%22/><path d=%22M22 11.5c0-2.5-2-4-5-4h-6v3h6c1.2 0 2 .6 2 1.5s-.8 1.5-2 1.5h-3c-3 0-5 1.5-5 4s2 4 5 4h6v-3h-6c-1.2 0-2-.6-2-1.5s.8-1.5 2-1.5h3c3 0 5-1.5 5-4z%22 fill=%22white%22/></svg>)
Guides
Stealth Mode
SessionKit applies anti-detection patches at multiple layers to make automated browsers indistinguishable from real users. Choose from three stealth levels depending on your target.
Stealth Levels
| Level | Description | Use Case |
|---|---|---|
none |
No stealth patches applied | Testing, internal tools |
basic |
Hides common automation signals | Low-security sites |
max |
Full anti-detection suite | Anti-bot protected sites (Cloudflare, DataDome, PerimeterX) |
Tip: Use
maxstealth by default. The performance overhead is negligible (~50ms added to session launch).
What max Stealth Does
When you set stealth: 'max', SessionKit applies:
Navigator Patches
- Removes
navigator.webdriverflag - Spoofs
navigator.plugins(mimics real Chrome plugin list) - Patches
navigator.languagesto match fingerprint locale - Spoofs
navigator.hardwareConcurrencyandnavigator.deviceMemory
WebGL Fingerprint
- Renders unique WebGL canvas hashes per session
- Spoofs GPU vendor and renderer strings
- Randomizes WebGL parameters within realistic bounds
Canvas Fingerprint
- Adds subtle noise to canvas rendering
- Each session produces a unique canvas hash
- Noise is consistent within a session (doesn't change between calls)
Timing Attacks
- Patches
performance.now()to add realistic jitter - Randomizes event timing patterns
- Spoofs
Date.now()precision
Chrome Internals
- Patches
chrome.runtimeto appear as a real extension environment - Spoofs
window.chromeobject structure - Hides DevTools protocol indicators
Configuration
const session = await sk.sessions.create({
stealth: 'max',
fingerprint: {
platform: 'MacIntel',
userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...',
locale: 'en-US',
timezone: 'America/New_York',
viewport: { width: 1920, height: 1080 },
},
})
Verifying Stealth
You can verify your stealth configuration against popular detection tools:
const page = await browser.newPage()
// Test against CreepJS
await page.goto('https://abrahamjuliot.github.io/creepjs/')
await page.waitForTimeout(5000)
const score = await page.$eval('.grade', el => el.textContent)
console.log(`CreepJS trust score: ${score}`)
// Test against BotD
await page.goto('https://fingerprint.com/products/bot-detection/')
Stealth vs. Performance
graph TD
A[stealth: none] -->|+0ms| B[Session Ready]
C[stealth: basic] -->|+20ms| B
D[stealth: max] -->|+50ms| B
The added latency is a one-time cost during session creation. Runtime performance is identical across all stealth levels.