • ❌ Canvas & WebGL Fingerprints: No Canvas or WebGL fingerprints were returned in any of the sessions. This makes it difficult to determine if Web Unlocker can effectively simulate human-like browser graphics environments.
  • ❌ Timezone & Language Matching: There was no information available about system timezones or browser language headers. It’s unclear whether claimed regions (e.g., JP, DE) had correct supporting timezone or locale indicators.
  • ❌ Plugins, Fonts & Peripherals: No plugins, font libraries, or media devices (mic, cam, speakers) were detected or tested in these sessions. This leaves a fingerprint gap that advanced bot protection systems can potentially exploit.
❌ Purposeful Identification in US Traffic?

The US request explicitly used the User-Agent:

Brightbot 1.0

And lacked key headers normally present in a real browser:

accept  
upgrade-insecure-requests  
referer

This is almost certainly a deliberate choice by Bright Data to identify themselves to deviceandbrowserinfo.com (and potentially other fingerprinting domains), rather than a misconfigured stealth profile. It is extremely hard to imagine that this was done by mistake as it is breaking fingerprinting basics 101.

❌ Inconsistent Header Count Across Regions

The number of headers sent varied significantly:

DE: 20  
JP: 17  
RU: 19  
UK: 19  
US: 10

Low or inconsistent header counts can be used in bot detection. The stripped-down US profile is likely intentional for identification, but still diverges heavily from real browser norms.

❌ Inconsistent sec-ch-* Client Hints

sec-ch-* headers were present in DE, RU, and UK, partially in JP, and entirely missing in US:

DE: Full set  
RU: Full set  
UK: Full set  
JP: Partial  
US: None

This uneven distribution across geos can be fingerprinted at scale.

❌ Proxy IP Signature Inconsistency

X-Forwarded-For values alternate between random hashes and clean IPs:

DE: Random hash  
JP: Random hash  
RU: Clean IP  
UK: Clean IP  
US: Clean IP

This mixed routing behavior is atypical for legitimate browser traffic and can expose the use of a proxy network.

❌ Minor Accept-Encoding Mismatches

Compression formats in some regions differ subtly from Chrome defaults. While not a major detection vector on their own, these small discrepancies can contribute to a cumulative fingerprint score in anti-bot systems.

Verdict: ⚠️ Mixed

Bright Data Web Unlocker gets the job done when it comes to header spoofing, and that alone will help it bypass many bot protection setups that rely on basic checks.

Essentially, it is a highly optimized HTTP request service that likely uses very high quality IPs. Given the premium pricing of Web Unlocker and Bright Data's claim that Web Unlocker is best in class this is surprising.

However, the lack of deep fingerprint emulation—especially Canvas, WebGL, timezone, and locale support—means Web Unlocker is best suited for mid-level challenges, not the most advanced sites.

If you’re scraping a site like Amazon, Booking.com, or other high-security environments, Scraping Browser is still the safer choice. But for lower-profile targets, Web Unlocker offers a good balance of cost and capability.

  • ✅ Clean and realistic HTTP headers
  • ❌ No visibility into device fingerprints or rendering attributes
  • ❌ Missing graphics fingerprinting and locale adjustments

Still, Web Unlocker is a major upgrade over DIY setups or raw proxy rotation. When you figure in the price, it's still a brand name tool, but it's limited--like an iPhone SE or the Samsung Galaxy A series.

Bright Data Scraping Browser

Bright Data Scraping Browser

Bright Data's Scraping Browser is like an upgraded version of Web Unlocker with remote browser integration. On top of CAPTCHA bypass and geotargeting, you're controlling a remote browser instance of Playwright or Selenium.

Pricing

Bright Data Scraping Browse is a top-tier expensive solution. Scraping Browser costs just as much as top-shelf premium residential proxies but due to the fact it is a remote browser it will consume a lot more bandwidth. You can view all the pricing plans here.

  • Entry Price: $8.40/GB

BrowserScan: The Fingerprint Test

Scraping Browser did almost as well as its little brother, Web Unlocker. This makes sense since it's basically Web Unlocker with extra features.

  • Average Browser Authenticity: 99%
  • Detection Rate: 10%

Headers and Device Fingerprints

Overall, Bright Data Scraping Browser does one of the best jobs at spoofing real browsers.

Good

  • ✅ HTTP & Browser Headers/ User-Agents matched across all tests
  • ✅ No mismatches between device types stated in headers and device fingerprints. All devices claimed to be Windows devices with believable hardware setups (Device memory, CPU, GPU, etc.)
  • ✅ Browser timezone matched claimed location (US: America/New_York, DE: Europe/Berlin, etc.)
  • ✅ Browser main languages matched claimed location (GB, JP, RU, and DE correctly reflect their main languages en-GB, ja-JP, ru-RU, de-DE.)
  • ✅ Custom & believable screen resolutions across all tests, however, the screen resolutions on the RU and DE tests were slightly unusual and rarely used by typical modern devices (1562x879 pixels and 1280x720 pixels respectively).
  • ✅ All tests show devices with peripherals (Webcam, Microphone, Speakers)
  • ✅ All tests passed the automation signals test (CDP Automation, Webdriver, PhantomJS, NightmareJS, Selenium, etc.). However, the CDP Automation (in Web Worker) value came base as NaN for GB, JP, RU, and DE, but explicitly returned false for US. This could be suspicious as realistic browsers typically return explicit false values rather than leaving this undefined.

