GlossaryAnti-BotAdvanced

JA3 Fingerprint

A JA3 fingerprint is a hash that identifies a client based on how it sets up an encrypted TLS connection. Servers use it to recognize and block automated tools even when IP addresses change.

Last updated June 8, 2026

Definition

A JA3 fingerprint is a compact hash (MD5) generated from specific fields in the TLS ClientHello packet that a client sends when starting an HTTPS connection. Because different libraries, browsers, and tools negotiate TLS in slightly different ways, the resulting fingerprint acts as a signature for the software making the request.

How JA3 Works

When a client connects, it advertises a list of supported cipher suites, TLS extensions, elliptic curves, and curve formats. JA3 concatenates these values in order and hashes them. Two requests from the same tool produce an identical hash, even across different IP addresses or proxies.

  • Library-specific: Python requests, curl, and Chrome each have distinct JA3 hashes.
  • IP-independent: Rotating proxies do not change the JA3 value.
  • Server-side: Detection happens before any HTTP headers are read.

Why It Matters for Scraping

Anti-bot systems maintain blocklists of JA3 hashes associated with known automation tools. A scraper using a flawless residential proxy can still be blocked if its TLS stack reveals a non-browser fingerprint. Bypassing this requires tools that mimic real browser TLS handshakes, such as curl-impersonate or browser-based clients.

Examples

1

A Python requests scraper producing a JA3 hash flagged as a known bot signature

2

curl-impersonate replicating Chrome's exact JA3 hash to evade detection

3

Cloudflare matching an incoming JA3 against its database of automation tools

Common Use Cases

Detecting automated scrapers regardless of IP rotation
Fingerprinting clients before HTTP-layer inspection
Building allowlists of trusted browser TLS signatures
Identifying malware command-and-control traffic by TLS signature

Frequently Asked Questions

No. JA3 is derived from the TLS handshake of your client software, not your IP address. Rotating proxies leaves the fingerprint unchanged, which is why TLS-level mimicry is needed.
By using tools that replicate a real browser's TLS handshake, such as curl-impersonate, tls-client, or full browser automation, so the JA3 hash matches a legitimate browser.

Keep Learning

All terms

Residential Proxy

A residential proxy routes your traffic through a real device with an IP assigned by an Internet Service Provider, so requests appear to come from a genuine home user rather than a server.

Read definition

Web Scraping

Web scraping is the automated extraction of data from websites — fetching pages programmatically and parsing their content into structured data.

Read definition

Browser Fingerprinting

Browser fingerprinting identifies and tracks a device by combining dozens of browser and system attributes — like fonts, canvas rendering and user agent — into a near-unique signature.

Read definition

SSL/TLS

SSL/TLS is the encryption protocol that secures data in transit on the web — the 'S' in HTTPS — protecting it from eavesdropping and tampering.

Read definition
Back to Glossary