← Glossary / Hardware Concurrency Detection

What is Hardware Concurrency Detection?

Hardware concurrency detection is how anti-bot systems verify if your browser's reported CPU core count matches the rest of your hardware profile. When a scraper spoofs a high-end MacBook Pro user-agent but reports only two logical cores because it's running on a cheap cloud VM, the discrepancy triggers an immediate block. It's a fundamental check in modern fingerprinting that catches lazy headless setups before the first page interaction.

Anti-BotFingerprintingHeadless ChromeNavigator APIVM Detection
// 02 — definitions

Core counts
don't lie.

Why spoofing a user-agent isn't enough when your underlying compute environment gives you away.

Ask a DataFlirt engineer →

TL;DR

The navigator.hardwareConcurrency API returns the number of logical processors available to the browser. Anti-bot vendors like DataDome and Cloudflare cross-reference this number with your WebGL renderer, device memory, and OS. If you claim to be an M3 Max but report 2 cores, the classifier flags the session as a virtual machine.

01Definition & structure
The navigator.hardwareConcurrency property is a browser API that returns the number of logical processors available to run threads. While intended for performance optimization, it is a critical signal in hardware concurrency detection. Anti-bot systems read this value to determine if the client is running on consumer hardware (typically 4 to 16+ cores) or a cheap cloud virtual machine (typically 1 or 2 cores).
02How it works in practice
Anti-bot scripts execute early in the page load, querying the navigator object. They don't just look at the core count in isolation; they build a hardware matrix. They check navigator.deviceMemory, the WebGL renderer string, and the User-Agent. If the matrix is incoherent — for example, a high-end gaming GPU paired with 2 logical cores and 1GB of RAM — the session is immediately flagged as a bot.
03The VM giveaway
Most scraping infrastructure is built on cost-efficient cloud VMs like AWS t3.micro or DigitalOcean droplets. These instances usually provide 1 or 2 vCPUs. Meanwhile, the scraper is configured to send a User-Agent string claiming to be a modern Windows or macOS desktop. Because real desktops haven't shipped with dual-core processors in years, this discrepancy is the easiest way for a vendor to identify automated traffic.
04How DataFlirt handles it
We do not rely on JavaScript injection to spoof hardware APIs, as prototype tampering is easily detected. Instead, our extraction fleet runs on diverse, bare-metal hardware profiles. When a target requires a high-trust residential profile, we route the request through physical nodes that natively possess the correct core counts, memory, and GPU characteristics to pass deep hardware inspection.
05Did you know?
Advanced anti-bot systems don't trust the JavaScript API at all. They will actively spawn multiple Web Workers and measure the parallel execution time of a mathematical payload. If you spoofed your hardwareConcurrency to 16, but your VM only has 2 physical cores, the execution time will reveal the truth, resulting in a silent ban.
// 03 — the hardware matrix

How classifiers
score your CPU.

Anti-bot systems don't just look at the raw core count. They calculate a hardware coherence score based on expected ratios for the claimed device class.

Coherence Ratio = C = cores / device_memory
Typical desktop ratios are 1:1 or 1:2. A 16-core machine with 2GB RAM is an obvious bot. Standard fingerprinting heuristic
GPU-CPU Match = M = expected_cores(GPU) - actual_cores
Claiming an RTX 4090 with 2 logical cores triggers a high risk penalty. Akamai BMP hardware profiling
DataFlirt Hardware Trust = T = 1 - (spoofed_signals / total_hardware_signals)
We maintain T = 1.0 by never spoofing hardware APIs on mismatched metal. DataFlirt internal SLO
// 04 — the JS probe

A hardware mismatch
caught in the act.

A trace from an anti-bot probe evaluating a headless Puppeteer script running on an AWS t3.micro instance.

navigator APIprototype checkAkamai BMP
edge.dataflirt.io — live
CAPTURED
// hardware probe execution
navigator.userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)..."
navigator.hardwareConcurrency: 2 // low for modern macOS
navigator.deviceMemory: 1 // impossible for macOS 10.15

// spoofing detection
Object.getOwnPropertyDescriptor(navigator, 'hardwareConcurrency').get: undefined

// cross-reference
webgl.renderer: "Google SwiftShader" // software rendering

// classifier output
hardware.coherence_score: 0.12
session.classification: FLAG_VM_ENVIRONMENT
action: BLOCK_403
// 05 — detection vectors

Where hardware
spoofing fails.

The most common ways scrapers get caught trying to fake their hardware concurrency or underlying compute environment.