Bad

Here we get into the areas of improvement for Bright Data Scraping Browser:

❌ Incorrect Locale Language Date-Time Format

All regions had a default en-US locale language date-time format irrespective of their actual regional settings:

US: 'en-US' (expected)
GB: 'en-US' (expected: 'en-GB')
JP: 'en-US' (expected: 'ja-JP')
RU: 'en-US' (expected: 'ru-RU')
DE: 'en-US' (expected: 'de-DE')

This is unusual as real browsers typically adapt their locale language date-time format to match their primary regional language.

❌ Minimal Plugins/Extensions

Every test showed only 1 plugin/extension installed:

'PDF Viewer::Portable Document Format::internal'

Real browsers usually include additional plugins or report slightly varied plugins lists depending on the environment.

❌ Minimal Fonts

Each region consistently reports a minimal set of fonts:

'Calibri, Marlett, Segoe UI Light, Univers CE 55 Medium'

This font list is extremely limited and identical across all regions, indicating minimalistic virtual browser setups. Real browsers typically report a richer and more varied font set.

❌ Missing Canvas & WebGL Fingerprints
  • Canvas Fingerprint: The canvas fingerprints were missing (empty values) for all sessions across all regions. This is a significant red flag, as real browsers always produce unique canvas fingerprints.
  • WebGL Fingerprint: WebGL fingerprints were consistently missing across all regions. WebGL fingerprinting is widely used for browser fingerprinting and missing data strongly indicates a virtualized or incomplete browser environment.

The consistent absence of both Canvas and WebGL fingerprint data across all regions is a clear and strong indication of minimalistic, automated, or virtualized browser setups. Real browsers invariably generate unique, detectable Canvas and WebGL fingerprints. Their absence dramatically increases the risk of detection by advanced anti-bot systems

Verdict: ✅ Good

In general, the Bright Data Scraping Browser is a well optimized browser that should allow you to bypass most anti-bot systems.

They have clearly put more effort into optimizing the browser for stealth than a good few of their competitors.

  • ✅ No mismatches between device types stated in headers and device fingerprints.
  • ✅ Browser timezone matched claimed locations
  • ✅ Browser main languages matched claimed locations
  • 🚀 All tests show devices with peripherals (Webcam, Microphone, Speakers). Only provider to do this.

Most of the issues we found were minor and wouldn't be likely to trigger a ban. However, the missing Canvas and WebGL fingerprints are a major red flag.

With a bit of effort, the Bright Data team could optimize it further to make it even better.

Smartproxy Site Unblocker

Smartproxy Site Unblocker

Site Unblocker is Smartproxy's dedicated anti-bot bypass tool. It boasts the similar features to Bright Data's Web Unlocker, but with JS rendering support.

Pricing

Priced even higher than Bright Data's Web Unlocker, Smartproxy's Site Unblocker is positioned as a premium unblocker tool. You can verify their pricing plans here.

  • Entry Price: $0.00225/request

But does it deliver?...Nope.

BrowserScan: The Fingerprint Test

Smartproxy's flagship product achieved our second perfect test.

  • Average Browser Authenticity: 100%
  • Detection Rate: 0%

But when you look at the fingerprint results, it's clear that the browser is not properly optimized for stealth.

Headers and Device Fingerprints

Overall, Site Unblocker does one of the best jobs at spoofing real browsers.

Good

  • ✅ Each test had a unique browser fingerprint
  • ✅ HTTP Headers/ User-Agents varying between tests
  • ✅ HTTP & Browser Headers/ User-Agents matched across all tests
  • ✅ Realistic screen resolutions across all tests (1920x1080 pixels is a very common resolution and does not inherently raise suspicion as an unlikely or default resolution.)
  • ✅ Realistic hardware across all tests for Architecture and Device Memory, issues with concurrency (below).

Bad

Here we get into the areas of improvement for Smartproxy Site Unblocker:

❌ Platform Mismatches

Across all tests, the Navigator Platform was stated as Linux x86_64, however, the device type in the headers/user-agents were (Windows or MacOS):

DE: Mozilla/5.0 (Windows NT 10.0; WOW64)
JP, RU: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
UK, US: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)

This mismatch is highly suspicious and easily detectable by anti-bot systems.

❌ Browser Timezone Mismatches

Outside of the US test which had the correct timezone: America/Los_Angeles, the tests for the other regions all set their timezone to UTC:

DE: UTC
JP: UTC
RU: UTC
UK: UTC
US: America/Los_Angeles

Although, not a clear sign of a fake browser as people might be traveling and haven't updated their system timezone yet, it is still a potential red flag.

❌ Browser Language Inconsistencies

All requests universally use en-US (English - United States), even for locations like DE, JP, RU, and UK.

