← Glossary / Stealth Mode Browsing

What is Stealth Mode Browsing?

Stealth mode browsing is the practice of modifying a headless browser's runtime environment to mask its automated nature from client-side detection scripts. By patching JavaScript properties like navigator.webdriver, spoofing hardware concurrency, and injecting realistic plugin arrays, stealth plugins attempt to make Puppeteer or Playwright look like a standard consumer Chrome session. It is a necessary baseline for modern scraping, but fundamentally insufficient against network-layer fingerprinting.

HeadlessPuppeteerPlaywrightEvasionJS Patching
// 02 — definitions

Patching the
runtime.

How stealth plugins rewrite the browser environment to hide the automation flags that headless Chrome broadcasts by default.

Ask a DataFlirt engineer →

TL;DR

Stealth mode browsing relies on injecting JavaScript before the page loads to overwrite automation-specific properties. While tools like puppeteer-extra-stealth fix the obvious leaks (like the webdriver flag or missing plugins), they operate entirely at the DOM layer. Modern anti-bot systems like DataDome and Cloudflare now look deeper, checking TLS signatures and canvas rendering quirks that JS patches cannot hide.

01Definition & structure
Stealth mode browsing refers to the configuration and modification of headless browsers (like Puppeteer, Playwright, or Selenium) to evade automated detection. Out of the box, headless browsers broadcast their automated nature through specific JavaScript properties, such as setting navigator.webdriver to true, lacking standard plugins, and exhibiting distinct rendering behaviors. Stealth mode uses initialization scripts to overwrite these properties, spoofing a normal user environment before the target site's scripts can execute.
02How it works in practice
When a stealth-enabled browser navigates to a URL, it uses the Chrome DevTools Protocol (CDP) to inject a payload of JavaScript evasions using methods like Page.addInitScript. These scripts run before any of the target website's code. They delete the webdriver flag, mock the presence of the window.chrome object, spoof hardware concurrency numbers, and override the Permissions API to match a standard desktop browser. When the site's anti-bot script eventually runs, it reads the spoofed values and assumes a human user.
03The limits of JS patching
Stealth plugins are a cat-and-mouse game confined to the DOM. While they can fake JavaScript properties, they cannot easily fake low-level browser behaviors like how the GPU renders a canvas element, or how the audio context processes DSP math. More importantly, JS stealth plugins do nothing to fix network-layer anomalies. If your TLS handshake looks like a Python script, no amount of DOM patching will save the session.
04How DataFlirt handles it
We consider JavaScript-based stealth plugins obsolete for enterprise scraping. Instead of patching the DOM at runtime, our fleet uses custom-compiled Chromium binaries. We remove the automation flags directly in the C++ source code. This ensures that the V8 engine natively reports human-like properties, eliminating the performance overhead of CDP injection and completely avoiding the risk of proxy-object detection by advanced bot management systems.
05The proxy object trap
A common failure mode for amateur stealth setups is the "proxy trap." To overwrite read-only browser properties, stealth plugins use JavaScript Proxies. Sophisticated anti-bot scripts don't just read the property; they inspect the property's descriptor or call toString() on the function. If the response doesn't perfectly match the native C++ binding output (e.g., returning [native code]), the script knows it's being lied to and flags the session.
// 03 — the detection math

How stealthy
is stealth mode?

Stealth mode only addresses DOM-layer entropy. DataFlirt evaluates browser credibility across the entire stack, calculating a composite trust score before routing requests to target endpoints.

DOM Credibility = Pdom = 1 − (leaked_flags / total_probes)
A perfect stealth plugin achieves 1.0 here, passing all JS checks. JS execution context
Stack Coherence = Cstack = TLS_fingerprintDOM_fingerprint
If JS says Chrome 124 but TLS says Go HTTP, coherence is 0. DataFlirt routing logic
Effective Stealth Score = Seff = Pdom × Cstack × IP_Reputation
A high DOM score is useless without network coherence and a clean IP. Internal SLO
// 04 — stealth injection trace

Patching the DOM
before execution.

A trace of a stealth initialization sequence, showing the specific JavaScript properties being overwritten via CDP before the target site's anti-bot script can read them.

PlaywrightCDPPage.addInitScript
edge.dataflirt.io — live
CAPTURED
// init stealth evasions via CDP
evasion.webdriver: patched delete navigator.webdriver
evasion.chrome_runtime: mocked window.chrome = { runtime: {} }
evasion.permissions: overridden Notification.permission = 'default'
evasion.plugins: injected 3 standard plugins added

// target site bot-probe execution
probe.navigator: "Mozilla/5.0 (Windows NT 10.0; Win64; x64)..."
probe.webdriver: undefined // pass
probe.languages: ["en-US", "en"] // pass
probe.proxy_object: detected // JS toString() leak

// network layer mismatch
tls.ja3_hash: "771,4865-4866-4867... " // Node.js default
classifier.result: 0.89 (BOT) // DOM patched, but TLS failed
// 05 — evasion targets

What stealth mode
actually hides.

