TLS Fingerprinting

TLS fingerprinting is critical for bypassing bot detection. Standard HTTP libraries will be detected and blocked.

Why It Matters

Akamai and other bot detection systems analyze your TLS handshake to identify:

Cipher suites offered
TLS extensions and their order
Supported curves and signature algorithms
HTTP/2 settings and priorities

If your fingerprint doesn't match a real browser or device, you'll be blocked.

Required: TLS Client

Use bogdanfinn/tls-client instead of standard HTTP libraries.

Installation

Install (Go)

go get github.com/bogdanfinn/tls-client

Basic Usage

Go example

import (
    http "github.com/bogdanfinn/fhttp"
    tls_client "github.com/bogdanfinn/tls-client"
)

client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(),
    tls_client.WithClientProfile(tls_client.Chrome_120),
)

req, _ := http.NewRequest("GET", "https://example.com", nil)
resp, err := client.Do(req)

Chrome 108+ Note

For Chrome 108 and later, enable random TLS extension order:

Go (enable random extension order)

tls_client.WithRandomTLSExtensionOrder()

Python (enable random extension order)

session = tls_client.Session(random_tls_extension_order=True)

Verifying Your Fingerprint

Make the request to the fingerprint API

Request: https://tls.peet.ws/api/all

Make the same request from a real browser

Perform the same request in the target browser for comparison.

Compare the results

Use https://www.diffchecker.com/ to compare the outputs.

Key fields to match:

ja3 / ja3_hash
akamai_fingerprint
http2_settings

Common Issues

Issue

Solution

Fingerprint mismatch

Update client profile to match target browser

Random blocking

Enable random extension order for Chrome 108+

HTTP/2 issues

Verify HTTP/2 settings match browser

Resources

bogdanfinn/tls-client — TLS client library
HTTP/2 Fingerprinting Paper — Technical deep dive
tls.peet.ws — Fingerprint checker

PreviousProxies NextHeader Order

Good night