Every time I create a bunch of accounts for some service, be it Google or something smaller, I am constantly paranoid, constantly… And the reason for this paranoia is my distrust of the anti-detect browser as a tool that will actually create 100% isolated personalities for me that look unique in the eyes of a third-party site.
I suggest that at the start we discard all prejudices about the correctness of using anti-detect browsers and turning the Internet into a “dead” one. There are a lot of schemes that may require a large number of profiles, and not all of them are black or even gray, believe me.
The talk now is about what makes me periodically change the anti-detect browser, it happens something like this – I made a bunch of accounts, click – I change the provider (and then work with another one for some time). After a couple of weeks we repeat the scheme. Maybe it’s pure paranoia, or maybe I’m not the only one, who knows.
Earlier I already wrote an article in which I compared several anti-detect browsers, their fundamental differences, similarities, pros and cons. A standard pop rating article, by the way, you can find it in my articles on Habr.
And it would seem that you have understood the issue thoroughly – choose an antidetect browser for parsing, or for arbitration. But no – I continue to change them myself. The shoemaker has no shoes, so to speak.
The reason for this is trivial, as it seems to me, I did not get deep under the hood of antidetect browsers comparing them to convince myself – here is normal, here is not normal. But the gap has already been eliminated in general, I conducted a more thoughtful study of antidetect browsers that I use myself and want to share what I was able to discover.
I won’t be stifling – no scientific work was done, the subject of the study was of course set – anti-detect browser and its ability to disguise itself in the eyes of sites, but the stages according to all scientific canons were naturally screwed up.
How to check that the antidetect browser really creates a unique isolated profile and is not detected?
Given: six anti-detect browsers for arbitration, parsing and everything else, four of which I periodically use for my needs, I even take paid tariffs ( Octo Browser , Undetectable , Dolphin , Gologin ), and for the purity of the experiment I took two more, which I did not have to intersect with ( Ads Power and Sphere ).
Fingerprint checking services: PixelScan, CreepJS, Browserleaks, Whoer.
The calculation method itself:
In each antidetect browser, one profile was created with the same proxy, and approximately the same browser fingerprints. In this situation, the fingerprints are not as important as the proxy, since we simply compare them for compliance with what the antidetect created and what the service saw.
Each profile is run through several tests, including:
- loading speed from the moment of launch until the moment the browser is fully loaded;
- User Agent matches what is declared in the browser and what is determined by the service through which we take measurements;
- rendering of various browser parameters and how the testing site sees them (canvas, fonts, etc.).
I ran all iterations three times. One profile was launched three times to check the speed, each profile was checked three times in the specified services, and then I derived the average figure for each.
Tests, tests, tests – we compare anti-detect browsers in an attempt to find the best in matters of masking
Now step by step, what tests were carried out and what was measured:
Profile loading speed – which anti-detect browser is the fastest?
First of all, I ran each profile under a stopwatch three times and calculated the arithmetic mean. Not the most informative test, I agree, but you have to start somewhere.
Overall, Dolphin came out on top in terms of speed, followed by Gologin, Ads Power, Sphere, Octo, and Undetectable rounded out the top six. Launch speed has nothing to do with the ability to hide fingerprints, but on large volumes it can be of no small importance, especially when working through API.
All the numbers are in the table below, if you can’t stand it, you can scroll down a little and get acquainted.
IP Check (Browserleaks / IP-Leak test) – which anti-detection browser masks proxy usage better?
After measuring the speed, we move on to real checks – first of all, a basic check: make sure that the anti-detect browser really masks your IP through a proxy. To do this, go to Browserleaks.com/ip and see what IP the site sees – real or proxy. As expected, all anti-detect browsers successfully showed the IP of the proxy I used (the real IP was not directly revealed anywhere). Modern anti-detect browsers cope with this at a basic level through proxy settings, there were no surprises here. However, this is only the tip of the iceberg.
It is worth noting that in addition to the external IP, there may be leaks via other channels – for example, via DNS requests or WebRTC. A good anti-detect browser should be able to prevent such leaks as well. DNS was not tested separately in this test, but WebRTC is below.
WebRTC Check (Browserleaks WebRTC) – which anti-detect browser and how does it reveal your real IP?