The primary JavaScript properties and browser behaviors that stealth plugins modify to bypass basic client-side bot detection scripts.

EVASIONS ·  ·  ·  ·  ·    14 core modules
EXECUTION ·  ·  ·  ·  ·   Pre-DOM load
UPDATED ·  ·  ·  ·  ·  ·  2026-05-19
01

navigator.webdriver

boolean flag · The most obvious headless indicator
02

window.chrome

object presence · Missing in standard headless mode
03

navigator.plugins

array length · Headless defaults to 0 plugins
04

Permissions API

state spoofing · Headless denies notifications by default
05

WebGL vendor

string masking · Hides software renderers like SwiftShader
// 06 — beyond js patching

Stealth is a stack,

not a JavaScript plugin.

Relying on JS injection plugins is a legacy approach. Modern anti-bot systems don't just read the DOM; they measure the delta between network signatures and JavaScript claims. DataFlirt abandons JS patching entirely. We run a custom Chromium build where the stealth properties are compiled directly into the C++ source, ensuring that the V8 engine natively reports human-like attributes without leaving proxy-object traces that advanced scripts can detect.

DataFlirt native stealth profile

Properties compiled into the browser binary, requiring no JS injection.

build.target Chromium 124.0.6367.60
v8.webdriver false
tls.ja4_match true
proxy.binding none detected
canvas.noise hardware native
bot_score.avg 0.04

Stay ahead of the pipeline

Data engineering
intel, weekly.

Anti-bot shifts, scraping infrastructure updates, dataset delivery patterns, and business outcomes from our pipelines. Short, technical, no fluff.

By submitting, you acknowledge our Privacy Notice.

// 07 — FAQ

Common
questions.

About stealth plugins, detection mechanisms, and why JavaScript patching is no longer enough for production scraping.

Ask us directly →
Is using stealth mode illegal? +
Bypassing bot detection is not inherently illegal, but it is almost always a violation of the target website's Terms of Service. In jurisdictions like the US, courts have generally held that ToS violations alone do not constitute a violation of the CFAA, provided you are accessing public data. However, you should consult legal counsel for your specific use case.
Why does my stealth plugin still get blocked by Cloudflare? +
Because Cloudflare evaluates your request before the JavaScript even executes. They analyze your TLS fingerprint (JA3/JA4) and HTTP/2 framing. If your network signature looks like a Node.js script, Cloudflare will block you or serve a challenge page, rendering your DOM-layer stealth plugin completely useless.
Does stealth mode slow down scraping? +
Yes. Injecting multiple JavaScript evasions via the Chrome DevTools Protocol (CDP) on every single page load adds measurable overhead. It increases the Time to Interactive (TTI) and consumes more CPU per worker, which reduces your overall concurrency limits on a given machine.
How does DataFlirt handle stealth browsing? +
We don't use JavaScript injection plugins. We use custom-compiled Chromium binaries where the automation flags are removed at the source code level. This eliminates the performance overhead of CDP injection and prevents advanced bot scripts from detecting the JS Proxy objects that standard stealth plugins leave behind.
Can I just use a regular headed Chrome browser instead? +
Yes, running a headed (non-headless) browser naturally avoids many headless detection traps. However, headed browsers consume significantly more RAM and CPU because they actually render the graphical interface. For high-volume pipelines, scaling headed browsers is cost-prohibitive compared to using a properly stealth-patched headless setup.
What is the proxy object leak in stealth plugins? +
When stealth plugins override native browser properties (like replacing the navigator object), they often use JavaScript Proxies. Advanced anti-bot scripts can call toString() on these objects. A native function returns [native code], but a poorly implemented proxy will reveal that it has been tampered with, instantly flagging the session as a bot.
$ dataflirt scope --new-project --target=stealth-mode-browsing READY

Tell us what
to extract.
We do the rest.

20-minute scoping call. Pilot dataset within the week. Production within two. Whether you need a one-off catalogue dump or a continuous feed across millions of records — we scope, build, and operate the pipeline.

Start a pipeline → View pricing
hello@dataflirt.com  ·  Bengaluru  ·  IST  ·  typical reply < 4h
// 08 — keep reading

Related glossary terms

Anti-Bot Bypass

Puppeteer Extra Stealth

The most common open-source plugin for patching headless Chrome DOM leaks.

Read →
Anti-Bot Bypass

Headless Browser Detection

The specific techniques targets use to identify unpatched automated browsers.

Read →
Anti-Bot Bypass

Browser Fingerprinting

How targets build an identity from the properties stealth mode tries to hide.

Read →
Anti-Bot Bypass

Navigator Object Spoofing

The mechanics of rewriting the primary JavaScript object used for browser identification.

Read →