← Glossary / Screen Resolution Fingerprinting

What is Screen Resolution Fingerprinting?

Screen resolution fingerprinting is how anti-bot systems detect headless browsers by analyzing the mathematical relationship between your viewport, screen dimensions, and device pixel ratio. When a scraper runs in a headless environment, it often defaults to telltale dimensions like 800x600 or reports a viewport identical to the screen size—a physical impossibility for a real browser with a UI chrome. Get the geometry wrong, and your session is flagged before the DOM even finishes loading.

Anti-Bot BypassHeadless DetectionViewportDevice MetricsPlaywright
// 02 — definitions

Geometry as
identity.

Why the exact pixel dimensions of your browser window are one of the most reliable ways to spot a headless scraper.

Ask a DataFlirt engineer →

TL;DR

Screen resolution fingerprinting checks over a dozen dimension-related properties in the browser. It looks for default headless sizes, impossible viewport-to-screen ratios, and inconsistencies with the reported OS or device type. It's a primary signal for Cloudflare Turnstile, DataDome, and Akamai BMP.

01Definition & structure
Screen resolution fingerprinting is the process of extracting and analyzing the geometric properties of a client's display and browser window. Anti-bot scripts collect values like screen.width, screen.availHeight, window.innerWidth, and devicePixelRatio. By comparing these values against each other and against known hardware profiles, the server can determine if the browser is a real user device or a headless scraper running on a server.
02How it works in practice
When a page loads, an embedded JavaScript challenge reads the screen and window dimensions. It calculates the difference between the screen size and the available screen size (which reveals the OS taskbar) and the difference between the outer window and inner viewport (which reveals the browser UI). If these deltas are zero, or if the dimensions match known defaults like 800x600, the session is assigned a high bot score and blocked.
03The CSS media query trap
Many scraping engineers attempt to bypass this by overriding the JavaScript properties using Object.defineProperty. However, modern anti-bot systems cross-reference these JS values against CSS. They use window.matchMedia('(max-width: 1000px)') or inject hidden elements with viewport-relative units (vw/vh) to measure the true rendering surface. If the JS overrides don't perfectly match the CSS engine's reality, the tampering is detected.
04How DataFlirt handles it
We do not rely on JavaScript patching. Our scraping infrastructure utilizes real browser profiles running on hardware that naturally supports the required geometry. When a pipeline requires a specific device profile, we configure the underlying virtual display server to match the exact screen resolution, color depth, and device pixel ratio of that profile, ensuring that JS, CSS, and Canvas measurements are perfectly coherent.
05Did you know?
Even the position of the window on the screen is tracked. window.screenX and window.screenY report where the browser is located relative to the monitor. Headless browsers often report 0,0. Real users rarely have their browser perfectly pinned to the top-left pixel of their primary monitor without maximizing it, providing yet another subtle signal for bot classifiers.
// 03 — the geometry

How do they
know it's headless?

Anti-bot scripts don't just look at the raw numbers. They look at the delta between the inner viewport and the outer screen to verify the presence of a real browser UI and OS taskbar.

UI Chrome Delta = Δ = screen.heightwindow.outerHeight
Must be > 0 to account for OS taskbars. Headless often reports 0. Standard anti-bot heuristic
Viewport Consistency = window.innerWidthwindow.outerWidth
Inner cannot exceed outer. Puppeteer defaults often break this rule. Browser geometry constraints
DataFlirt Geometry Score = G = (valid_chrome_delta × valid_dpr) / session_flags
G > 0.99 across our residential fleet as of v2026.5. Internal SLO
// 04 — what the server sees

A headless geometry
failure trace.

A standard Playwright instance attempting to load a protected target. The anti-bot script executes a geometry probe and immediately flags the session due to impossible dimensions.

Playwright defaultDataDome probeJS execution
edge.dataflirt.io — live
CAPTURED
// executing geometry probe
screen.width: 1280 screen.height: 720
window.innerWidth: 1280 window.innerHeight: 720
window.outerWidth: 1280 window.outerHeight: 720

// evaluating heuristics
check.chrome_height: 0px // missing browser UI
check.taskbar_height: 0px // missing OS taskbar
check.common_bot_res: true // 1280x720 is a known default
check.dpr_match: true // devicePixelRatio = 1

// classification
bot_confidence: 0.98
action: BLOCK (403 Forbidden)
// 05 — detection vectors

Where the geometry
leaks.

The specific screen and window properties that anti-bot scripts evaluate. Inconsistencies here are fatal because they are mathematically impossible on a real device.