DE: en-US
JP: en-US
RU: en-US
UK: en-US
US: en-US

Typically, the language will differ depending on the local (German, Japanese, Russian, British English).

This won't get you blocked, but it is a potential red flag that when combined with the other issues, could raise suspicion.

❌ Suspicious Hardware Concurrency

DE, JP, RU, and UK report 32 logical CPU cores, which is unusually high and unrealistic for typical consumer browsers, strongly suggesting a virtualized or cloud environment.

DE: 32
JP: 32
RU: 32
UK: 32
US: 6

The US reports a more realistic concurrency of 6 cores.

❌ Missing Peripherals

All tested browsers (DE, JP, RU, UK, US) reported having:

0 microphones
0 speakers
0 webcams

This is highly suspicious, as genuine user browsers almost always report at least some audio (speakers, microphone) and occasionally a webcam.

Such a complete absence strongly suggests a virtualized or automated browser environment and can be detected by anti-bot systems.

❌ Lacking Realistic Plugins

DE, JP, UK, and US had minimalistic plugins, only showing an internal PDF Viewer, which is plausible but minimalistic and potentially suspicious.

'PDF Viewer::Portable Document Format::internal'

RU explicitly lacked any reported plugins (NaN), indicating a suspicious minimalistic virtual browser setup.

❌ Minimalistic Font List

Whilst the US test reported multiple realistic fonts (e.g., "ARNO PRO", "Agency FB", "Arabic Typesetting"). DE, JP, RU, UK uniformly report a minimalistic single font:

'Univers CE 55 Medium'

The limited font list is highly suspicious and would indicate a minimalistic virtual browser setup. Real browsers typically report a richer and more varied font set.

❌ Missing Canvas & WebGL Fingerprints

Across all tests, the consistent absence of both Canvas and WebGL fingerprint data would indicate minimalistic, automated, or virtualized browser setups.

  • Canvas Fingerprint: The canvas fingerprints were missing (empty values) for all sessions across all regions.
  • WebGL Fingerprint: WebGL fingerprints were consistently missing across all regions.

Real browsers invariably generate unique, detectable Canvas and WebGL fingerprints. Their absence dramatically increases the risk of detection by advanced anti-bot systems.

❌ Automation Signals

Whilst all tests passed the automation signals test for PhantomJS, NightmareJS, Sequentum, Selenium, Chrome Automation Signals, there were issues with the CDP Automation and Webdriver signals.

  • CDP Automation: RU and US explicitly return true for CDP automation and CDP automation (in web worker). The explicitly true CDP automation signals for RU and US are serious red flags, easily detected by advanced anti-bot systems.
  • Webdriver: US returns undefined, which is suspicious or indicative of manipulation. Other locations (DE, JP, RU, UK) explicitly return false, which is ideal.

Verdict: ❌ Poor

The browser fingerprint test results for Smartproxy Site Unblocker were poor to mixed.

Although the browser fingerprints score was high you can see some glaring issues when you take a closer look and the fingerprint results themselves especially given the high price tag.

From looking at the test results, it appears as if Smartproxy have built a more optimized browser setup for US based requests, and have a fallback browser setup for other regions which has a lot more leaks.

  • US Requests: Correct timezones, realistic languages, realistic hardware, realistic fonts, etc.
  • DE, JP, RU, UK Requests: Fixed UTC timezone, fixed language en-US, minimalistic fonts, susppicious hardware concurrency, , etc.

However, despite the US browser obviously being more optimized, the general leaks like platform mismatches, missing peripherals, missing canvas & WebGL fingerprints, and leaking automation signals are all serious red flags for any anti-bot system.

Zyte API

Zyte API

Zyte API offers flexible pricing based on your target site. You get JavaScript rendering and snappy performance, but don’t expect advanced anti-bot features like CAPTCHA solving or full fingerprint spoofing.

Pricing

Without rendering, Zyte API costs less than 10% of Bright Data Web Unlocker. It’s an appealing option for large-scale scraping on a budget. However, they charge roughly a 90% markup for browser rendering. This brings it much closer to the price range of other tools listed above when using the browser. You can get more details on their plans here.

  • Entry Price: $0.00013/request (unrendered), $0.001/request (rendered)

Perfect — I’ll reformat the Zyte API analysis in that same style, with code snippets to illustrate issues and less reliance on bullet points.

Headers and Device Fingerprints

Overall, Zyte API passes as a real browser on the surface. User-Agents are valid, OS/GPU values align, and screen resolutions are realistic. However, once you dig deeper into the fingerprints, serious inconsistencies and missing data emerge that make these requests easy to flag as automation.

Good

Realistic Screen Resolutions All sessions reported 1920x1080, a standard and widely used resolution for desktops/laptops:

DE: 1920x1080
JP: 1920x1080
RU: 1920x1080
UK: 1920x1080
US: 1920x1080

GPU Looked Legitimate Zyte reported Intel Iris Graphics, which matches real-world laptops.

Operating System Matched User-Agent Windows sessions report Win32 / Windows, and macOS sessions report MacIntel / macOS. No direct platform mismatches were found.

