A TLS (Transport Layer Security) fingerprint is derived from the parameters a client sends during the initial HTTPS handshake. These parameters — the list of supported cipher suites, TLS extensions, elliptic curve groups, compression methods, and their ordering — differ between HTTP clients in ways that are highly consistent and hard to spoof without controlling the TLS stack.
Python's `requests` library, curl, Node.js's `http` module, Java's `HttpClient`, and Chromium all produce distinctly different TLS fingerprints. Anti-bot systems from Akamai, PerimeterX, and DataDome classify clients at the TLS layer — before any HTTP request is even parsed — based on the fingerprint match against known browser profiles. A Python requests TLS fingerprint is immediately identified as non-browser.
JA3 (Cipher suite + extensions) and JA4+ are the most widely used fingerprinting standards. AlterLab's Tier 2 and above use a Chromium-compatible TLS stack that produces fingerprints matching real Chrome browsers, allowing requests to pass network-layer classification even without running a full headless browser.