SAMPLE SIZE ·  ·  ·  ·    2.1M sessions
WINDOW ·  ·  ·  ·  ·  ·   30d trailing
UPDATED ·  ·  ·  ·  ·  ·  2026-05-19
01

Core/Memory mismatch

coherence failure · Claiming 16 cores but 2GB RAM
02

OS/Core mismatch

coherence failure · macOS user-agent with 2 cores
03

Prototype chain leakage

tamper detection · Clumsy JS injection to override the getter
04

WebGL/CPU mismatch

coherence failure · High-end CPU with software renderer
05

Worker thread timing

active measurement · Measuring actual execution speed vs claimed cores
// 06 — our infrastructure

Bare metal,

because you can't fake physics.

Spoofing hardware concurrency via JavaScript injection is a losing battle against modern anti-bot scripts that inspect prototype chains and measure actual worker thread execution times. DataFlirt bypasses this entirely by running our extraction fleets on diverse, bare-metal hardware profiles. When our browser claims to have 12 cores and an Apple M2 GPU, it's because the physical silicon executing the request actually has 12 cores and an Apple M2 GPU.

Hardware Profile: df-node-mac-04

Live hardware signals from a DataFlirt residential scraping node.

os.platform macOS 14.5
navigator.hardwareConcurrency 12
navigator.deviceMemory 8
webgl.renderer Apple M2
prototype.tampering false
worker.execution_test pass

Stay ahead of the pipeline

Data engineering
intel, weekly.

Anti-bot shifts, scraping infrastructure updates, dataset delivery patterns, and business outcomes from our pipelines. Short, technical, no fluff.

By submitting, you acknowledge our Privacy Notice.

// 07 — FAQ

Common
questions.

About hardware concurrency, VM detection, JavaScript spoofing, and how DataFlirt maintains hardware coherence at scale.

Ask us directly →
What exactly is navigator.hardwareConcurrency? +
It is a read-only property on the window.navigator object that returns the number of logical processors available to run threads on the user's computer. It was designed to help web apps size their Web Worker pools, but is now heavily abused for browser fingerprinting and VM detection.
Can I just override it with Object.defineProperty? +
You can, but you will likely get caught. Modern anti-bot scripts check the prototype chain. If they call toString() on your injected getter and it doesn't return [native code], or if the property descriptor doesn't match a pristine browser environment, the session is flagged for tampering.
Why do cloud VMs get flagged so easily? +
Cloud instances used for scraping typically have 1 or 2 vCPUs and low memory to keep costs down. Real consumer devices haven't shipped with 2 cores in a decade. When a classifier sees a modern Chrome user-agent paired with hardware specs from 2012, it knows it's looking at a server environment.
How does DataFlirt handle hardware concurrency checks? +
We don't spoof hardware APIs. We route requests requiring high-end desktop profiles to actual bare-metal nodes matching those specs. Our fleet includes a mix of ARM and x86 architectures with varying physical core counts, ensuring our hardware signals are always mathematically coherent.
Can anti-bots measure my actual cores instead of just reading the API? +
Yes. Advanced scripts spawn multiple Web Workers and measure parallel execution time to verify if the hardware actually matches the claimed concurrency. If you spoof 16 cores but your physical CPU only has 2, the execution timing will expose the lie.
Is it illegal to spoof hardware signals? +
No. Modifying your own browser's JavaScript environment is a technical bypass, not a legal violation like the CFAA. However, it is almost always a Terms of Service violation and leads to immediate IP or session blocks when detected by the target's security vendor.
$ dataflirt scope --new-project --target=hardware-concurrency-detection READY

Tell us what
to extract.
We do the rest.

20-minute scoping call. Pilot dataset within the week. Production within two. Whether you need a one-off catalogue dump or a continuous feed across millions of records — we scope, build, and operate the pipeline.

Start a pipeline → View pricing
hello@dataflirt.com  ·  Bengaluru  ·  IST  ·  typical reply < 4h
// 08 — keep reading

Related glossary terms

Anti-Bot Bypass

Browser Fingerprinting

The broader category of techniques used to identify clients based on hardware and software quirks.

Read →
Anti-Bot Bypass

Device Memory Detection

The sister API to hardware concurrency, used to detect low-RAM cloud instances.

Read →
Anti-Bot Bypass

WebGL Fingerprinting

How classifiers verify your GPU hardware matches your claimed CPU and OS.

Read →
Anti-Bot Bypass

Headless Browser Detection

The suite of checks used to differentiate automated browsers from human users.

Read →