WebRTC is a technology for exchanging media streams, which in the browser can unintentionally give away your local IP address. Even behind a proxy or VPN, WebRTC that is not disabled can show a site your real IP in the local network via a STUN request, bypassing the proxy. This is a well-known privacy gap: many VPN services and anti-detect solutions either disable WebRTC (although this is also not a good solution, since disabled WebRTC itself can become a signal for anti-bot systems), or assure that they will pass its traffic through a proxy. I checked WebRTC leaks on the page browserleaks.com/webrtc for each of the anti-detect browsers.
Of the six antiquities, only Dolphin Anty leaked. The test showed the local IP address of the machine. In the final assessment, I gave Dolphin a serious penalty for this blunder.
The remaining browsers Octo Browser, GoLogin and Undetectable, Ads Power, Sphere — successfully hid WebRTC. In their profiles, the local IP was not detected at all. These five made sure that WebRTC did not “break through” our coverage. This is an important point: if the anti-detect browser does not stop the WebRTC leak, your real IP may surface (an immediate red flag for any anti-bot system). In our case, Dolphin showed such a flag, the others did not.
Checking User-Agent and Headers – Which Anti-Detect Browser Masks User Agent Better and Doesn’t Fall Apart on Little Things?
The next point is User-Agent compliance. Here I compared what the browser itself declares in the profile settings and what the site ultimately sees. All test services (Browserleaks, Whoer, PixelScan) display the User-Agent string that the server received. Ideally, it should exactly match what is generated in the profile. If the browser suddenly gets caught and sends something else, it is a failure.
In all six cases, the line with the main User-Agent matched the one declared in the profile. The profiles were configured as Chrome on Windows, and the sites saw exactly this UA. But the check does not end there. The fact is that modern browsers also use Client Hints (Sec-CH-UA headers), transmitting information about the browser version and platform in separate hidden fields. If the anti-detect browser is imperfect, there may be a discrepancy between the usual UA and the Client Hints data – and this is exactly the sign of “deception” for detectors.
Also, all browsers correctly synchronized all browser information, including the OS version. Here’s an example: I had the OS version 11 on all profiles, and the checker in the Platform Version column displayed 15, and in some cases 19. However, this is acceptable for Windows 11, so there are no problems. In practice, OS inconsistency is an immediate red flag for anti-bot systems that check headers. An anti-detect browser must replace not only User-Agent, but also all related fields (User-Agent Client Hints), otherwise the masking is incomplete.
CreepJS — Stealth Test (Fingerprinting Analysis) — Looking for the Best Anti-Detect Browser via an Automated Service
The most interesting and complex test is CreepJS. This is a special site/script that conducts a deep analysis of the browser fingerprint of each anti-detect browser. It checks hundreds of parameters: Canvas, WebGL, audio, fonts, screen sizes, JavaScript object behavior, new APIs – and looks for any inconsistencies or deliberate deception in attempts to disguise. Simply put, CreepJS shows how honest and logical our profile is as a regular browser, or whether it contains anomalies that reveal a substitution.
CreepJS produces its own trust score and detailed reports, but for comparison I counted the number of anomalies (“penalty points”) — how many discrepancies were detected.
CreepJS results: on average, over three profile runs, Octo Browser and Dolphin showed the fewest anomalies — about 2 inconsistencies per profile. But GoLogin, Ads Power, Sphere, and Undetectable — about 3 anomalies. The difference seems small, but significant: 50% more suspicious moments. Now to the details:
CreepJS points out inconsistencies between related parameters – mismatch between GPU vendor and renderer, incorrect ratio between Device Memory and number of CPU cores, abnormal object prototypes, etc. If the anti-detect browser randomizes the fingerprint inaccurately, such things will creep out.
Octo and Dolphin are more consistent in producing a related fingerprint (their parameter combinations looked more plausible). For example, Dolphin does not replace some things at all – ironically, but the absence of substitution can result in a smaller spread of values and fewer “obvious” conflicts. Octo takes fingerprints of real devices and makes edits at the browser kernel level, which should ensure the maximum plausibility of the profile. Anti-detect browsers GoLogin and Undetectable, Ads Power and Sphere, apparently failed somewhere: perhaps incorrect spoofing of the GPU or audio led to unnecessary anomalies (for example, in my CreepJS logs for GoLogin, a suspicious moment with a video card mismatch flashed). Nevertheless, 2-3 anomalies are a pretty good result in absolute numbers. For reference: a regular clean browser without substitutions can also get a certain “anti-rating” of trust (CreepJS does not consider everything critical, and real users will not be banned only because of a low percentage of trust). However, we are interested in the relative differences between anti-detects. Here Octo and Dolphin are slightly ahead.