Headers Appear Modern Accept-Encoding included gzip, deflate, br, and zstd — all supported by current Chrome builds.

User-Agent Strings Were Plausible

Windows: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/133.0.0.0 Safari/537.36
MacOS:   Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML like Gecko) Chrome/133.0.0.0 Safari/537.36

These are syntactically valid and align with what you’d expect from modern Chrome browsers.

Bad

Here’s where Zyte API’s fingerprints fall short, increasing the chances of detection:

❌ Little Variation Across Requests

All requests in a given region produced near identical headers and fingerprints.

DE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/133.0.0.0
JP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/133.0.0.0
RU User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/133.0.0.0
UK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/133.0.0.0
US User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/133.0.0.0

Real-world traffic contains entropy (slight UA version differences, locale shifts, fonts, plugin lists). Zyte’s frozen fingerprints are trivially clusterable across IPs.

❌ Timezone Mismatches

All regions reported the same timezone:

DE: America/New_York
JP: America/New_York
RU: America/New_York
UK: America/New_York
US: America/New_York

A Japanese IP with a New York timezone is a big red flag.

❌ Static Locales & Languages

All regions returned en-US for navigator.language, even when scraping from DE, JP, RU, or UK.

DE: en-US
JP: en-US
RU: en-US
UK: en-US
US: en-US

While not always critical on its own, combined with timezone mismatches it becomes suspicious.

❌ Malformed Accept Header

Zyte sends a broken Accept header missing commas:

text/htmlapplication/xhtml+xmlapplication/xml;q=0.9image/avifimage/webpimage/apng...

No real Chrome browser sends this. This malformed header is a unique Zyte signature and easily fingerprinted.

❌ Suspicious Connection Header

Every request included:

Connection: upgrade

In normal browsing, Chrome uses keep-alive. upgrade is tied to WebSockets/HTTP2, and seeing it on every request is abnormal.

❌ Uniform CH-UA Brands

Each session returned the same Sec-CH-UA brand structure with "Not(A:Brand" and "Chromium". This is a known synthetic pattern often flagged by detection vendors.

❌ Missing or Unrealistic Plugins

All regions reported the same “Franken-plugin” list of PDF viewers:

Chrome PDF Viewer, Chromium PDF Viewer, Microsoft Edge PDF Viewer, WebKit built-in PDF

A real browser would never merge plugins from four competing engines.

❌ Missing Fonts

No font data was reported. Real browsers expose large font sets that vary across machines. A missing or minimal list is an immediate red flag.

❌ Missing Canvas & WebGL Fingerprints

No Canvas or WebGL fingerprints were produced across any region. Real browsers always generate these; their absence is a dead giveaway of automation.

❌ Missing Peripherals

Every test reported no microphones, no speakers, no webcams:

Microphones: 0
Speakers: 0
Webcams: 0

A complete absence of peripherals is unrealistic for modern consumer devices.

❌ Suspicious Hardware Concurrency

All regions reported 64 logical CPU cores:

DE: 64
JP: 64
RU: 64
UK: 64
US: 64

This is server-grade hardware (AMD EPYC / Intel Xeon territory) and not realistic for consumer devices. It also repeats identically across all regions, further confirming a cloud/virtualized environment.

Verdict: ❌ Poor

Zyte API traffic looks valid at first glance, OS/UA pairs align, screen resolution is common, GPU looks plausible. But deeper fingerprinting exposes repetitive, minimalistic, and malformed signals that make these requests very easy to detect:

  • Identical headers and fingerprints across requests
  • Wrong timezones across all non-US regions
  • Frozen en-US locales everywhere
  • Malformed Accept header
  • Unrealistic plugin lists and missing fonts
  • No Canvas, WebGL, or peripherals
  • 64-core hardware concurrency across all tests

From a detection perspective, these requests are highly linkable and automation-like.

ScraperAPI

ScraperAPI

ScraperAPI markets itself as a middle-of-the-road scraping solution. It’s more affordable than enterprise tools like Bright Data or Oxylabs, but promises more than basic proxy rotation.

Pricing

At triple the cost of Zyte, you'd hope ScraperAPI would deliver significantly better results. Unfortunately, that wasn’t the case. Their full list of plans is available here.

  • Entry Price: $0.00049/request

Headers and Device Fingerprints

ScraperAPI showed mixed results on the fingerprint front. While screen setup and some geotargeting passed, there were platform inconsistencies, unrealistic hardware specs, malformed browser metadata, and entire categories of missing data.

Good

Screen Resolution Was Consistent All sessions reported a common desktop resolution:

DE: 1920x1080
JP: 1920x1080
UK: 1920x1080
US: 1920x1080

GPU Reported as Google Vulkan This is plausible for Chrome-based devices and doesn’t immediately stand out as fake.

Some Geolocation Checks Passed Timezone matched location in a few cases:

JP: Asia/Tokyo
US: America/New_York

Bad

❌ Platform Confusion

All tested devices listed Linux x86_64 under navigator.platform even though the UA string claimed macOS:

User-Agent:        Macintosh; Intel Mac OS X 10_15_7
navigator.platform: Linux x86_64
userAgentData:      macOS

This cross-field inconsistency is a classic bot tell.

