← Browsa · Anti-detect spec · vs browser-use cloud · Docs

Detection benchmarks

Live pass-rate of Browsa Phantom-Chromium burners against the major bot-detection sites. We publish the harness so you can audit the trust score, not just trust the marketing copy.

Methodology. A scheduled harness provisions a fresh burner (default config: OS_TYPE_MACOS, country=us, no warmup), navigates each detection site, captures the verdict + score, then destroys the agent. Results land in agents.detection_signals daily; the trust-score formula reads from there. You can query the latest result for any of your own agents via GET /v1/agents/{id}/detection-signal.

Sites tested

canonical detection surfaces

Burner pass rate

4 / 6

no warmup, fresh identity

Persistent pass rate

5 / 6

with warmup_recipe

Median trust score

873

/ 1000 — undetected band

Per-site verdicts (fresh burner, default config)

Detector	Verdict	Score / signal	Notes
antoinevastel.com/bots "BotDetectionScore"	PASS	"not headless"	Clean across every signal — UA stack, plugins, Notification permission, WebGL, Permissions API.
fingerprint.com BotD open-source library	PASS	bot: false	With `STEALTH_MODE` flags + `cdpEnabled=false`. Holds even with CDP attached for Playwright drop-in.
fingerprint.com Pro paid commercial	PASS	Suspect Score 29	Below the 30-flag threshold. Burner with CDP attached scored `notDetected` on Bot signal.
browserleaks.com UA, canvas, WebRTC, audio, fonts	PASS	all clean	Canvas hash session-deterministic, audio coherent with sample rate, fonts match the OS host.
creepjs abrahamjuliot/creepjs	SUSPICIOUS	Trust ~38%	Improves to ~62% on persistent identities with warmup. Remaining gap: `navigator.share`, `navigator.contacts` missing-API tells.
iphey.com BROWSER 5-signal suite	SUSPICIOUS	Browser=⚠️	Same missing-API tells as creepjs. Patch landing in next Phantom build adds `contentIndex`, `contacts`, `downlinkMax` stubs.

Trust score → band mapping

Score	Band	Reading
`≥ 850`	undetected	Clears Cloudflare / Akamai / iphey baseline checks. Safe for production scraping.
`700–849`	suspicious	Passes most basic checks but flagged by stricter heuristics. Usable; expect a small failure rate.
`< 700`	flagged	One or more detectors are firing. Try a different `os_type` / `country` or promote to persistent mode with warmup.

How to raise an identity's score

Use macOS as the OS shape (os_type: "OS_TYPE_MACOS") — cleanest consumer fingerprint in the wild. +20.
Promote burner → persistent — accumulates cookie + history signal. +20 baseline plus an age bump (+5/week, capped at +60).
Add a warmup_recipe — pre-loads cookies (amazon / google / social). +30.
Stay in country=us unless your target site geo-binds — non-US adds a –10 penalty (more bot signal density in many countries).
Reuse the same persistent identity across runs — session count rolls into a logarithmic bump (10 sessions = +8, 100 = +16, 1000 = +24).

See the per-factor breakdown for any identity:

curl https://browsa.io/v1/agents/<agent_id>/trust \
  -H "X-API-Key: agt_live_..."

Why publish this?

Anti-detect vendors that hide behind "Advanced stealth" marketing eventually lose to vendors who ship verifiable specs. We'd rather you find a gap and tell us than have a detection site find it and silently bucket your traffic. The next Phantom build is tracked on the anti-detect spec page — if a score on this page falls or a Pass becomes Suspicious, you'll see it here first.

Start free — 100 credits