Also, all anti-detect browsers received errors for such a parameter as Function.toString Proxy.
CreepJS detects interception of Function.prototype.toString. In my run there were 21 exceptions and +40% degradation. I will not chew over this parameter, I will simply count it as a penalty, especially since all the antiquities without exception got it and for this reason it does not affect the overall picture and distribution of points.
PixelScan – Counting “Red Flags” – Which Anti-Detect Browser Is the Best According to PixelScan?
Another service that I used in comparing anti-detect browsers is Pixelscan.net . It comprehensively analyzes the browser by many parameters and simply highlights red flags where it sees a discrepancy or anomaly. Pixelscan also gives its integral anonymity score. It looks at whether your fingerprint is unique, whether there are any obvious non-standard signs, compares geo-IP and time zone, system language and Accept-Language, etc. If something is very out of place (for example, the IP points to the USA, but the time zone is Moscow, or the desktop profile suddenly has 100% battery level) – all this will be counted as an anomaly.
PixelScan results: surprisingly, PixelScan showed 0 red flags for almost all participating anti-detect browsers. That is, based on the totality of parameters, neither Octo, nor GoLogin, nor Undetectable, nor the other anti-detection browsers looked clearly suspicious for this service. Probably, the profiles were fairly well balanced by default: IP and time zone matched, there were no obvious blunders like the absence of WebGL or Flash (which is immediately visible). Oddly enough, even Dolphin Anty, which missed WebRTC, did not receive an automatic red flag on PixelScan. Apparently, PixelScan either does not consider the presence of a local IP in WebRTC to be an instant flag, or considers a combination of factors.
However, this does not mean that there were no differences at all. PixelScan clearly showed the presence of a local IP for Dolphin. In general, if a single profile does not have gross discrepancies, PixelScan gives the green light. Our out-of-the-box anti-detections tried to set consistent parameters (the same Octo automatically substitutes the time zone for the proxy, etc., like many others). This explains the lack of red flags. Nevertheless, PixelScan is valuable because in more complex scenarios it immediately highlights problem areas: for example, the system language does not match the browser language or IP, the time zone does not match the IP geolocation, WebRTC gives out unnecessary information, etc.
Collection and analysis of results – we summarize and identify the best anti-detection browser based on the results of technical measurements
As I tested, I compiled all the data into a single table and assigned penalty points for each problem. Here is a generalized comparison table of six anti-detect browsers based on what I consider to be the most important masking criteria:
| Browser | CreepJS (mean anomalies) | WebRTC leak | IP ≠ Proxy | Start, sec (avg.) | UA/CH mismatch | The final “score” |
| Octo Browser | 2 anomalies (-4 points) | no (0) | no (0) | ~4.9 s (-4.93) | no (0) | -8.93 |
| GoLogin (Orbita) | 3 anomalies (-6 points) | no (0) | no (0) | ~4.3 s (-4.27) | no (0) | -10.27 |
| Dolphin{anty} | 2 anomalies (-4 points) | yes (-3) | yes (-3) | ~2.6 s (-2.57) | no (0) | -12.57 |
| Undetectable | 3 anomalies (-6 points) | no (0) | no (0) | ~5.3 s (-5.30) | no (0) | -11.30 |
| AdsPower | 3 anomalies (-6) | no, but it completely muffles (-2) | no (0) | ~4.5 s (-4.5) | no (0) | -12.50 |
| Sphere | 3 anomalies (-6 points) | no (but partial -1) | no (0) | ~4.5 s (−4.5) | no (0) | -11.5 |
Explanations of the parameters:
- CreepJS (anomalies): how many inconsistencies CreepJS found on average. Octo and Dolphin have ~2, GoLogin and Undetectable, Sphere and Ads Power have ~3. I assigned a conditional -2 points for each anomaly.
- WebRTC leak: whether the real IP was leaked via WebRTC. Only Dolphin received a penalty (-3) for the local IP detected. The rest – 0 (no leaks).
- IP ≠ Proxy: whether the site saw our real IP somewhere instead of a proxy (for example, via WebRTC or another method). In fact, it duplicates the previous indicator – also a penalty for Dolphin (-3), for the others there is none.
- Start, seconds: this is the time it takes to launch a profile until the browser is fully loaded (subjectively measured). Slow start is a minus for convenience. Here Dolphin suddenly turned out to be the lightest and fastest (~3 seconds to start), so it has the smallest “penalty” (-2.57), and the slowest is Undetectable (~5-6 seconds, -5.30). Octo, Ads Power and GoLogin and Sphere are around 4-5 seconds.