SAMPLE SIZE ·  ·  ·  ·    2.1M sessions
WINDOW ·  ·  ·  ·  ·  ·   30d trailing
UPDATED ·  ·  ·  ·  ·  ·  2026-05-19
01

Missing UI Chrome

outer vs inner delta · Outer dimensions equal to inner dimensions
02

Default Headless Dimensions

800x600, 1280x720 · Known defaults for Puppeteer and Playwright
03

Viewport Exceeds Screen

inner > screen · Physically impossible on real hardware
04

Device Pixel Ratio Mismatch

DPR vs User-Agent · Claiming macOS Retina but reporting DPR 1
05

Zero Dimensions

0x0 windows · Hidden or uninitialized virtual framebuffers
// 06 — our approach

Real hardware,

real geometry.

Spoofing screen resolution in JavaScript is a losing game. If you patch window.screen, the anti-bot script will measure a CSS media query or a Canvas element to find the true dimensions. DataFlirt doesn't patch JS objects. We run real browser profiles on hardware that naturally produces the correct geometry, ensuring the OS taskbar, browser chrome, and device pixel ratio are mathematically coherent.

Geometry Profile Binding

Live snapshot of a DataFlirt session's screen metrics.

device.profile macOS · Retina
screen.resolution 1440x900
window.outer 1440x820valid
window.inner 1440x715valid
chrome.delta 105pxsafari match
devicePixelRatio 2retina match
css.media_match truecoherent

Stay ahead of the pipeline

Data engineering
intel, weekly.

Anti-bot shifts, scraping infrastructure updates, dataset delivery patterns, and business outcomes from our pipelines. Short, technical, no fluff.

By submitting, you acknowledge our Privacy Notice.

// 07 — FAQ

Common
questions.

About screen metrics, headless detection, stealth plugins, and how DataFlirt maintains coherent geometry at scale.

Ask us directly →
What is the difference between inner and outer window dimensions? +
The inner dimensions (window.innerWidth) represent the actual webpage viewport. The outer dimensions (window.outerWidth) include the browser UI—tabs, address bar, and window borders. Headless browsers often make these identical, which is an immediate red flag to any bot detection script.
Can't I just use a stealth plugin to spoof my resolution? +
Stealth plugins patch JavaScript objects like window.screen, but advanced scripts use CSS media queries (window.matchMedia) or render a Canvas element to measure the real viewport. If your JS overrides say one thing and the CSS engine says another, you are flagged for tampering.
Why is 1920x1080 sometimes flagged as a bot? +
It's a common default for automated tools and Docker containers. If thousands of sessions hit a site with exactly 1920x1080, no UI chrome delta, and identical IP subnets, the resolution itself becomes part of a bot signature. Diversity is required to blend in.
How does devicePixelRatio affect fingerprinting? +
devicePixelRatio (DPR) measures the ratio of physical pixels to logical CSS pixels. If your User-Agent claims to be an iPhone or a modern Mac, but your DPR is 1 (standard for basic Linux servers), the discrepancy triggers a block. The hardware must match the software claim.
How does DataFlirt handle screen resolution? +
We map our browser instances to verified hardware profiles. A session claiming to be a MacBook Pro will have a 16:10 aspect ratio, a DPR of 2, and the exact chrome delta of Safari on macOS. We don't spoof these values; we configure the underlying virtual display to actually render them.
Does running in a Docker container affect screen metrics? +
Yes. Xvfb or headless environments in Docker lack a real window manager. This results in missing taskbars, zeroed-out screen coordinates, and default resolutions unless explicitly configured with a realistic virtual frame buffer and window manager.
$ dataflirt scope --new-project --target=screen-resolution-fingerprinting READY

Tell us what
to extract.
We do the rest.

20-minute scoping call. Pilot dataset within the week. Production within two. Whether you need a one-off catalogue dump or a continuous feed across millions of records — we scope, build, and operate the pipeline.

Start a pipeline → View pricing
hello@dataflirt.com  ·  Bengaluru  ·  IST  ·  typical reply < 4h
// 08 — keep reading

Related glossary terms

Anti-Bot Bypass

Headless Browser Detection

The broader category of techniques used to identify browsers running without a graphical user interface.

Read →
Anti-Bot Bypass

Browser Fingerprinting

How websites combine screen resolution with other signals to create a unique identifier.

Read →
Anti-Bot Bypass

Canvas Fingerprinting

A rendering-based fingerprinting method that often correlates with device pixel ratio and screen metrics.

Read →
Anti-Bot Bypass

Playwright Stealth

Plugins designed to mask headless indicators, including basic screen resolution patching.

Read →