Guides

Stealth Mode

BrowseFleet includes built-in anti-detection to help your browser sessions pass bot checks. Stealth is enabled at the "full" level by default for all sessions and quick actions.

Stealth Levels

Level	Description	Use Case
`none`	No anti-detection. Standard headless Chrome behavior.	Internal tools, testing environments, sites you control.
`basic`	WebDriver flag masking, basic navigator patches.	Most websites with simple bot detection.
`full`	Complete anti-detection suite via puppeteer-extra-plugin-stealth.	Sites with aggressive bot detection (Cloudflare, DataDome, PerimeterX).

What "full" Stealth Does

WebDriver Masking

Removes navigator.webdriver flag that identifies headless browsers.

Chrome Runtime

Injects window.chrome runtime object that matches real Chrome browsers.

Navigator Patches

Patches navigator properties including plugins, languages, platform, and hardware concurrency to match real user profiles.

WebGL Fingerprint

Spoofs WebGL vendor and renderer strings to avoid fingerprint-based detection.

Iframe Protection

Patches contentWindow properties on iframes to prevent cross-frame detection techniques.

Permission Handling

Overrides Permissions API to return consistent values matching real browsers.

Proxy Support

Combine stealth mode with proxies for maximum anti-detection effectiveness. BrowseFleet supports per-session proxies and a global proxy fallback.

Per-Session Proxy

Pass a proxyUrl when creating a session or making a quick action request. Supports HTTP, HTTPS, and SOCKS5 protocols with optional authentication.

const session = await bf.sessions.create({
  stealth: 'full',
  proxyUrl: 'socks5://user:pass@proxy.example.com:1080',
});

// Quick actions also support proxy
const result = await bf.scrape('https://example.com', {
  proxyUrl: 'http://user:pass@proxy.example.com:8080',
});

Global Proxy

Set a default proxy for all sessions via the PROXY_URL environment variable. Per-session proxies override the global setting.

bash

PROXY_URL=socks5://user:pass@proxy.example.com:1080

Best Practices

Use residential proxies

Datacenter IPs are frequently blocklisted. Residential proxies provide real ISP IP addresses that are much harder to detect.

Set timezone and locale

Match the timezone and locale to the proxy's geographic location. Mismatches are a detection signal.

Use profiles for persistence

Browser profiles maintain cookies and localStorage across sessions, making your browser look like a returning user.

Add natural delays

Use the "wait" action between interactions. Humans don't click instantly after page loads.