❌ Suspicious Hardware Concurrency

Not a severe bot signal, but the number of logical cores is unusual for typical consumer devices:

JP: 20
UK: 8
US: 20
  • 20 cores is rare for desktops/laptops.
  • UK’s 8 cores are plausible.
  • JP + US showing the same 20 cores suggests standardized VM configs.
❌ Limited Browser Variation

All sessions reported nearly identical User-Agent and Sec-CH-UA brand strings:

UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
    AppleWebKit/537.36 (KHTML, like Gecko)
    Chrome/134.0.0.0 Safari/537.36

Sec-CH-UA: Chromium, Google Chrome, Not:A-Brand

Zero entropy between regions makes this traffic trivially clusterable.

❌ Timezone Inconsistencies

Some sessions reported incorrect or uniform timezones for their IP locations:

DE (expected Europe/Berlin): America/New_York
JP (expected Asia/Tokyo):   Asia/Tokyo ✅
UK (expected Europe/London): America/New_York
US (expected America/New_York): America/New_York ✅

A DE or UK IP running on New York time is a red flag.

❌ Language Locales Frozen

All regions returned en-US for navigator.language, regardless of their country:

DE: en-US  (expected de-DE)
JP: en-US  (expected ja-JP)
UK: en-US  (expected en-GB)
US: en-US  (expected en-US ✅)

Not fatal on its own, but combined with timezone mismatches it’s highly suspicious.

❌ Fonts

No font data was returned. Real browsers expose a long, varied list of fonts:

Fonts: []

A completely empty font set is a major giveaway of headless/virtualized environments.

❌ Plugins

Reported plugins were missing or minimal. Real browsers usually show PDF viewers, DRM modules, media codecs, etc. ScraperAPI returned:

Plugins: []
❌ Peripherals

All sessions reported no microphones, webcams, or speakers:

Microphones: 0
Speakers: 0
Webcams: 0

This is extremely rare for consumer devices, even desktops, which almost always show at least one audio device.

❌ Missing Canvas & WebGL Entropy

No unique Canvas or WebGL fingerprints were generated across regions:

Canvas: <missing>
WebGL:  <missing>

In real Chrome, these values are always present and carry entropy. Their absence is a strong automation tell.

❌ Malformed CH-UA Brands

The Sec-CH-UA brand JSON was syntactically broken (missing commas):

[{"brand":"Chromium""version":"134"}
 {"brand":"Google Chrome""version":"134"}]

No genuine Chrome version would emit invalid JSON — this is a clear ScraperAPI signature.

Verdict: ❌ Poor

At first glance, ScraperAPI traffic looks passable with valid UA strings and realistic screen resolution. But deeper fingerprinting exposes:

  • Platform mismatches (macOS UA + Linux platform)
  • Timezone & language inconsistencies (DE/UK showing US-based settings)
  • Frozen UAs & brand strings across geos
  • Unrealistic concurrency counts (20 cores repeated)
  • Missing fonts, plugins, peripherals, Canvas/WebGL
  • Malformed CH-UA JSON

Together, these leaks provide anti-bot systems numerous fingerprints to detect ScraperAPI requests.

ScrapingBee

ScrapingBee

ScrapingBee offers a balance of affordability and modern features like CAPTCHA avoidance, JavaScript rendering, and even AI-powered data extraction. It’s positioned as a smart alternative to mid-range proxy tools.

Pricing

It’s cheaper than ScraperAPI but still manages to offer some advanced capabilities that even bigger names like Oxylabs and Bright Data don’t. Their entry level plan offers an insane amount of requests for a really low price. You can view the rest of their offerings here.

  • Entry Price: $0.0.000196/request

Headers and Device Fingerprints

ScrapingBee’s traffic leaves a weak fingerprint profile. While requests do reach the site with valid headers and a consistent Chrome UA, the browser environment leaks severe automation tells: static user agents, missing entropy (fonts/plugins/canvas), uniform Linux platform across geos, and proxy header leakage.

Good

OS Matched User-Agent Unlike setups where UA claims macOS/Windows while reporting Linux, ScrapingBee consistently aligned:

User-Agent OS: Linux
navigator.platform: Linux x86_64

GPU Reported as Google Vulkan A common rendering backend in Puppeteer/Chromium environments, which looks plausible enough:

GPU: Google Vulkan

No Automation Flags Detected No webdriver, phantomjs, nightmarejs, selenium, or other classic flags appeared.

Headers Were Modern and Clean Headers were simple and consistent, containing only:

Connection: upgrade
Host: deviceandbrowserinfo.com
X-Forwarded-For: <proxy IP>
X-Forwarded-Proto: https
X-Forwarded-Host: deviceandbrowserinfo.com

No outdated or malformed headers were observed.

Bad

❌ Timezone Failures

All tested regions—US, DE, JP, RU—reported UTC as the browser timezone:

Expected: America/New_York, Europe/Berlin, Asia/Tokyo, Europe/Moscow
Actual:   UTC

This breaks geolocation realism on sites that check clock offsets.

