Surviving 2026 Anti-Bot: Fingerprinting Beyond IP
IPs are only the beginning. Here is what the modern detection stack actually looks at, and how to stay clean across long sessions.
Modern bot detection layers IP reputation on top of TLS fingerprints (JA3/JA4), HTTP/2 frame ordering, browser canvas hashes, and behavioural signals. A clean residential IP that fires a curl-like TLS handshake is now a giveaway.
## The minimum viable browser - Use a real headless browser (Chromium 121+, Firefox 124+) with realistic launch flags. - Match TLS settings to the user-agent you are claiming. - Honour HTTP/2 ordering — many libraries silently downgrade to HTTP/1.1.
## Sessions over rotation Aggressively rotating every request looks more suspicious than a sticky session at this point. Sticky for 5–30 minutes per identity, then rotate.
## Where ProxyGen helps Our edge keeps the upstream gateway selection deterministic per session, so your TLS, IP, and ASN stay coherent for the full sticky window.