- UA/CH mismatch: whether the User-Agent (Sec-CH-UA) was out of sync. All browsers have 0 (perfect consistency).
Summing up these indicators, we get a conditional score. In this table, we go by contradiction — a smaller (more negative) value means worse disguise. Octo Browser turned out to be the leader with the smallest amount of fines (≈ -8.9). It had no IP punctures, a minimum of anomalies, an updated engine. In second place with a slight lag is GoLogin (10.27), then Sphere (-11.50), followed by Dolphin Anty (12.57), Undetectable (-11.3): Dolphin was saved by excellent UA consistency and minimal anomalies, but WebRTC and proxy settings let it down. Ads Power comes in last (12.50) — it has the combination of the largest number of anomalies.
Let me emphasize that this comparison is about the technical side of disguise, and not about convenience or functionality in general. A general analysis of anti-detect browsers is in my profile.
In my opinion, Dolphin Anty is attractive in many ways — it has a free plan for 10 profiles, a user-friendly interface, and is very popular among beginners (it was created “by arbitrageurs for arbitrageurs”). However, technically, some nuances are not in its favor: Dolphin cannot replace some subtle points (fonts, audio, Canvas font API, DNS), which can be a problem. Undetectable, on the contrary, has an advanced engine and even an action generator for warming up profiles, but for some reason it performed worse than expected in automatic tests. Perhaps, aggressive randomization has an effect (for example, excess noise in Canvas/WebGL): sometimes a too “noisy” fingerprint itself looks suspicious for algorithms expecting a more plausible picture. Octo Browser found a balance — its profiles are as close as possible to real connected configurations (it is not for nothing that the anti-theft uses fingerprints of real devices). In addition, Octo updates the Chromium core very quickly – in my test it already had a virtual “Chrome 139”, while, for example, GoLogin worked on the Orbita fork with the “Chrome 138” base, as did Ads Power – which is not a good indicator. Keeping your finger on the pulse in the version issue is important: an outdated engine is also a red flag for sites (hello to those who have not updated the browser for years).
As for Sphere and Ads Power, I am not familiar with these browsers at all, but in appearance Sphere seemed more attractive to me than Ads Power, purely subjective opinion.
Final rating and conclusions – antidetect browser that could!
1. Octo Browser — the winner of the anti-detect browser comparison. Octo has proven itself excellent in terms of technical aspects: minimal fingerprint anomalies, no leaks, up-to-date engine. Its profiles passed the main checks right away (PixelScan, Whoer, etc. also did not reveal any problems). Octo can confidently be called one of the most advanced anti-detect browsers of the new generation. If the quality of masking is critical, Octo is #1 among the anti-detect browsers participating in the comparison.
2. GoLogin (Orbita) — a confident second place. Technically, it lost a little due to a couple of extra inconsistencies in the fingerprint. Interestingly, GoLogin uses its own fork of Chromium called Orbita — perhaps some spoofing aspects have not been worked out there. Nevertheless, based on the sum of factors, GoLogin took second place. With careful configuration (don’t forget to set the time zone for the proxy, disable unnecessary things) it shows itself well.
3. Sphere – solid result. No CH mismatch, IP is stable, CreepJS detected 3 anomalies, but no fatal bugs. WebRTC is partially noisy, which gives a small penalty, but overall the profile looks natural. Suitable for arbitration and parsing, if you need a balance between masking and stability.
4. Dolphin{anty} — contrary to my expectations, 4th place in the final score (slightly worse because of WebRTC). Its main advantage is zero UA mismatch and overall fingerprint integrity (apparently due to the fact that Dolphin does not get into the most difficult places). Dolphin also showed the highest operating speed — profiles open noticeably faster than competitors. For mass operations, this is a plus. However, I repeat, Dolphin lets through WebRTC leaks out of the box — and this is a big minus for me, I would definitely not use it for serious tasks. Well, it turns out that this anti-detect browser is not quite suitable for complete beginners, the user must remember and understand what WebRTC is, be able to turn it off (what?) — this is a little alarming. Plus, incomplete masking of some parameters (fonts, audio, etc.) can play a cruel joke on advanced anti-fraud systems, although Dolphin passes basic checks.