❌ Puppeteer-Like Screen Resolution

Every test reported 800x600 pixels:

DE: 800x600
JP: 800x600
RU: 800x600
US: 800x600

This is a telltale default for headless Chromium/Puppeteer, rarely seen in consumer traffic.

❌ Frozen Fingerprint Across All Regions

Zero entropy between geos:

UA:        Linux x86_64 + Chrome/112
Language:  en-US
Timezone:  UTC
Plugins:   Only PDF Viewer
Fonts:     None
Canvas:    None
WebGL:     None

Trivially clusterable.

❌ Locale + Language Failures

All regions reported en-US, ignoring IP/geolocation:

DE: en-US (expected de-DE)
JP: en-US (expected ja-JP)
RU: en-US (expected ru-RU)
US: en-US (expected en-US ✅)

Combined with timezone mismatch, this strongly signals automation.

❌ Missing Hardware Specs

No CPU, memory, or bitness reported:

Device Memory: None
Hardware Concurrency: None
Architecture: None
Bitness: None

A clear signature of stripped-down headless Chromium.

❌ Missing Plugins, Fonts & Peripherals
  • Fonts: None
  • Plugins: Only 1 (PDF Viewer)
  • Webcams, mics, speakers: 0 each

Real devices almost always expose multiple fonts, 2–3 plugins, and at least one audio device.

❌ Missing Canvas & WebGL Entropy

No unique fingerprint data was returned:

Canvas: <missing>
WebGL:  <missing>

A major detection vector for anti-bot systems.

❌ Proxy Header Leakage

X-Forwarded-For exposes proxy infra. Real browsers never send this header.

❌ UK Instance Failed to Connect

No data was collected from the UK region at all. This may indicate server-side blocking or ScrapingBee instability.

Verdict: ❌ Very Poor

ScrapingBee is trivially detectable due to:

  • Uniform Linux + UTC + en-US + 800x600 fingerprint
  • Missing hardware specs, fonts, peripherals, canvas/WebGL entropy
  • Proxy header leakage
  • No variation across regions (zero entropy)
  • Failure in one region (UK) suggests fragility

At best, the traffic looks like a stripped-down Puppeteer build behind a proxy. At worst, it’s a clusterable, low-entropy signature that anti-bot vendors can block with a single rule.

Scrape.Do

Scrape.Do

Scrape.Do is a lesser-known tool with a surprisingly polished feature set. Unlike tools that require separate browser rendering add-ons, Scrape.Do handles JavaScript out of the box.

Pricing

It’s even cheaper than unrendered Zyte, which made us skeptical going in. But Scrape.Do blew away our expectations.

  • Entry Price: $0.000116/request

Headers and Device Fingerprints

Scrape.do’s fingerprints look superficially like real Chrome traffic but deeper inspection shows timezone mismatches, unrealistic hardware patterns, and entire categories of missing entropy.

Good

Headers Look Clean Only standard modern headers (Connection, Host, X-Forwarded-*). No legacy flags or automation headers like Pragma, X-Powered-By, or webdriver.

User-Agent and Platform Match All sessions use a consistent and plausible UA:

Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/134.0.0.0 Safari/537.36

with navigator.platform = Win32 and userAgentData = Windows. This alignment passes basic anti-bot checks.

Some Variation in Screen Resolution Resolutions differ across regions:

DE: 1440x900
JP: 3840x2160
RU: 3840x2160
UK: 1280x720

Variation is good — avoids the “800x600 Puppeteer default” trap.

Bad

❌ Timezone vs. IP Location Mismatches

Timezones are inconsistent with the test IP regions:

DE (expected Europe/Berlin): America/Chicago
JP (expected Asia/Tokyo):    Europe/Paris
RU (expected Europe/Moscow): America/Sao_Paulo
UK (expected Europe/London): Europe/London ✅

Three out of four geos are misaligned. This is a strong geolocation tell.

❌ Language Locale Frozen

All sessions reported the same language:

DE: en-US (expected de-DE)
JP: en-US (expected ja-JP)
RU: en-US (expected ru-RU)
UK: en-US (expected en-GB)

Uniform locale across regions looks artificial.

❌ Hardware Concurrency Oddities

Logical cores differ but follow suspicious patterns:

DE: 4
JP: 2
RU: 2
UK: 16
  • 2 cores is rare for modern Windows 10 machines.
  • 16 cores are high-end.
  • These look like standardized VM presets rather than organic distribution.
❌ Minimal Plugins

All regions reported only:

PDF Viewer::Portable Document Format::internal

Real Chrome often shows multiple plugins/codecs. One static plugin is a bot tell.

❌ Minimal Fonts

Fonts list is extremely short and uniform across geos. Real browsers expose dozens of fonts (system + web safe). Minimal, repeated font sets reveal virtualized environments.

❌ Missing Peripherals

All sessions reported 0 microphones, 0 speakers, 0 webcams. Even headless servers usually register at least one audio output. This screams automation.

