anti-bot

JA3 Fingerprint

JA3 is a method of fingerprinting TLS client hellos to identify the TLS library (and therefore the application) making a connection.

JA3 computes an MD5 hash from fields in the TLS ClientHello message: the TLS version, cipher suites, extensions, elliptic curves, and elliptic curve point formats. Because each TLS library (OpenSSL, BoringSSL, NSS) produces a distinct combination of these fields, the resulting hash reliably identifies the underlying library and often the exact application.

Anti-bot systems use JA3 to distinguish real browsers from scrapers. Python's `requests` library, curl, and Scrapy each produce JA3 hashes that differ markedly from Chrome or Firefox. Even if a scraper sends identical HTTP headers, a mismatched JA3 is a high-confidence bot signal.

Countermeasures include using a browser-based HTTP client that inherits the browser's TLS stack (Playwright, Puppeteer), patching the TLS library to emit a Chrome-compatible ClientHello, or using a proxy that terminates and re-opens the TLS connection with the correct fingerprint.

Examples

# Check your JA3 fingerprint
curl https://tls.peet.ws/api/all | jq '.ja3'

# Compare with Chrome's known JA3
# Chrome 120: 771,4865-4866-4867-49195-49196...,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513,29-23-24,0

Related Terms

TLS Fingerprint
A signature derived from TLS handshake parameters a client sends when opening an HTTPS connection, used by anti-bot systems to classify traffic.
HTTP/2 Fingerprint
A network-level identifier from HTTP/2 handshake parameters including SETTINGS frame values and header ordering, used alongside TLS fingerprinting.
Browser Fingerprinting
A technique anti-bot systems use to identify bots by collecting dozens of browser attributes including Canvas, WebGL, and timing signatures.
Stealth Mode
Browser automation patches that normalise headless browser signals to match genuine user browser profiles and navigate browser environment checks.
Anti-Bot Protection
Systems deployed by websites to detect and block automated traffic using TLS fingerprinting, CAPTCHA challenges, and behavioural analysis.

Extract JA3 Fingerprint data from any website

AlterLab returns clean, structured data from any public URL — no scraper infrastructure needed. Start free, no credit card required.

View API docs
Back to Glossary

Your first scrape.
Sixty seconds.

$1 free balance. No credit card. No SDK.Just a POST request.

terminal
curl -X POST https://api.alterlab.io/v1/scrape \
-H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com", "formats": ["markdown"]}'

No credit card required · Up to 5,000 free scrapes · Balance never expires

    JA3 Fingerprint — Web Scraping Glossary | AlterLab