5. Undetectable is a solid mid-range tool, but with a number of controversial points. In my tests, Undetectable scored the most “penalties”: it has more anomalies (CreepJS complained about several points) and the worst startup lags. Perhaps this was due to the fact that Undetectable, like Octo, actively makes noise in its fingerprint (it had a very low trust score on CreepJS, although BrowserScan showed 100% authenticity). All things being equal, Undetectable lost to Octo in small things. However, you can’t call it bad – it also didn’t make any obvious fatal mistakes (IP didn’t leak, no PixelScan flags). Its competitors just turned out to be a little more polished.
6. Ads Power is the outsider of this test. Technically, it is in 6th place (it has fewer critical anomalies). PixelScan and Browserleaks did not show any fatal problems, the IP was correctly masked, WebRTC is jammed (there are no leaks, but the very “absence of WebRTC” may arouse suspicion in anti-bot systems). The main complaint is the identified headless pattern (CreepJS noted the similarity with the headless mode of Chromium). Canvas also showed a duplicate hash, some fonts did not load, which gave additional penalties. For tasks where scalability and simplicity are important, AdsPower may be interesting.
Automate browser fingerprint checking in antidetect browser with a script
Initially, I had a great (to my taste) idea – to run all anti-detect browsers with a script through the described checks and make measurements more quickly. But the fact that I only had access to one API of the Octo Browser anti-detect browser forced me to equalize all the anti-detects with each other and make manual measurements. Well, I still made the script and will still post it here, maybe it will be useful to someone.
It is clear that doing the checks I described above manually on a hundred browsers is so-so, right? But if this matter is automated, it becomes more interesting.
What does the script do? It carries out all the checks that I did manually in automatic mode, compares the received data and builds a simple table – I will show an example of the table below, but I will immediately stipulate that the data received by the script was not used for the general calculation.
That is, it accesses the anti-detect browser via API, receives information from it about the number of browsers and launches them one by one and compares the parameters, but without human intervention.
How can this script be useful, and most importantly for whom?
The script is useful for those who work with dozens/hundreds of profiles: arbitrageurs, parsers, QA teams. It is a kind of quick checklist for WebRTC leaks, CH consistency, basic FP signals and integral PixelScan/CreepJS flags.
I ran the script several times, for example, here are the results it records in the table. I also indicated what the algorithm gives penalty points for, you can fine-tune it for yourself if you wish. Increase delays, add some additional checks that are important in your opinion.
| Profile | Start (sec) | IP | WebRTC leak | CH | Canvas | WebGL | PixelScan | CreepJS | Final score | Fines |
| 1 | 3.87 | 187.44.231.21 | No | CH is missing | 26d8ef50 (double) | empty | — | — | 75 | −5 CH absent, −5 PixelScan missing, −5 CreepJS missing, −2 FTS, −5 WebGL missing, −3 Canvas duplicate |
| 2 | 2.43 | 187.44.231.21 | No | CH is missing | 26d8ef50 (double) | empty | — | — | 75 | −5 CH absent, −5 PixelScan missing, −5 CreepJS missing, −2 FTS, −5 WebGL missing, −3 Canvas duplicate |
| 3 | 5.55 | 187.44.231.21 | No | CH is missing | 26d8ef50 (double) | empty | — | — | 75 | −5 CH absent, −5 PixelScan missing, −5 CreepJS missing, −2 FTS, −5 WebGL missing, −3 Canvas duplicate |
The script itself is located on GitHub — Octo Browser Audit .
The entire script contains more than 600 lines, so I decided it would be better to create a separate repository for it.
In conclusion, I want to say: there is no ideal anti-detect browser, they all require proper configuration and responsible use. My testing revealed the nuances of disguise: WebRTC is forgotten somewhere, somewhere the Chrome version is “too new”, which in itself may look strange. Octo Browser proved to be the most balanced and reliable for disguise – today I would put it in first place. Undetectable surprised not from the best side, but it is almost on par with the market leaders. Dolphin Anty is not bad for a free solution, but do not forget to manually jam WebRTC and take into account the possible costs of simplified disguise. GoLogin is a confident middling (and for some, a favorite) with a convenient cloud service and a decent degree of invisibility. Sphere confidently took second place, without critical bugs, with minimal discrepancies in UA. AdsPower — proved to be average: no leaks, but with a headless pattern and less accurate with Canvas/Fonts.
The main advice is to test your profiles. Don’t be lazy to visit services like Browserleaks, PixelScan, CreepJS, Whoer from time to time. These tools will help you understand where your environment looks suspicious. By fixing these points, you will reduce the chance of getting a ban. Remember that the anti-detect browser is not a magic shield, but just a tool: its effectiveness depends on how you use it.
