I've published an open specification for a detection method I'm calling RQ4 (Request Context Fingerprinting). It analyzes whether HTTP request headers are logically consistent with real browser behavior - not just what headers are present, but whether they make sense together given the request context.
Comments
jjgreen•31m ago
This looks interesting, it's a pity that the example site, https://rq4.dev/, "No JavaScript fingerprinting needed", fails without JavaScript (yes I get it, JS not needed but can be implemented in JS, but still, incongruous).
rozetyp•23m ago
Good catch - fixed. The page now renders the RQ4 fingerprint server-side on the initial GET request. No JavaScript needed to see your result
jjgreen•31m ago
rozetyp•23m ago