❌ Identical Audio Fingerprints

The AudioContext fingerprint string is identical across regions. Real hardware/OS combos typically introduce small variations. Lack of entropy makes sessions clusterable.

❌ Missing Canvas/WebGL Values

No useful Canvas/WebGL entropy appears. Vendor/renderer values are uniform. Real Chrome fingerprints always carry noisy entropy here.

Verdict: ❌ Weak

Scrape.do avoids obvious giveaways like Puppeteer’s 800x600 screen size or Linux/macOS mismatches, but the fingerprints leak heavily in subtle fields:

  • Timezone + locale misalignments across geos
  • Frozen, unrealistic hardware profiles (2 cores, 16 cores)
  • Uniform minimalism (plugins, fonts, peripherals, Canvas/WebGL)

Anti-bot systems can trivially cluster these as synthetic.

Scrapfly

Scrapfly

Scrapfly is one of the most recognizable names in the scraping space. While it doesn't market as aggressively as Oxylabs or Bright Data, it's a favorite among developers for its performance and affordability.

Pricing

Scrapfly starts at just a fraction of Bright Data’s Web Unlocker cost, putting it in line with budget tools—but the performance is anything but budget. The rest of their prricing info can be viewed here

  • Entry Price: $0.00015/request

Headers and Device Fingerprints

Scrapfly’s browser fingerprints show major weaknesses. While some baseline setup (resolution, GPU strings, UA validity) is passable, deeper inspection reveals uniformity across geos, missing entropy, and obvious automation tells.

Good

Consistent Screen Resolution All regions report a standard desktop resolution:

DE: 1920x1080
JP: 1920x1080
RU: 1920x1080
UK: 1920x1080
US: 1920x1080

This is realistic for laptops/monitors and avoids the 800×600 headless default trap.

UA Syntax Was Valid User-Agent strings followed real Chrome format and versioning:

Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML like Gecko)
Chrome/132.0.0.0 Safari/537.36

No malformed brand JSON or obvious headless signatures.

Plugins At Least Reported A long chain of PDF plugins (Chrome PDF Viewer, Edge PDF Viewer, WebKit built-in PDF) was present instead of a totally empty list. This is marginally better than blank output.

Bad

❌ No Variation Across Regions

Every test (DE, JP, RU, UK, US) produced identical results for UA, platform, timezone, screen, hardware, and plugins. Zero entropy makes traffic trivially clusterable.

❌ Platform Lock

All regions declared:

navigator.platform: Linux x86_64
userAgentData.platform: Linux
UA: X11; Linux x86_64

This means no Windows/macOS/mobile coverage. Uniform “Linux VM” signals are easy to spot at scale.

❌ Timezone Failures

Every region reported:


US (expected America/New_York): UTC
DE (expected Europe/Berlin): UTC
JP (expected Asia/Tokyo):    UTC
RU (expected Europe/Moscow): UTC
UK (expected Europe/London): UTC

Uniform UTC completely breaks geolocation realism.

❌ Missing Language Locales

navigator.language was empty across all regions. Real users almost always have region-specific locales (de-DE, ja-JP, etc.). Blank values are an obvious bot signal.

❌ Hardware Uniformity

Every region reported:

Hardware concurrency: 16
Device memory: 8 GB

While plausible for a desktop, five regions producing identical 16-core/8GB configs strongly suggests standardized VM templates. Real traffic shows variance.

❌ Fonts Missing

No font data was exposed:

Fonts: None

In genuine Chrome, dozens of system fonts are revealed, and they differ across OS/locales. Blank = bot.

❌ Peripherals Missing

All regions reported:

Microphones: None
Speakers: None
Webcams: None

Consumer devices almost always expose at least audio devices. An environment with zero peripherals is rare and easily fingerprintable.

❌ Missing Canvas & WebGL

No entropy reported:

Canvas fingerprint: None
WebGL renderer: None

Both are strong sources of uniqueness in real browsers. Their absence is a red flag.

Verdict: ❌ Poor

Scrapfly traffic is highly detectable. Anti-bot systems will flag it because of:

  • Uniform fingerprints across all regions (no entropy).
  • Timezone stuck at UTC (region/IP mismatch).
  • No locales, no fonts, no peripherals.
  • Identical hardware specs everywhere.
  • Missing Canvas/WebGL signals.

At scale, these requests will cluster into a single automation signature.

Zenrows

Zenrows

Zenrows rounds out our list with a familiar name in the scraping ecosystem. It’s gained traction thanks to solid performance and straightforward integration, often considered alongside Smartproxy and Bright Data’s mid-tier offerings.

Pricing

Zenrows falls comfortably in the mid-range. It’s not the cheapest, but you’re not paying luxury-tier prices either. Their prices can be verified here.

  • Entry Price: $0.000276/request

Headers and Device Fingerprints

This is where Zenrows mirrors Bright Data’s Web Unlocker: it refused to disclose any device fingerprint data. None of the five regional tests returned platform, user-agent, screen size, or GPU info.

Good

  • ✅ Headers were clean and consistent across all tests
  • ✅ Standard values like Connection, and Host, looked professional and production-ready.

Bad

❌ No Device Fingerprint Data

All regions returned empty device info. That means no user-agent breakdown, no platform info, no resolution, no GPU—nothing. While this may be intentional for stealth, it also means we can’t evaluate hardware realism.

❌ Identical IPs Across Multiple Regions

The UK and US shared the same X-Forwarded-For IP, as did JP and DE. That’s a red flag for geotargeting or large-scale scraping jobs that depend on IP diversity.

Verdict: ⚠️ Strong but Opaque

Zenrows gives you the results you want, but doesn’t let you see under the hood. It’s efficient and stealthy, but less transparent than most tools we tested.

  • ✅ Perfect fingerprint score
  • ✅ Clean HTTP header spoofing
  • ❌ Zero visibility into device attributes
  • ❌ Duplicate IPs across regions

Zenrows is like a fast car with tinted windows—you’re getting where you need to go, but don’t expect to check the engine.

Oxylabs Web Unblocker

Oxylabs Web Unblocker

Oxylabs is never cheap, and their Web Unblocker is no exception. Designed for complex scraping tasks, it offers JavaScript rendering, geotargeting, and CAPTCHA solving. On paper, it checks all the boxes.

In practice, it was kind of an enigma.

Pricing

This is the most expensive solution we reviewed. At $9.40/GB, it surpasses even Bright Data’s Scraping Browser and Decodo's Site Unblocker. The full pricing info can be viewed here.

  • Entry Price: $9.40/GB

Headers and Device Fingerprints

Unfortunately, Oxylabs Web Unblocker never connected to our fingerprinting test environment deviceandbrowserinfo.com, regardless of which region we selected. It’s unclear whether this is intentional or a compatibility issue.

❌ Couldn't Evaluate

  • ❔ No headers or hardware attributes could be evaluated
  • ❔ Tool may be configured to block specific sites, including test platforms

Verdict: ⚠️ Unknown

Oxylabs Web Unblocker couldn't be evaluated during this testing as it wouldn't connect to deviceandbrowserinfo.com so it if unclear how it compares to other providers.

It is certainly on the premium end of the spectrum, so if you were to use it you should test it against other options to decide if it is truly worth the cost.

Unpacking The Winners and Losers

Tools iPhone Users: High Performance and High Price

These products represent the top pricing tier for scraping tools. You want a stellar success rate--but brand names are just as important to you.

  • Bright Data Web Unlocker (this is the iPhone SE of the group, not as fully featured, and at a lower cost than the rest)
  • Bright Data Scraping Browser
  • Oxylabs Web Unblocker

Tools For People Who Buy Gas Station Sushi--Why..Just Why?

You know better, but something causes you to do it anyway. It's cheaper than a restaurant. You don't care that the grocery store offers a cleaner, safer product at a better price.

  • Zyte API
  • ScraperAPI
  • Smartproxy Site Unblocker

Tools For Minivan People--Get It Done and Get On With Life

Prestige and pain aren't why you're here. You want the job done easily, and you're not going to overpay. These tools offer exactly what you need with low to mid-tier pricing and realatively few surprises.

  • ScrapingBee
  • Scrape.Do
  • Scrapfly
  • Zenrows

Lessons Learned: Key Takeaways From This Experiment

When I began this experiment, 100% fingerprint authenticity seemed like an impossibility. I was dead wrong. The vast majority of paid scraping tools actually score higher than my personal web browser. That said, these tools come with their own set up issues--mainly location information and hardware. Here's a breakdown showing the pros and cons of all these tools.

ToolAuthenticity ScoreDetection RateHardware Realism (0–5)Verdict
Bright Data Web Unlocker100%0 (Ghost mode, headers only)⚠️ Overpriced but reliable
Bright Data Scraping Browser99%❌ (1/10)5 (Full spoof, peripherals too)✅ Premium pick
Smartproxy Site Unblocker100%2 (Timezone, language, GPU mismatches)❌ Overpriced + leaky
Oxylabs Web Unblocker100%N/A (Blocked test site)❔ Looks great—can’t verify
Zyte API83.6%2 (Wrong timezone, consistent but weak)⚠️ Cheap but flawed
ScraperAPI68.8%1.5 (Platform mismatch, poor variety)❌ Underperforms
ScrapingBee100%2 (Bad timezone, Puppeteer vibes)✅ Best cheap option
Scrape.Do100%2.5 (Realistic setup, bad location)💎 Budget sleeper hit
Scrapfly100%2.5 (Clean spoof, UTC for all)✅ Great value
Zenrows100%0 (No data, ghost mode)⚠️ Strong but opaque

Conclusion: What Makes a Good Provider?

No matter what your preference is--iPhone or Minivan, good scraping tools are everywhere. Of the 10 tools we tested, 7 of them boasted a perfect authenticity score time after time. Most of them showed reliable hardware and headers but failed the location testing. A good tool will provide you with 100% browser authenticity and an inconspicuous hardware setup every time--whether you're an iPhone or Minivan person.

Did I miss any other tools? Are my takes accurate?

Leave your opinion in the comments!